Privacy Policy
Last updated: 10 July 2026 · Effective: 10 July 2026
Munafa (“Munafa”, “we”, “us”, “our”) operates getmunafa.com and
the Munafa profit-analytics application for Shopify merchants (the “Service”). This Privacy Policy
explains what data we process, why, and the rights available to you.
The most important thing to know: Munafa does not collect your customers’ personal data.
We read your orders to calculate profit, but we do not store customer names, email addresses, phone
numbers or shipping addresses.
1. Who we are and how to reach us
2. Data we collect
We collect only what is required to compute your profit.
- Merchant account data. Your Shopify store domain, and the name, email address and
locale of the Shopify user who installs the app. This is provided by Shopify when you authorise the app.
- Store and order data (from Shopify). Order identifiers and order numbers, order
dates, currency, payment method (COD or prepaid), payment gateway, financial and fulfilment status,
order totals, discounts, taxes, shipping charged and refunds; and order line items (product and variant
identifiers, SKU, title, quantity, unit price, and cost per item).
- Connected platform data you authorise. Shipping and return-to-origin (RTO) status
and courier charges (e.g. Shiprocket); COD risk scores (e.g. GoKwik); payment processing fees
(e.g. Razorpay, Cashfree); and advertising spend (Meta, Google).
- Integration credentials. API keys, access tokens and, where a provider offers no
OAuth flow, the username and password you supply. These are encrypted at rest (see Security).
- Configuration you enter. Cost of goods, shipping and packaging rates, transaction
and COD fees, GST rate, and custom operating costs.
- Device tokens for push notifications, if you enable them.
- Billing records. A count of orders synced per billing cycle, used to meter usage
charges through Shopify Billing.
- Operational logs and audit records (e.g. configuration changes, errors, IP address
and timestamps) used to run and secure the Service.
3. Data we do NOT collect
- Your customers’ personal data — no names, email addresses, phone numbers, or
billing/shipping addresses are stored by Munafa.
- Payment card data. We never see or store card numbers. Billing is handled entirely
by Shopify.
- We do not use your data to build advertising profiles, and we do not sell your data.
4. How we use your data
- To calculate and display your net profit, margins, COGS, shipping, RTO loss, fees, GST and ROAS.
- To synchronise and reconcile figures across the platforms you connect.
- To meter and charge usage fees through Shopify Billing.
- To provide support, prevent abuse, secure the Service, and comply with law.
- To send service messages and, where you have opted in, profit notifications.
5. Legal bases for processing
Where Indian law applies, we process personal data on the basis of your consent and for the legitimate
uses permitted by the Digital Personal Data Protection Act, 2023. Where the GDPR applies, we rely on
performance of a contract (Art. 6(1)(b)), our legitimate interests in operating and securing the Service
(Art. 6(1)(f)), and consent where required (Art. 6(1)(a)).
6. Advertising platform data (Meta and Google)
If you connect an advertising account, we access advertising metrics — principally spend by
channel, campaign and date — solely to calculate your advertising cost, ROAS and net profit, and to show
them to you inside the Service.
- Google: Munafa’s use and transfer of information received from Google APIs adheres
to the Google
API Services User Data Policy, including its Limited Use requirements. We do not use
Google user data to serve advertising, we do not transfer it except as necessary to provide the Service
or as required by law, and we do not allow humans to read it except with your consent, for security
purposes, to comply with law, or where the data is aggregated and anonymised.
- Meta: We process Meta advertising data in accordance with the Meta Platform Terms
and Developer Policies. We use it only to compute and display your profit metrics; we do not sell it,
transfer it to data brokers, or use it for advertising targeting.
- You may disconnect any advertising account at any time from within the app, which revokes our access
and deletes the stored tokens.
7. Sharing and sub-processors
We do not sell your data or share it for advertising. We share data only:
- with the platforms you explicitly connect, to operate that integration;
- with infrastructure providers who process data on our behalf under confidentiality and
data-protection obligations — currently our hosting provider (virtual server infrastructure) and
Shopify (authentication, billing and store data);
- where required by law, or to establish, exercise or defend legal claims.
8. Security
- All traffic is served over TLS (HTTPS).
- Integration credentials and access tokens are encrypted at rest using AES-256-GCM.
- Incoming Shopify webhooks are authenticated by HMAC signature verification; unsigned requests are rejected.
- Access to production systems is restricted and key-based.
No system is perfectly secure. If we become aware of a personal-data breach affecting you, we will
notify you and the competent authority as required by applicable law.
9. Retention and deletion
- We retain store and order data for as long as the app is installed, because your historical profit is
computed from it.
- Uninstalling the app triggers Shopify’s
app/uninstalled webhook; we stop
processing and mark the store inactive.
- We implement Shopify’s mandatory compliance webhooks:
shop/redact (we delete the store’s
data), customers/redact and customers/data_request. Because we do not store
customer personal data, a customer redaction or data request returns no personal data.
- Billing and audit records may be retained for as long as required for tax, accounting and
legal-compliance purposes.
10. How to request deletion of your data
You can request deletion at any time by either:
- uninstalling Munafa from your Shopify admin (Shopify then instructs us to erase the store’s data); or
- emailing privacy@getmunafa.com from the email address
associated with the store. We will verify your request and erase the data within 30 days, except where we
are legally required to retain it.
11. Your rights
Subject to applicable law, you may request access to, correction of, or erasure of your personal data;
withdraw consent; and complain to a supervisory authority. Indian users may nominate another person to
exercise these rights in the event of death or incapacity, and may raise concerns with our Grievance Officer
at grievance@getmunafa.com. We aim to respond within 30 days.
12. Cookies
The application uses strictly necessary cookies to keep you signed in and to secure your session. We do
not use advertising or cross-site tracking cookies.
13. International transfers
Our servers may be located outside India. Where personal data is transferred internationally, we rely on
appropriate safeguards permitted under applicable law.
14. Children
The Service is intended for businesses. It is not directed at children and we do not knowingly collect
data from anyone under 18.
15. Changes to this policy
We may update this policy. Material changes will be notified in the app or by email, and the “Last
updated” date above will change.
16. Contact
Privacy: privacy@getmunafa.com
Grievance Officer: grievance@getmunafa.com
Munafa, India.