Munafa
Features Pricing Contact
Get Early Access

Privacy Policy

Last updated: 10 July 2026 · Effective: 10 July 2026

Munafa (“Munafa”, “we”, “us”, “our”) operates getmunafa.com and the Munafa profit-analytics application for Shopify merchants (the “Service”). This Privacy Policy explains what data we process, why, and the rights available to you.

The most important thing to know: Munafa does not collect your customers’ personal data. We read your orders to calculate profit, but we do not store customer names, email addresses, phone numbers or shipping addresses.

1. Who we are and how to reach us

  • Operator: Munafa (sole proprietorship), India.
  • Privacy contact: privacy@getmunafa.com
  • Support: support@getmunafa.com
  • Grievance Officer (Digital Personal Data Protection Act, 2023): grievance@getmunafa.com

2. Data we collect

We collect only what is required to compute your profit.

  • Merchant account data. Your Shopify store domain, and the name, email address and locale of the Shopify user who installs the app. This is provided by Shopify when you authorise the app.
  • Store and order data (from Shopify). Order identifiers and order numbers, order dates, currency, payment method (COD or prepaid), payment gateway, financial and fulfilment status, order totals, discounts, taxes, shipping charged and refunds; and order line items (product and variant identifiers, SKU, title, quantity, unit price, and cost per item).
  • Connected platform data you authorise. Shipping and return-to-origin (RTO) status and courier charges (e.g. Shiprocket); COD risk scores (e.g. GoKwik); payment processing fees (e.g. Razorpay, Cashfree); and advertising spend (Meta, Google).
  • Integration credentials. API keys, access tokens and, where a provider offers no OAuth flow, the username and password you supply. These are encrypted at rest (see Security).
  • Configuration you enter. Cost of goods, shipping and packaging rates, transaction and COD fees, GST rate, and custom operating costs.
  • Device tokens for push notifications, if you enable them.
  • Billing records. A count of orders synced per billing cycle, used to meter usage charges through Shopify Billing.
  • Operational logs and audit records (e.g. configuration changes, errors, IP address and timestamps) used to run and secure the Service.

3. Data we do NOT collect

  • Your customers’ personal data — no names, email addresses, phone numbers, or billing/shipping addresses are stored by Munafa.
  • Payment card data. We never see or store card numbers. Billing is handled entirely by Shopify.
  • We do not use your data to build advertising profiles, and we do not sell your data.

4. How we use your data

  • To calculate and display your net profit, margins, COGS, shipping, RTO loss, fees, GST and ROAS.
  • To synchronise and reconcile figures across the platforms you connect.
  • To meter and charge usage fees through Shopify Billing.
  • To provide support, prevent abuse, secure the Service, and comply with law.
  • To send service messages and, where you have opted in, profit notifications.

5. Legal bases for processing

Where Indian law applies, we process personal data on the basis of your consent and for the legitimate uses permitted by the Digital Personal Data Protection Act, 2023. Where the GDPR applies, we rely on performance of a contract (Art. 6(1)(b)), our legitimate interests in operating and securing the Service (Art. 6(1)(f)), and consent where required (Art. 6(1)(a)).

6. Advertising platform data (Meta and Google)

If you connect an advertising account, we access advertising metrics — principally spend by channel, campaign and date — solely to calculate your advertising cost, ROAS and net profit, and to show them to you inside the Service.

  • Google: Munafa’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. We do not use Google user data to serve advertising, we do not transfer it except as necessary to provide the Service or as required by law, and we do not allow humans to read it except with your consent, for security purposes, to comply with law, or where the data is aggregated and anonymised.
  • Meta: We process Meta advertising data in accordance with the Meta Platform Terms and Developer Policies. We use it only to compute and display your profit metrics; we do not sell it, transfer it to data brokers, or use it for advertising targeting.
  • You may disconnect any advertising account at any time from within the app, which revokes our access and deletes the stored tokens.

7. Sharing and sub-processors

We do not sell your data or share it for advertising. We share data only:

  • with the platforms you explicitly connect, to operate that integration;
  • with infrastructure providers who process data on our behalf under confidentiality and data-protection obligations — currently our hosting provider (virtual server infrastructure) and Shopify (authentication, billing and store data);
  • where required by law, or to establish, exercise or defend legal claims.

8. Security

  • All traffic is served over TLS (HTTPS).
  • Integration credentials and access tokens are encrypted at rest using AES-256-GCM.
  • Incoming Shopify webhooks are authenticated by HMAC signature verification; unsigned requests are rejected.
  • Access to production systems is restricted and key-based.

No system is perfectly secure. If we become aware of a personal-data breach affecting you, we will notify you and the competent authority as required by applicable law.

9. Retention and deletion

  • We retain store and order data for as long as the app is installed, because your historical profit is computed from it.
  • Uninstalling the app triggers Shopify’s app/uninstalled webhook; we stop processing and mark the store inactive.
  • We implement Shopify’s mandatory compliance webhooks: shop/redact (we delete the store’s data), customers/redact and customers/data_request. Because we do not store customer personal data, a customer redaction or data request returns no personal data.
  • Billing and audit records may be retained for as long as required for tax, accounting and legal-compliance purposes.

10. How to request deletion of your data

You can request deletion at any time by either:

  • uninstalling Munafa from your Shopify admin (Shopify then instructs us to erase the store’s data); or
  • emailing privacy@getmunafa.com from the email address associated with the store. We will verify your request and erase the data within 30 days, except where we are legally required to retain it.

11. Your rights

Subject to applicable law, you may request access to, correction of, or erasure of your personal data; withdraw consent; and complain to a supervisory authority. Indian users may nominate another person to exercise these rights in the event of death or incapacity, and may raise concerns with our Grievance Officer at grievance@getmunafa.com. We aim to respond within 30 days.

12. Cookies

The application uses strictly necessary cookies to keep you signed in and to secure your session. We do not use advertising or cross-site tracking cookies.

13. International transfers

Our servers may be located outside India. Where personal data is transferred internationally, we rely on appropriate safeguards permitted under applicable law.

14. Children

The Service is intended for businesses. It is not directed at children and we do not knowingly collect data from anyone under 18.

15. Changes to this policy

We may update this policy. Material changes will be notified in the app or by email, and the “Last updated” date above will change.

16. Contact

Privacy: privacy@getmunafa.com
Grievance Officer: grievance@getmunafa.com
Munafa, India.

© 2026 Munafa. Home · Terms