Privacy & Data Protection Policy

BD Wallet ("the App") automates the manual process of collecting payments for Shopify merchants through bKash and Nagad mobile wallet. Without this app, Bangladeshi merchants must manually contact each customer after an order, collect payment confirmations, and update order statuses by hand. BD Wallet eliminates this entirely — detecting orders automatically, generating secure payment links, delivering them to customers, and marking orders as paid once payment is confirmed.

We protect your data to bank-grade standards. This policy explains what data we collect, why we collect it, how it's stored, and your rights regarding that data.

From Merchants (You)

• Shopify store information: Shop domain, access token (provided via Shopify OAuth), store name
• Payment gateway credentials: bKash API keys (App Key, App Secret, Username, Password) and/or Nagad credentials (Merchant ID, Merchant Number, Private Key, PG Public Key)
• Transaction records: Order IDs, payment amounts, transaction statuses, timestamps
• Subscription data: Plan details, billing history, invoices

From Customers (Your Buyers)

• Order information: Order ID, amount, customer name (as provided by Shopify)
• Contact information: Phone number and/or email address (for sending payment links)
• Payment status: Whether the payment was completed, pending, or failed

We do NOT collect or store customers' bKash/Nagad account numbers, PINs, or any financial account details. Payment authorization happens entirely on bKash/Nagad's own secure pages.

Your payment gateway credentials are the keys to your bKash/Nagad merchant accounts, and we treat them with the highest level of care.

Encryption Standard: AES-256-GCM

• Algorithm: AES-256 (Advanced Encryption Standard with 256-bit key)
• Mode: GCM (Galois/Counter Mode) — provides both encryption and authentication
• Key derivation: scrypt-based key derivation from a master encryption key
• Unique IV: Every encryption operation uses a cryptographically random 16-byte initialization vector
• Tamper detection: GCM authentication tags ensure encrypted data hasn't been modified

Credential Lifecycle

1. Submission: You enter credentials via our secure settings page (served over HTTPS within Shopify's embedded app)
2. Immediate encryption: Credentials are encrypted in server memory before being written to the database — plain text never touches disk
3. Storage: Only the encrypted ciphertext is stored in our PostgreSQL database
4. Retrieval: Credentials are decrypted only when needed to process a payment, in server memory only
5. Display: When shown in settings, only masked versions appear (e.g., ****7890)
6. Deletion: When you remove or update credentials, the old encrypted data is permanently overwritten

What We Never Do

• Never store credentials in plain text — not in database, logs, caches, or files
• Never log credential values in application logs
• Never transmit credentials to any third party (only directly to bKash/Nagad APIs)
• Never cache decrypted credentials in Redis or any temporary storage
• Never include credentials in error reports or analytics

BD Wallet requests a single Shopify permission: write_orders. This is the only API access we need.

• write_orders is used exclusively to mark an order as paid and add a payment reference note after the customer completes payment on bKash or Nagad

Customer data (name, phone number, and email address) is not read via the Shopify Customers API. Instead, it is received automatically through Shopify's orders/create webhook — a notification Shopify sends to our server whenever a new order is placed. This data is used solely to deliver the payment link to the customer.

We do not read, query, or store any customer data beyond what Shopify includes in the order webhook payload.

• Automating payment collection: When an order is placed with bKash or Nagad as the payment method, we automatically generate a secure payment link and deliver it to the customer via SMS and email — replacing the manual process merchants previously had to do themselves
• Processing payments: Your gateway credentials are used solely to create payments, check payment status, and process refunds on your behalf via bKash/Nagad APIs
• Order management: We mark the Shopify order as paid and add a payment reference note once the customer completes payment
• Service management: Store information is used for subscription billing and support

We do not sell, share, or use your data for advertising or any purpose beyond operating the payment automation service.

• HTTPS everywhere: All data in transit is encrypted with TLS 1.2+
• Isolated database: PostgreSQL database is not publicly accessible and requires authentication
• Shopify OAuth: Admin access is authenticated through Shopify's official OAuth flow — we never ask for your Shopify password
• Webhook verification: All Shopify webhooks are verified using HMAC signatures
• Docker isolation: Application services run in isolated Docker containers
• Admin access logs: All admin panel actions are logged with IP address and timestamp

• Gateway credentials: Stored (encrypted) as long as your account is active. Deleted when you uninstall the app or request removal.
• Customer PII (name, phone, email): Automatically anonymized after 180 days on terminal transactions (failed, expired, refunded).
• Transaction records: Retained for accounting and dispute resolution, then anonymized. Order IDs and amounts are kept longer for reporting.
• Payment links: Expire after 24 hours automatically.
• Application logs (webhook, notification): Purged after 90 days.
• Admin access logs: Retained for 365 days then automatically deleted.

As a merchant using our service, you have the right to:

• Access: View what data we hold about you via the app dashboard
• Update: Change or update your gateway credentials at any time
• Delete: Remove your credentials and deactivate gateways at any time
• Export: Request a copy of your transaction data
• Uninstall: Removing the app from your Shopify store triggers automatic cleanup of your stored credentials

When you uninstall BD Mobile Wallet from your Shopify store:

1. All encrypted gateway credentials are permanently deleted
2. Your merchant account is marked as inactive
3. Active payment links are expired immediately
4. Transaction history is retained for 90 days (for any pending refund disputes), then deleted
5. Subscription billing is stopped immediately

If you have any questions about this privacy policy or how we handle your data, please reach out:

• Email: [email protected]
• Phone: +880 1711085864

We aim to respond to all privacy inquiries within 48 hours.