---

Welcome to CompliEdge ("CompliEdge", "we", "our", or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you install, access, or use the CompliEdge application (the "App") and any related services (the "Services").

We are committed to complying with India's Digital Personal Data Protection Act 2023 (DPDP Act) and other applicable regional legislation. If you have any questions, please contact us at apps@seventhtriangle.com.

1. Who We Are

CompliEdge is a Shopify application developed and maintained by Seventh Triangle Consulting, with its principal place of business at 2nd Floor, The Berry Coworks, Sector 142, Noida, Uttar Pradesh – 201304, India.

We act as a Data Processor when processing personal data on behalf of Shopify merchants ("Merchants"), and as a Data Fiduciary for information we independently collect for our own purposes.

2. Information We Collect

Merchant Account Data

Store name, store URL, contact email, Shopify plan, billing information, Shopify access tokens, locale and currency — collected via Shopify OAuth to provide, maintain and improve the App.

Merchant Usage Data

App settings, consent configurations, feature interactions, support tickets, and usage analytics — collected automatically to operate and optimize the App's functionality.

Customer Personal Data (processed on behalf of Merchants)

When Merchants deploy CompliEdge on their storefront, we process the following on their behalf:

• Customer consent preferences — which categories were accepted or rejected
• Timestamp, IP address, and device user agent at the time of consent
• Data Subject Rights (DSR) requests — access, deletion, correction, withdrawal
• Breach incident records logged by the Merchant
• Personal data exports generated for approved DSR access requests

We do not intentionally collect special categories of personal data such as health, biometric, financial, or children's data.

3. How We Use Your Information

• To deliver, operate, maintain, and update the App and its DPDP compliance features
• To authenticate Merchant accounts and ensure secure access
• To process billing and collect fees via Shopify's Billing API
• To enable Merchants to fulfil their obligations under the DPDP Act 2023 — including consent management, DSR fulfilment, and breach notification
• To respond to support requests and resolve technical issues

4. Legal Basis for Processing (DPDP Act 2023)

Under the Digital Personal Data Protection Act 2023, we process personal data on the following grounds:

• Consent — customers provide explicit consent through the CompliEdge banner before any optional data is collected
• Legitimate Use — processing necessary for the performance of a contract, compliance with law, or protection of vital interests (Section 7, DPDP Act 2023)
• Contractual Necessity — to provide the Services you request by installing the App

5. How We Share Information

We do not sell personal data. We share information only in the following circumstances:

• Within Seventh Triangle Consulting on a strict need-to-know basis
• With trusted Service Providers — AWS Mumbai (hosting), MongoDB Atlas (database), SendGrid (transactional email) — each bound by data processing agreements
• With Shopify, as required under the Shopify App Store Partner Program and API terms
• With regulators or law enforcement, where required by applicable law or court order

6. Data Storage & Localisation

All data processed by CompliEdge is stored exclusively on Amazon Web Services (AWS) infrastructure in the Mumbai region (AP-South-1). This satisfies the data localisation requirements under the DPDP Act 2023 for Indian personal data.

Security measures in place:

• Encryption in transit — TLS 1.2+ for all data transfer
• Encryption at rest — AES-256 via AWS KMS-managed keys
• RSA-4096 encrypted API payloads between frontend and backend
• ISO 27001-certified AWS data centres
• Role-based access controls and principle of least privilege

7. Your Rights Under the DPDP Act 2023

As a Data Principal under the DPDP Act 2023, you have the following rights:

• Right to Access — obtain a summary of personal data we hold about you (Section 11)
• Right to Correction — request correction of inaccurate or incomplete data (Section 11)
• Right to Erasure — request deletion of personal data where it is no longer necessary (Section 12)
• Right to Withdraw Consent — withdraw consent at any time; withdrawal does not affect prior processing (Section 6)
• Right to Opt-out of marketing communications at any time

To exercise any of these rights, email apps@seventhtriangle.com or use the Privacy Centre in your Shopify customer account. We will respond within the timeframes mandated by the DPDP Act.

8. Grievance Redressal

In accordance with Section 13 of the DPDP Act 2023, we have designated a Grievance Officer to address your concerns:

We will acknowledge your grievance within 48 hours and resolve it within 30 days of receipt.

9. Data Retention

• Merchant data — retained for the duration of the App subscription; deleted within 30 days of uninstallation
• Customer consent records — retained as required for audit and compliance purposes under the DPDP Act
• CSV export jobs — automatically deleted after 7 days
• DSR request records — retained for the period required by applicable law
• Transaction and billing data — retained for 7 years as required under Indian tax law (GST compliance)

10. Breach Notification

In the event of a personal data breach, CompliEdge assists Merchants in fulfilling their obligations under Section 17 of the DPDP Act 2023, which requires:

• Notification to the Data Protection Board of India within 72 hours of discovery
• Notification to all affected customers as soon as reasonably practicable

The Breach Toolkit within CompliEdge provides a live 72-hour countdown, direct customer notification via SendGrid, and automatic documentation of all breach events for your legal records.

11. Children's Privacy

Our Services are not directed to children under 18. We do not knowingly collect personal data from minors. If a minor has provided personal data, please contact us immediately at apps@seventhtriangle.com and we will delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the revised version and, where required, notify Merchants via the App dashboard or email. Continued use of the App after changes constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related questions, requests, or complaints: