Your privacy matters to us. This policy explains how Darvaza.PK collects, uses, and protects your personal information when you use our Order Management System. We are committed to transparency and giving you control over your data.
🔍Information We Collect
We collect the following types of information to provide and improve our services:
Account Information: Name, email address, phone number, business name, and payment details when you register.
Order & Business Data: Order details, customer information, product data, and shipping information synced from your Shopify store and courier integrations.
Usage Data: How you interact with our platform, features used, pages visited, and session duration.
Device Information: IP address, browser type, operating system, and device identifiers for security and fraud prevention.
Communication Data: Messages you send to our support team, feedback, and survey responses.
⚙️How We Use Your Information
We use the information collected for the following purposes:
• Service Delivery: To process orders, sync data with Shopify and couriers, and provide all OMS features.
• Account Management: To create and manage your account, verify identity, and provide customer support.
• Performance & Analytics: To monitor system performance, identify bugs, and improve our platform.
• Communications: To send service updates, security alerts, and marketing messages (with your consent).
• Legal Compliance: To comply with Pakistani law and respond to lawful requests from authorities.
• Fraud Prevention: To detect and prevent unauthorized access, fraud, and abuse of our services.
🤝Information Sharing
We do not sell your personal data to third parties. We share data only in the following limited circumstances:
Service Providers: We share data with trusted vendors (Vercel hosting, Neon database, email providers) who process data on our behalf under strict confidentiality agreements.
Courier Integrations: Order and delivery data is shared with courier APIs (PostEx, Leopards, TCS, etc.) only as needed to fulfill deliveries.
Shopify: Order and fulfillment data syncs with your connected Shopify store per your authorization.
Legal Requirements: We may disclose information if required by Pakistani law, court order, or government authority.
Business Transfer: In case of merger or acquisition, your data may be transferred with prior notice.
🔐Data Security
We implement industry-standard security measures to protect your data:
• Encryption: All data is encrypted in transit (TLS 1.3) and at rest.
• Authentication: JWT-based authentication with OTP verification for sensitive access.
• Access Controls: Role-based permissions ensure team members can only access data relevant to their role.
• Infrastructure: Data is hosted on Vercel (edge network) and Neon PostgreSQL with enterprise-grade security.
• Monitoring: Continuous security monitoring and automated threat detection.
• Backups: Regular automated backups with point-in-time recovery.
Despite these measures, no system is 100% secure. We encourage you to use strong passwords and report any suspicious activity immediately.
🍪Cookies & Tracking
We use cookies and similar tracking technologies to enhance your experience:
Essential Cookies: Required for authentication (auth_token cookie), session management, and core platform functionality. Cannot be disabled.
Analytics Cookies: Used to understand how users interact with our platform (with your consent). We use privacy-respecting analytics.
Preference Cookies: Store your settings like theme preferences, language, and dashboard configurations.
You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality. We do not use cookies for advertising purposes.
📱Third-Party Services
Our platform integrates with third-party services that have their own privacy policies:
• Shopify: Your Shopify store data is processed per Shopify's Privacy Policy
• PostEx, Leopards, TCS, BlueEx, Dux, M&P, Trax: Order/delivery data shared as needed for shipments
• Vercel: Platform hosting with strict data processing agreements
• Neon PostgreSQL: Secure database hosting
• Email Providers: Used for OTP delivery and notifications
We carefully vet all third-party providers and ensure they maintain appropriate data protection standards. We are not responsible for the privacy practices of third-party services once data is transmitted to them.
👤Your Rights
You have the following rights regarding your personal data:
Access: Request a copy of all personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your personal data (subject to legal retention requirements).
Export: Download your business data in CSV or JSON format from the platform settings.
Objection: Object to processing of your data for marketing purposes.
Portability: Transfer your data to another service provider.
To exercise these rights, contact us at privacy@darvaza.pk. We will respond within 30 days. We may need to verify your identity before fulfilling requests.
⏰Data Retention
We retain your data for the following periods:
• Active Account Data: Retained for the duration of your subscription plus 30 days after termination.
• Order History: Retained for 2 years to support business analytics and legal compliance.
• Communication Records: Support tickets and emails retained for 1 year.
• Security Logs: IP addresses and access logs retained for 90 days.
• Deleted Account Data: Permanently purged within 30 days of account deletion request.
After retention periods expire, data is securely deleted or anonymized. Enterprise customers may negotiate custom retention periods.
👶Children's Privacy
Darvaza.PK is a business platform intended for users aged 18 and above. We do not knowingly collect personal information from individuals under 18 years of age.
If we discover that we have inadvertently collected information from a minor, we will promptly delete such information. If you believe we have collected information from a minor, please contact us immediately at privacy@darvaza.pk.
🌍International Data Transfers
Our infrastructure providers (Vercel, Neon) may store and process data in data centers located in the United States and other regions. By using our platform, you consent to the transfer of your data to these locations.
All international data transfers are governed by appropriate safeguards including standard contractual clauses and data processing agreements that ensure your data receives equivalent protection to Pakistani standards.
📝Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:
• Sending an email notification to your registered email address
• Displaying a prominent notice within the OMS platform
• Updating the "Last Updated" date at the top of this policy
Changes take effect 7 days after notification. Continued use of the platform after the effective date constitutes acceptance of the updated policy. We encourage you to review this policy periodically.
📞Contact & Data Controller
Darvaza.PK is the data controller responsible for your personal information.
Privacy Inquiries:
Email: privacy@darvaza.pk
Phone: +92 (300) 123-4567
Address: Karachi, Sindh, Pakistan
Response Times:
• General privacy questions: Within 2 business days
• Data access/deletion requests: Within 30 days
• Security incidents: Within 24 hours
For urgent security matters, please mark your email as "URGENT - Security" for prioritized handling.
Privacy Concerns?
Contact our dedicated privacy team. We respond within 2 business days.