Privacy Policy

1. Introduction

This Privacy Policy describes how Oriuum (“Oriuum,” “we,” “us,” or “our”) collects, uses, stores, and shares information when you use our enterprise resource planning (ERP) platform (the “Service”). Oriuum is a multi-tenant SaaS platform that integrates with Shopify to provide order management, cash-on-delivery (COD) pipeline management, customer care, inventory, fulfillment, and financial reconciliation services to e-commerce merchants.

This policy applies to merchants who use the Service (“Merchants”), to authorized users within a Merchant’s organization, and to end customers (“Customers”) whose data is processed by the Service on behalf of a Merchant.

By installing or using Oriuum, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described here, please do not install or use the Service.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account, install our Shopify app, or interact with the Service, we collect:

Account information: name, email address, phone number, business name, and role.
Authentication credentials: hashed passwords, OAuth tokens, and session identifiers.
Billing information: billing address, tax identification number, and subscription tier. Payment card details are handled by our payment processor and are not stored on Oriuum servers.
Support communications: messages, attachments, and other content you submit when contacting our support team.

2.2 Merchant Data Received from Shopify

When a Merchant connects their Shopify store, we receive Merchant Data through the Shopify API in accordance with the access scopes the Merchant approves during installation. This may include:

Store information: store name, domain, currency, time zone, primary location, and configured fulfillment locations.
Product data: titles, descriptions, variants, SKUs, prices, inventory levels, and product images.
Order data: order numbers, line items, totals, taxes, discounts, fulfillment status, financial status, and timestamps.
Customer data: names, email addresses, phone numbers, shipping addresses, billing addresses, and order history of customers who purchase from the Merchant.
Fulfillment data: tracking numbers, courier names, fulfillment statuses, and delivery timestamps.
Inventory data: stock levels per location, inventory adjustments, and transfers.

2.3 Data Generated Within Oriuum

As you use the Service, we generate and store data including:

Internal workflow records: COD verification status, packing assignments, dispatch records, settlement entries, and customer care tickets.
Team management data: agent assignments, shift schedules, performance metrics, and SLA tracking.
Financial reconciliation records: courier remittance entries, settlement matches, and accounting adjustments.
Audit logs: timestamps, user actions, IP addresses, and identifiers used to maintain security and compliance.

2.4 Information Collected Automatically

Device and connection data: IP address, browser type, operating system, device identifiers, and referring URLs.
Usage data: pages viewed, features used, click events, and session duration. We use this to improve the Service and detect anomalies.
Cookies and similar technologies: we use essential cookies for authentication and session management, and analytics cookies (where consent is provided) to understand how the Service is used.

3. How We Use Your Information

We use the information we collect for the following purposes:

To provide the Service: synchronizing data with Shopify, processing orders through the COD pipeline, managing inventory and fulfillment, and generating reports.
To authenticate users and maintain account security.
To process billing and manage subscriptions.
To provide customer support and respond to inquiries.
To monitor performance, troubleshoot issues, and improve the Service.
To detect, investigate, and prevent fraudulent, unauthorized, or illegal activity.
To comply with legal obligations, regulatory requests, and enforce our Terms of Service.
To send service-related communications such as outage notices, security alerts, and product updates. Marketing communications are sent only with your consent and you may opt out at any time.

We do not use Merchant Data, Customer Data, or any data derived from the Shopify API to train, fine-tune, or improve any machine learning or artificial intelligence models, except where we have obtained the explicit prior consent of the relevant Merchant for that Merchant’s own data.

We do not sell your information. We share information only in the limited circumstances described below.

We share information with trusted third-party service providers who help us operate the Service. These providers are bound by contractual obligations that require them to protect the data and use it only for the purposes we specify. Our current categories of service providers include:

Cloud hosting and infrastructure: Vercel (application hosting), Supabase (PostgreSQL database hosting), and Upstash (Redis queue infrastructure).
Payment processing: third-party payment processors that handle subscription billing.
Email and notifications: transactional email providers used to send service notifications.
Analytics and monitoring: error monitoring and performance analytics tools.

Information you submit as part of a Merchant account is accessible to other authorized users within the same Merchant organization, in accordance with the role-based permissions configured by the Merchant’s administrators.

We may disclose information if we have a good-faith belief that disclosure is necessary to comply with applicable law, a valid legal process, or a lawful government request; to enforce our Terms of Service; to protect the rights, property, or safety of Oriuum, our users, or the public; or to detect, prevent, or address fraud or security issues.

If Oriuum is involved in a merger, acquisition, asset sale, or similar transaction, information may be transferred as part of that transaction. We will notify affected users in advance and the receiving entity will be bound by privacy commitments at least as protective as those described in this policy.

We may share information for purposes not described in this policy when we have obtained your consent.

5. Data Sync with Shopify

In compliance with the Shopify API Terms, Oriuum automatically synchronizes Customer Data and Order Data collected on behalf of a Merchant back to that Merchant’s Shopify store admin. This includes new customer records created through the Service, customer profile updates, and order-related data such as fulfillment status and tracking numbers. Sensitive Personal Information is excluded from this automatic sync.

Where automatic sync is not technically possible for a particular data type, the Service provides functionality that allows the Merchant to manually sync the data.

6. Data Retention and Deletion

We retain Merchant Data only for as long as it is necessary to provide the Service to the Merchant. Specifically:

During an active subscription: data is retained for the duration of the subscription and is available for the Merchant to access, export, and modify.
After uninstallation: when a Merchant uninstalls Oriuum from their Shopify store, we delete all Merchant Data within thirty (30) days, in accordance with the Shopify API Terms. Aggregated and anonymized data that cannot be re-associated with the Merchant or any Customer may be retained.
After account closure: upon Merchant request to close their Oriuum account, all Merchant Data is deleted within thirty (30) days.
Backups: data may persist in encrypted backups for up to ninety (90) days after deletion, after which it is permanently overwritten.
Legal holds: where retention is required to comply with a legal obligation, resolve a dispute, or enforce our agreements, data may be retained for the period required by such obligation.

7. Your Rights

Depending on your jurisdiction and your relationship with Oriuum (as a Merchant or as a Customer of a Merchant), you may have the following rights regarding your Personal Information:

Access: the right to request a copy of the Personal Information we hold about you in a structured, commonly used, machine-readable format.
Correction: the right to ask us to correct inaccurate or incomplete information.
Deletion: the right to ask us to delete your information, subject to legal retention requirements.
Restriction: the right to ask us to restrict the processing of your information in certain circumstances.
Objection: the right to object to processing based on our legitimate interests.
Portability: the right to receive your information in a portable format and request that we transmit it to another controller.
Withdrawal of consent: where processing is based on consent, the right to withdraw consent at any time.

Customers of Merchants should contact the relevant Merchant first to exercise these rights, since Oriuum acts as a data processor on behalf of the Merchant. We will assist Merchants in responding to such requests.

To exercise any of these rights, contact us at the address provided in Section 12. We will respond within the timeframes required by applicable law.

8. Data Security

We implement administrative, technical, and physical safeguards designed to protect the Personal Information we process. These include:

Encryption: data is encrypted in transit using TLS 1.2 or higher, and sensitive data is encrypted at rest.
Access controls: role-based access controls, multi-factor authentication for administrators, and strict tenant isolation enforced at the database query level.
Network security: firewalls, intrusion detection, and continuous monitoring of our infrastructure.
Secure development practices: code review, dependency scanning, and adherence to OWASP security standards.
Incident response: documented procedures for detecting, responding to, and reporting security incidents.

In the event of a data breach affecting Merchant Data or Customer Data, we will notify affected Merchants and, where applicable, Shopify within twenty-four (24) hours of becoming aware of the breach, as required by the Shopify API Terms. We will also notify regulators and affected individuals where required by applicable law.

No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

9. International Data Transfers

Oriuum operates infrastructure in multiple regions. Your information may be transferred to, stored in, and processed in countries other than your own, including Pakistan, the United States, the European Union, and Singapore (where our cloud providers operate). When we transfer Personal Information across borders, we rely on lawful transfer mechanisms such as standard contractual clauses or equivalent safeguards.

10. Children’s Privacy

The Service is not directed to children under the age of sixteen (16) and we do not knowingly collect Personal Information from children. If we learn that we have collected information from a child without verified parental consent, we will delete it promptly. Merchants must not use the Service to process Personal Information of children in violation of applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify Merchants by email or through an in-app notice at least thirty (30) days before the changes take effect, where reasonably possible. The “Last Updated” date at the top of this policy reflects the most recent revision.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Oriuum

Email:: privacy@oriuum.com
Support:: support@oriuum.com
Address:: [Your registered business address, Bahawalnagar, Punjab, Pakistan]

For data protection inquiries specifically, you may contact our Data Protection Officer at dpo@oriuum.com.

Last updated May 4, 2026

privacy@oriuum.comSee also: Terms of ServiceBack to home

Privacy Policy.