Privacy policy

At OrderLyne ("we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

1. Information We Collect

1.1 Information You Provide Directly

We collect information you provide when you:

• Create an account: Name, email address, phone number, business name, business address
• Set up your store: Store name, logo, product information, pricing
• Process payments: Payment information is collected and processed securely by our PCI-compliant payment partners (Razorpay, Stripe). We do not store full payment card details.
• Contact us: Any information you provide in support requests or communications

1.2 Information Collected Automatically

When you use our service, we automatically collect:

• Device information: Browser type, operating system, device identifiers
• Log data: IP address, access times, pages viewed, referring URLs
• Usage data: Features used, actions taken within the platform, performance data
• Location data: General location based on IP address (not precise GPS location)

1.3 Information from Third-Party Integrations

When you connect third-party services to OrderLyne, we receive information from those services based on the permissions you grant:

Shopify Integration

• Store information (name, domain, currency, timezone)
• Product catalog (titles, descriptions, images, variants, pricing, inventory)
• Order information (order details, customer information, fulfillment status)
• Customer data (names, email addresses, shipping addresses, order history)

We access Shopify data only with your explicit authorization through Shopify's OAuth process. You can revoke access at any time through your Shopify admin panel.

Meta/WhatsApp Business Integration

• WhatsApp Business Account information
• Phone number and display name
• Message templates and their approval status
• Message delivery status and read receipts
• Conversation metadata (not message content unless required for service delivery)

WhatsApp message content is processed only to deliver your messages and provide service functionality. We comply with Meta's Platform Terms and Data Use Policy.

Other Integrations

• WooCommerce store data (products, orders, customers)
• Payment gateway transaction information
• Email service provider delivery statistics

2. How We Use Your Information

2.1 To Provide and Improve Our Services

• Create and manage your account
• Process and fulfill orders
• Sync products and inventory across platforms
• Send WhatsApp messages on your behalf to your customers
• Generate analytics and reports
• Provide customer support

2.2 To Communicate With You

• Send transactional emails (account verification, password resets, order confirmations)
• Provide technical notices and security alerts
• Respond to your inquiries and support requests
• Send product updates and new feature announcements (with your consent)

2.3 For Security and Compliance

• Detect, prevent, and address fraud, abuse, and security issues
• Monitor for violations of our Terms of Service
• Comply with legal obligations
• Enforce our agreements

2.4 Why we process your data

We process your personal data because:

• You've signed up for the service: To deliver the platform and features you've subscribed to
• To run and improve the service: To keep things working, prevent fraud, and make the product better
• To comply with the law: Including tax record-keeping and responding to valid legal process
• You've given consent: For marketing communications and optional features

3. Information Sharing and Disclosure

We do not sell your personal information to third parties.

3.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our platform, subject to confidentiality agreements:

• Cloud hosting: Amazon Web Services (AWS), for data storage and processing
• Payment processing: Razorpay, Stripe, for secure payment handling
• Messaging: Meta/WhatsApp, for WhatsApp Business API services
• Analytics: For understanding service usage and improving performance
• Email delivery: For transactional and marketing emails

3.2 Platform Integrations

When you connect third-party platforms (Shopify, WooCommerce, etc.), data flows between OrderLyne and those platforms as necessary to provide the integration functionality. Each platform's own privacy policy governs their use of your data.

3.3 Business Transfers

If OrderLyne is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or uses of your personal information.

3.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

4. Law Enforcement and Government Requests

4.1 Our Process for Handling Requests

When we receive a request from a public authority for user data, we:

• Require valid legal process: We require a valid subpoena, court order, search warrant, or equivalent legal process before disclosing any user data
• Verify legitimacy: We verify that the request comes from a legitimate authority and is properly scoped
• Narrow the scope: We object to overly broad requests and provide only the specific data legally required
• Notify users when permitted: Unless legally prohibited (e.g., by a gag order), we will notify affected users of requests for their data
• Document requests: We maintain records of all government and law enforcement requests received

4.2 Types of Requests We May Comply With

• Court orders
• Search warrants
• Subpoenas
• National security letters (where applicable)
• Emergency requests involving imminent threat to life

4.3 What We Will Not Do

• We will not provide "backdoor" access to our systems
• We will not comply with requests that we believe are unlawful or improper
• We will not provide data in response to informal requests without proper legal process

4.4 Emergency Requests

In genuine emergencies involving imminent threat to life or serious physical injury, we may disclose information to law enforcement without a court order if we believe in good faith that disclosure is necessary to prevent the emergency.

5. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption: Sensitive credentials (API keys, tokens, payment connector secrets) are encrypted at rest. Traffic between your browser and OrderLyne uses HTTPS.
• Access controls: Role-based access control for internal systems
• Infrastructure security: Hosted on established cloud infrastructure (Amazon Web Services)
• Regular audits: Periodic internal security reviews
• Employee training: Regular security awareness training for all team members
• Incident response: Documented procedures for responding to security incidents

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations (e.g., tax records, legal holds)
• Resolve disputes and enforce our agreements

Retention Periods

7. Your Rights and Choices

7.1 Access and Portability

You have the right to request a copy of the personal information we hold about you. We will provide this information in a structured, commonly used, machine-readable format (JSON or CSV) within 30 days of your request.

7.2 Correction

You can update most of your account information directly through our platform. For information you cannot update yourself, contact us and we will make corrections within 30 days.

7.3 Deletion

You can request deletion of your personal information by contacting us at hello@orderlyne.app. Upon receiving a valid deletion request, we will:

• Delete your account and personal data within 30 days
• Remove your data from our active databases
• Request deletion from third-party processors where applicable
• Retain only data required for legal compliance (clearly separated and access-restricted)

7.4 Objection and Restriction

You can object to processing of your personal data or request restriction of processing in certain circumstances. We will honor these requests unless we have compelling legitimate grounds for the processing.

7.5 Withdraw Consent

Where we process data based on your consent, you can withdraw consent at any time. This will not affect the lawfulness of processing before withdrawal.

7.6 Marketing Opt-Out

You can opt out of marketing communications at any time by:

• Clicking "unsubscribe" in any marketing email
• Updating your notification preferences in account settings
• Contacting us at hello@orderlyne.app

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

8.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our service.

9. International Data Transfers

OrderLyne is based in India. Your information may be transferred to and processed in countries other than your country of residence, including India and the United States (where our cloud infrastructure providers operate).

If you're using OrderLyne from outside India, your data is still subject to the laws of India where OrderLyne is based and the jurisdictions where our cloud infrastructure operates. By signing up, you consent to this transfer.

10. Children's Privacy

Our service is intended for businesses and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at hello@orderlyne.app and we will delete such information promptly.

11. Requests from outside India

If you're based outside India (including in California, the EEA, or the UK) and you have specific data rights under your local privacy laws, you can email us at hello@orderlyne.app with your request and we will treat it like any other data access, export, or deletion request — see Section 7 for the standard rights we honor for every OrderLyne user.

We do not sell personal information, and we do not discriminate against anyone for exercising any of the rights described in this policy.

12. Platform-Specific Terms

12.1 Shopify Users

If you connect your Shopify store to OrderLyne, you acknowledge that:

• We access your Shopify data through Shopify's official API with your authorization
• We process your customers' data as a data processor on your behalf
• You remain the data controller for your customer data
• You are responsible for ensuring you have appropriate consent from your customers
• You can revoke our access at any time through your Shopify admin

12.2 WhatsApp/Meta Users

If you use our WhatsApp Business integration:

• Messages are sent through Meta's official WhatsApp Business API
• We comply with Meta's Platform Terms and Policies
• Message content is processed only as necessary to deliver messages
• You are responsible for obtaining appropriate consent before messaging your customers
• You must comply with WhatsApp's Business Policy and Commerce Policy

Meta Ads Integration

• Meta Business account information and ad account details
• Campaign names, status, objectives, and budget information
• Ad performance metrics (impressions, reach, clicks, spend, ROAS, CTR, CPC)
• Ad set and ad creative metadata
• Daily insights and conversion data

We access Meta Ads data only with your explicit authorization through Meta's OAuth process using Facebook Login for Business. We access only your own ad account data — we never access personal Facebook profile data, friends lists, or user data of any kind. Ad performance data is used solely to display campaign analytics inside your OrderLyne dashboard. You can revoke access at any time from your Meta Business Settings or from within OrderLyne.

12.3 Meta Ads Users

If you connect your Meta Ads account to OrderLyne:

• We access your Meta ad account data through Meta's official Marketing API with your authorization
• We request only the permissions necessary: ads_read, read_insights, and business_management
• We do not access personal Facebook profile data, friend lists, or any personal user data
• Ad performance data is used solely to display analytics within your OrderLyne dashboard
• We do not share your ad performance data with any third parties
• You can disconnect your Meta Ads account at any time from the Campaigns → Connections page in OrderLyne
• We comply with Meta's Platform Terms and Developer Policies

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes:

• We will update the "Last updated" date at the top of this policy
• We will notify you via email or prominent notice on our platform
• For significant changes, we may request your renewed consent

We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: