ShopnTap
Sell
Magic CheckoutStorefrontAccount
Protect & operate
COD & RTO IntelligenceDashboardSidekick
Grow
TrackerMarketplace
PricingCompareResourcesSign in
Book a demo
Legal

Privacy & DPDP

How ShopnTap collects, uses and protects personal data under India's Digital Personal Data Protection Act. Plain language, no dark patterns.

Last updated 02 Jun 2026 · This is a product privacy summary, not legal advice.

Overview

ShopnTap provides checkout and COD/RTO infrastructure to D2C brands (“merchants”). When you buy from a brand that uses ShopnTap, the merchant is the primary data fiduciary for your order, and ShopnTap acts as a data processor on their behalf — except for the limited cross-merchant features described below, where consent is explicit.

What we collect

We collect only what's needed to complete an order and reduce return-to-origin risk:

  • Identity & contact — your phone number (verified by OTP) and, where provided, name and email.
  • Delivery details — shipping address and pincode, validated to reduce failed deliveries.
  • Order & payment metadata — items, amounts and payment method. Card and UPI credentials are handled by your chosen payment gateway, not stored by ShopnTap.
  • Risk signals — order history and delivery outcomes used to compute a COD/RTO risk tier.

How we use it

To complete checkout, verify identity, score and reduce COD/RTO risk, confirm orders (including over WhatsApp where enabled), provide buyer accounts and tracking, and produce DPDP-compliant analytics for the merchant. We do not sell personal data.

Consent is a first-class record in ShopnTap. Every purpose you agree to — order processing, marketing messages, or participation in the cross-merchant address network — is logged in a consent ledgerwith a timestamp and the specific purpose. Consent is requested in clear language at the point it's needed, never bundled or pre-ticked.

Withdrawing consent

You can withdraw any consent as easily as you gave it. Withdraw from within your ShopnTap Account (Privacy & consent), or email support@shopntap.comwith the subject “Withdraw consent”. Withdrawal stops the relevant processing going forward; it doesn't affect processing already carried out lawfully, or data we must retain for legal and tax obligations.

Cross-merchant address network

If — and only if — you consent, validated address details can prefill checkout at other brands on ShopnTap, so you don't retype them. This network uses consented data only, never silent sharing, and you can leave it at any time via the withdrawal options above.

Server-side analytics

Merchants may use server-side analytics (e.g. Meta CAPI, GA4, server-side GTM) configured to keep buyer data within their control and aligned with DPDP. We support consent signals so analytics respect your choices.

Sharing & processors

We share data only with the processors needed to fulfil your order — your merchant's chosen payment gateway and logistics partner — and with service providers under contract. We don't share personal data for unrelated advertising.

Your rights

Under the DPDP Act you can access and correct your data, withdraw consent, nominate a representative, and raise a grievance. To exercise any right, contact the merchant you bought from, or email us at support@shopntap.comand we'll route it appropriately.

Retention & security

We keep personal data only as long as needed for the purpose collected or as law requires, then delete or anonymise it. Data is encrypted in transit and at rest, with access scoped by role.

Contact

Questions, requests or grievances: support@shopntap.com. It's our single point of contact — there's no separate sales or privacy line to chase.