Privacy Policy

1. Introduction

Welcome to Mirah's Privacy Policy. This document outlines how we collect, use, store, and protect your personal information when you use our e-commerce operations platform. Mirah acts as the central operating system for e-commerce brands in Pakistan, integrating with Shopify stores and Pakistani courier APIs.

By using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, you must not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account with Mirah, we collect:

• Business Details: Company name, business registration number, and tax identification (NTN)
• Contact Information: Email address, phone number, and business address
• User Credentials: Username, password (encrypted), and authentication tokens
• Payment Information: Billing details, bank account information for COD settlements
• Identity Verification: CNIC details, business licenses, and authorized signatory information

2.2 Shopify Integration Data

When you connect your Shopify store to Mirah, we access and process:

• Store Information: Store name, URL, domain, currency, timezone, and store settings
• Product Data: Product names, SKUs, prices, inventory levels, images, variants, categories, tags, COGS (Cost of Goods Sold), and profit margins
• Order Information: Order numbers, dates, amounts, payment status, fulfillment status, customer details, shipping addresses, order notes, and transaction records
• Customer Data: Customer names, email addresses, phone numbers, shipping/billing addresses, order history, lifetime value, and purchase patterns
• Financial Records: Revenue data, refunds, chargebacks, payment gateway information, and sales analytics
• API Access: OAuth tokens and permissions for continuous synchronization

2.3 Pakistani Courier API Data

Through integration with Pakistani courier services (TCS, Leopards, M&P, PostEx, Rider, BlueEx, Trax, CallCourier), we collect:

• Shipment Details: Tracking numbers, AWB numbers, parcel weight, dimensions, declared value
• Delivery Information: Sender and receiver details, complete addresses, phone numbers, CNIC (where required)
• Status Updates: Real-time tracking data, delivery attempts, failed delivery reasons, proof of delivery, customer signatures
• COD Records: Cash on Delivery amounts, collection status, reconciliation data, settlement reports
• Return Shipments: Return tracking numbers, reverse logistics data, RTO (Return to Origin) information
• Courier Performance: Delivery times, success rates, delay patterns, zone-wise performance metrics

2.4 Customer and End-User Data

We collect comprehensive information about your customers (your store's buyers):

• Personal Identifiers: Full names, email addresses, phone numbers, CNIC (if provided for courier requirements)
• Geographic Data: Complete shipping and billing addresses including street, city, province, postal code
• Purchase History: Complete order history, product preferences, purchase frequency, average order value, total lifetime value
• Behavioral Data: Cart abandonment data, product views, repeat purchase patterns, return history
• Risk Indicators: Return frequency, fake order flags, blacklist status, delivery success rate
• Communication Records: Customer support interactions, complaints, feedback, and resolution history

2.5 Platform Usage Data

We automatically collect information about how you use our platform:

• Dashboard Activity: Features accessed, time spent, navigation patterns, frequency of use
• System Logs: Login times, IP addresses, device information, browser type, operating system
• Performance Metrics: API response times, error logs, system performance data
• Analytics Data: User engagement metrics, feature adoption rates, workflow efficiency data

2.6 Aggregated and Derived Data

IMPORTANT DISCLOSURE: We create aggregated and analytical insights from your data:

• Market Trends: Industry benchmarks, seasonal patterns, demand forecasting
• Product Insights: Best-selling products, trending categories, pricing analysis
• Geographic Analysis: Regional sales patterns, city-wise demand, delivery zone performance
• Customer Segmentation: Demographic insights, buying behavior patterns, customer lifetime value models
• Product Hunting Intelligence: Identification of profitable product opportunities, niche markets, and trending items based on aggregated data across multiple merchants

3. How We Use Your Information

3.1 Service Delivery and Platform Operations

• Provide, maintain, and improve our dashboard platform
• Synchronize orders from your Shopify store in real-time
• Automate courier booking and generate shipping labels
• Track shipments and provide real-time status updates
• Process COD payments and reconcile settlements
• Manage inventory across multiple sales channels
• Calculate net profit margins and generate financial reports
• Provide customer support and technical assistance

3.2 Analytics and Business Intelligence

• Analyze sales patterns, customer behavior, and market trends
• Generate reports on order volume, revenue, and operational metrics
• Track courier performance and shipping costs
• Create customer segmentation and demographic profiles
• Identify high-risk customers and prevent fake orders
• Optimize delivery routes and reduce shipping costs

3.3 Product Recommendations and Market Insights

CRITICAL DISCLOSURE: We use your order data, customer purchase patterns, and product performance metrics to develop proprietary product hunting and recommendation systems.

• Analyzing which products are selling successfully across multiple merchants
• Identifying trending products, emerging market opportunities, and profitable niches
• Creating aggregated datasets about product performance, pricing strategies, and demand patterns
• Developing predictive models for product success and market trends
• Providing product suggestions and sourcing recommendations to merchants on our platform
• Creating industry reports and market intelligence products for internal and external use

While individual merchant data is not directly shared with competitors, aggregated insights derived from your data may be used to provide recommendations to other merchants on our platform. These insights help all merchants identify profitable products and market opportunities.

3.4 Fraud Detection and Security

• Identify high-risk return customers based on historical delivery data
• Flag suspicious orders and prevent fraudulent transactions
• Maintain blacklists of fake customers and prevent repeat offenders
• Protect against unauthorized access and security threats
• Monitor system integrity and prevent data breaches

3.5 Communication

• Send automated operational alerts (e.g., "Low Stock", "Order Failed", "Delivery Delayed")
• Provide email and SMS notifications for critical events
• Send product updates, feature announcements, and service notifications
• Deliver marketing communications about our services (with opt-out option)
• Respond to your inquiries and support requests

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share your data with trusted third-party service providers:

• Logistics Partners: Pakistani courier services (TCS, Leopards, M&P, PostEx, Rider, BlueEx, Trax, CallCourier) receive shipment details, customer addresses, and contact information solely for delivery execution
• Payment Processors: Stripe, PayPal, JazzCash, Easypaisa, and local banking partners process payments and COD settlements
• Cloud Infrastructure: AWS, Google Cloud, or similar providers host our application and store your data
• Analytics Services: Google Analytics, Mixpanel, or similar tools analyze platform usage
• Communication Services: SMS gateways, email service providers for automated notifications

4.2 Shopify Integration

We access your Shopify store data through Shopify's API under their Terms of Service and Privacy Policy. We do not control Shopify's data practices and are not responsible for their handling of your information.

4.3 Aggregated Data Sharing

We may share aggregated, anonymized, or de-identified data with:

• Other merchants on our platform to provide product recommendations and market insights
• Business partners for market research and industry analysis
• Researchers and academics for non-commercial purposes
• Industry publications and reports
• Potential investors and business partners

This aggregated data does not directly identify individual merchants or customers, but it may include insights derived from your business performance that could indirectly benefit your competitors.

4.4 Legal Requirements

We may disclose your information if required by law or to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service and other agreements
• Protect against fraud, security threats, or illegal activity
• Protect the rights, property, or safety of our company, users, or the public
• Respond to requests from Pakistani regulatory authorities (FBR, PTA, PECA enforcement)

4.5 Business Transfers

In the event of a merger, acquisition, bankruptcy, or similar transaction, your information may be transferred to the successor entity. You will be notified via email and/or platform notice of any such change in ownership.

5. Data Retention

We retain your information for as long as necessary to provide our services:

• Active Account Data: Retained for the duration of your active subscription plus 90 days after cancellation
• Order and Transaction Data: Retained for 7 years to comply with Pakistani tax and financial regulations (FBR requirements)
• Customer Data: Retained as long as necessary for service delivery and as required by applicable laws
• Analytics and Aggregated Data: Retained indefinitely in anonymized form for analysis and platform improvement
• Support Communications: Retained for 2 years for quality assurance and dispute resolution
• Backup Data: Retained for 90 days in secure backup systems
• Blacklist and Fraud Data: Retained indefinitely to protect all merchants from repeat offenders

6. Data Security

We implement comprehensive security measures to protect your information:

6.1 Technical Safeguards

• Encryption: All data transmitted uses TLS 1.3 encryption; stored data uses AES-256 encryption
• Secure Authentication: Multi-factor authentication (MFA) support, password hashing with bcrypt
• API Security: OAuth 2.0 for Shopify integration, encrypted API keys for courier services
• Network Security: Firewalls, intrusion detection systems, and DDoS protection
• Regular Audits: Quarterly security audits and penetration testing

6.2 Organizational Safeguards

• Access Controls: Role-based access with least privilege principle
• Employee Training: Regular security awareness training for all staff
• Incident Response: 24/7 monitoring and rapid response procedures
• Vendor Security: Security assessments and contractual safeguards with third parties

IMPORTANT: While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

7. Your Rights and Choices

7.1 Access and Portability

You have the right to:

• Access your personal information stored in our systems
• Request a copy of your data in portable format (CSV, JSON, Excel)
• Export your order data, customer information, and analytics reports

7.2 Correction and Update

You can update your account information, business details, and preferences directly through the dashboard. For corrections to historical data, contact our support team.

7.3 Deletion and Erasure

You may request deletion of your account and associated data. Please note:

• Account deletion is permanent and cannot be reversed
• Some data must be retained for legal compliance (7 years for financial records)
• Aggregated and anonymized data derived from your account will not be deleted
• Fraud prevention data (blacklists) will be retained to protect other merchants
• Backup copies will be deleted within 90 days

7.4 Marketing Opt-Out

• Opt-out of marketing emails by clicking unsubscribe links
• Manage SMS notification preferences in your account settings
• Transactional and operational emails cannot be disabled

7.5 Limitations on Rights

Your rights may be limited when:

• Data is required for legal compliance or tax purposes
• Data has been shared with third-party couriers for active shipments
• Aggregated insights have already been incorporated into our analytics
• Requests are clearly unfounded, excessive, or violate others' rights

8. International Data Transfers

While Mirah primarily serves Pakistani merchants, your data may be processed in other countries where our service providers operate:

• United States: AWS, Google Cloud, Stripe (payment processing)
• Canada: Shopify servers and infrastructure
• European Union: Data processing centers
• Singapore: Regional backup servers

When transferring data internationally, we ensure appropriate safeguards through Standard Contractual Clauses (SCCs), data processing agreements, and compliance with applicable data protection laws.

9. Compliance with Pakistani Laws

9.1 Prevention of Electronic Crimes Act (PECA) 2016

We comply with PECA 2016 including:

• Protection against unauthorized access to information systems
• Cooperation with law enforcement for legitimate investigations
• Data breach notification to relevant authorities
• Prohibition of electronic fraud and identity theft

9.2 Federal Board of Revenue (FBR) Requirements

We maintain transaction records as required by FBR:

• 7-year retention of financial records
• NTN verification and documentation
• Cooperation with tax audits and investigations

9.3 State Bank of Pakistan (SBP) Regulations

For payment processing and COD settlements, we comply with SBP regulations regarding electronic payments, data security, and transaction record-keeping.

9.4 Pakistan Telecommunication Authority (PTA)

We comply with PTA regulations regarding online services, data protection, and lawful access requirements.

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

11. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. Changes are effective immediately upon posting. Material changes will be communicated through:

• Email notification to your registered email address
• Prominent notice on our dashboard upon login
• Updated "Last Updated" date at the top of this policy

Continued use of our Service after changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

For questions, concerns, or requests regarding this Privacy Policy, please contact us:

13. Acknowledgment and Consent

BY USING OUR SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND AGREE TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION AS DESCRIBED HEREIN.

You specifically acknowledge and consent to:

• Collection of your Shopify store data, customer information, and order details
• Sharing of shipment data with Pakistani courier service APIs
• Use of your data for analytics, product recommendations, and market insights
• Creation of aggregated data that may benefit other merchants on the platform
• International transfer of data to service providers in other countries
• Retention of data for legal compliance and business purposes as specified