Privacy

What we collect

• Account basics: phone or email (for OTP), name, delivery addresses, order history.
• Browsing signals: pages viewed, products searched, items added to cart. Used to improve the store and show you relevant recommendations.
• Device info: IP address, user-agent, fingerprint hash. Used to spot fraud (e.g., someone placing many COD orders from the same device).
• Marketing attribution: UTM tags and click IDs (e.g., fbclid, gclid) from the ad that brought you here. Stored in a 30-day cookie so we know which campaigns work.

What we share with third parties

We send events to advertising platforms so they can measure campaign performance and show you more relevant ads. All personal identifiers are SHA-256 hashed before sending; the raw values never leave our server.

• Meta (Facebook / Instagram) — Conversions API. Events: PageView, ViewContent, AddToCart, Purchase, etc.
• Google — GA4 Measurement Protocol. Same event set.
• TikTok — Events API. Same event set except RemoveFromCart.

We do not sell your data to data brokers or any third party outside the ad platforms above.

How to opt out

• Use the cookie banner on your first visit to reject optional cookies.
• Open Account → Privacy to change your choices at any time. Changes take effect immediately.
• You can still turn off Marketing and keep Analytics on (or vice versa) — the two are separate toggles.
• Transactional events (like a completed Purchase) always send to our platforms so your orders and invoices work.

Data retention

• Orders + invoices: kept for the legal record-keeping period.
• Marketing event IPs + user-agents: nulled from our database after 30 days.
• Guest consent cookies: expire after 12 months.
• Failed dispatch rows: deleted after 90 days once they reach a terminal state.

Data deletion requests

Email privacy@opnar.com to request a copy of your data or have your account deleted. We respond within 30 days.