Your Shopify and courier files are processed and immediately discarded. We never store order data, AWB numbers, or financial figures.
All data transmitted between your browser and our servers is encrypted using TLS. Nobody can intercept your files in transit.
We collect your email address, subscription status, and a per-run audit summary (flag counts, total orders, shortfall totals). Raw file contents — order data, AWB numbers, customer details — are never stored.
PayTrace is a COD remittance reconciliation service built for D2C brands operating in India. We exist to solve one specific and costly problem: the consistent, often invisible loss of revenue that occurs when courier partners short-pay, delay, or fail to remit COD collections to the businesses they serve. Our product allows brands to upload their Shopify order exports and courier remittance reports, automatically identifies every discrepancy between those two files, and produces a clear, exportable audit showing the exact amounts in dispute — broken down by shortfall type, AWB reference, and courier.
PayTrace operates at paytrace.in and processes reconciliation requests at api.paytrace.in. When this policy refers to "PayTrace", "we", "us", or "our", it refers to the PayTrace service and its operators. This privacy policy governs all data you provide to us or that we collect in the course of your use of the service — during sign-up, during a free trial, during an active subscription, and at any point of contact with our product or support.
We take privacy seriously — not as a legal formality, but because the files you upload to PayTrace contain sensitive financial and operational data about your business. The product is built around a core principle: your business data belongs to you and only to you. We do not benefit from retaining your files, we have no reason to store them, and our system is designed from the ground up to ensure that we never do. If you have any questions or concerns about this policy or how we handle your data, you can reach us directly at [email protected]. We will respond within 48 hours.
When you use PayTrace, you upload two CSV files: a Shopify order export and a courier remittance report. These files typically contain a significant volume of business-sensitive information. A Shopify export will include order IDs, customer names, delivery addresses, contact numbers, product details, COD amounts, payment terms, fulfillment status, and tracking numbers. A courier remittance report will include AWB numbers, delivery dates, remittance amounts, UTR references, bank details, and shipment status codes. Together, these two files represent a detailed record of your brand's financial transactions with its logistics partner — information that is central to your business operations and not something to be handled carelessly.
It is important to be precise about what "processing" means in this context. PayTrace does not read your files the way a person reads a document, and no human at PayTrace sees the contents of your files. The files are transmitted from your browser to our reconciliation engine — a piece of software running on Cloudflare's edge infrastructure — which parses the CSV structure, identifies the relevant columns for reconciliation, matches AWB numbers across both files, calculates any shortfall or anomaly figures, and returns a structured result set to your browser. This entire process is automated, takes place in memory, and produces no persistent record of the input data.
Separately from the file data processed during reconciliation, we collect a small amount of account data when you create a PayTrace account — specifically your email address and, if you sign in via Google, your display name. This account data is stored in our database and is used solely to manage your access to the service. The distinction between file data that is processed and immediately discarded, and account data that is stored for the life of your account, is fundamental to how PayTrace is designed and is described in full detail in the sections that follow.
Understanding the exact technical flow of how your files move through our system is the most reliable way to evaluate the privacy commitments we make. The following is an accurate, step-by-step account of what happens from the moment you initiate an audit to the moment your results appear on screen.
When you select your files and click Run Audit, both files are read by your browser and transmitted over an encrypted HTTPS connection to our reconciliation API at api.paytrace.in. This connection uses TLS encryption, which means that the contents of your files are protected against interception or eavesdropping during transit. The files travel from your device directly to a Cloudflare Worker — a serverless compute environment that operates at the network edge, typically in a data centre geographically close to your location — without passing through any intermediate PayTrace-operated server.
The Cloudflare Worker receives your files and processes them entirely in memory. There is no step in this process where file contents are written to a database, a file system, a logging service, a cache, or any other form of persistent or semi-persistent storage. The Worker parses both CSV files, identifies the relevant columns using a header detection system that handles different courier and Shopify export formats, matches AWB numbers between the two files, compares collected COD amounts against remitted amounts, and classifies each order as reconciled, short-paid, overdue, or flagged as an RTO anomaly. The entire process runs within a single isolated Worker instance that is created specifically for your request and exists only for the duration of that request.
Once processing is complete, the Worker returns only the reconciliation output to your browser — a structured result set containing AWB references, flag types, shortfall amounts, and order identifiers. The raw contents of your files are not included in this output and are not transmitted back at any point. When the Worker instance terminates at the conclusion of your request, all raw file data held in its memory is cleared by the platform. There is no residual copy of your file contents anywhere in PayTrace's infrastructure after this point.
A compact audit summary is stored to your account record at the conclusion of each run. This record contains the total number of orders processed, the count of each flag type, the aggregate shortfall amount, the courier name, and the brand label you provided. It does not contain individual AWB numbers, order IDs, customer details, or any row-level data from your files. This summary is what populates your Audit History and run count within the dashboard.
When you choose to export your audit as an Excel report, or to generate a formal dispute letter, this process happens entirely within your browser. The export is built from the reconciliation results already displayed on your screen and does not involve any additional data being sent to PayTrace's servers. The resulting file is constructed on your device and downloaded directly to your machine. No additional network requests to PayTrace are made during the export process.
Because PayTrace's reconciliation engine runs on Cloudflare Workers, your files pass through Cloudflare's infrastructure during processing. Cloudflare is one of the world's leading network infrastructure providers and operates its Workers platform as a serverless compute environment where request data is processed in memory and not stored beyond the life of the request. Cloudflare's own privacy policy governs how they handle infrastructure-level metadata such as request logs, and is available at cloudflare.com/privacypolicy. PayTrace does not share any additional information with Cloudflare beyond what is inherent in routing a network request through their platform, and Cloudflare does not have access to your account data or any data about your PayTrace subscription.
The account data we collect — limited to your email address, subscription status, and where applicable your display name and sign-in provider — is used exclusively to operate and maintain your access to the PayTrace service. We do not use your data for any purpose beyond what is described in this section, and we do not share it with any party for purposes beyond the direct operation of the service.
Your email address is the primary identifier for your PayTrace account. It is used to authenticate you when you sign in, to retrieve your account record from our database on each visit, and to verify whether you are within an active trial period or hold a current subscription. This check happens automatically every time you load the PayTrace application and is what determines whether you have access to the reconciliation feature or whether your account is in a trial or expired state. Without this data, we cannot provide the service.
When you choose to subscribe to PayTrace, your email address is passed to Razorpay — our payment processing partner — to pre-fill the payment form and associate your transaction with your account. Upon successful payment, Razorpay returns a payment reference ID to our system, which we store alongside your account record as confirmation that your subscription is active. We never receive, handle, or store your card number, CVV, UPI ID, bank account details, or any other payment credentials. All sensitive payment data is handled exclusively by Razorpay, who are certified to the highest industry standards for payment security. Razorpay's privacy policy is available at razorpay.com/privacy.
If you choose to sign in using your Google account, Google's authentication service provides your name and email address to PayTrace as part of the sign-in process. We use your email to create and manage your account in exactly the same way as accounts registered directly with an email address, and your display name to personalise the dashboard interface. We do not request access to any other part of your Google account — no Drive, no Gmail, no Calendar, no Contacts. The data Google shares with PayTrace is limited strictly to the basic profile information required to complete authentication, and we do not use that information for any purpose other than creating and maintaining your account.
We may use your email address to contact you about your account — for example, to confirm a payment, to respond to a support request you have submitted, or to inform you of a change to the service that materially affects your ability to use it. We do not send marketing emails, promotional newsletters, product updates, or any unsolicited communications. If we ever introduce optional communications in the future, participation will be entirely opt-in and easy to withdraw at any time.
We have implemented a layered set of technical measures to protect both the file data you upload during reconciliation and the account data we store. The following describes each of these measures and the rationale behind them.
All communication between your browser and PayTrace — including file uploads to the reconciliation API, authentication requests, and the return of reconciliation results — is transmitted over HTTPS using TLS encryption. This applies to the main application at paytrace.in and to the reconciliation API at api.paytrace.in. TLS encryption ensures that your data cannot be intercepted, read, or tampered with by any party positioned between your device and our servers. This is the same encryption standard used by banking, financial services, and healthcare applications worldwide.
The most significant security measure PayTrace employs is architectural rather than procedural. Because raw file data is never written to any persistent storage medium — no database, no file system, no cache, no log — there is no stored file data to breach. A security incident affecting PayTrace's infrastructure cannot expose your order data, customer records, individual AWB numbers, or per-row financial figures, because those things do not exist in our systems after the moment your reconciliation completes.
What is stored is a compact audit summary per run — aggregate figures only (total orders, flag counts, total shortfall) alongside your brand label and courier name. This summary contains no individual order references or customer data. We consider the architectural exclusion of raw file data from persistent storage the most meaningful privacy guarantee we can offer for your business information.
Account data is stored in Supabase, a database platform that supports fine-grained access control policies. We have enabled Row Level Security (RLS) on all account tables, which means that access policies are enforced at the database engine level itself, not just at the application layer. Even in the unlikely event that an application-level vulnerability were exploited, the database would enforce that each user's record is only accessible to an authenticated session belonging to that user. No PayTrace user can access another user's account data, and no unauthenticated request can read any account records.
File processing runs on Cloudflare's Workers platform, which executes each reconciliation request in a fully sandboxed, isolated environment. Each Worker instance is created fresh for each incoming request and has no access to data from any previous request, no shared memory with other concurrent requests, and no persistent state of any kind between invocations. This means that your file data cannot leak into another user's session, cannot persist between your own separate audit sessions, and is contained entirely within the lifecycle of a single request.
If you discover a security vulnerability in PayTrace — whether in the application, the reconciliation API, the database layer, or any other component of our infrastructure — we ask that you report it to us responsibly at [email protected] before making it public. We take all security reports seriously, regardless of the severity or complexity of the issue reported. We will acknowledge your report within 48 hours, investigate it thoroughly, and work to resolve any confirmed vulnerabilities promptly. We are genuinely grateful to anyone who invests the time to identify and report security issues, and we will handle all such reports with the seriousness and discretion they deserve.
PayTrace handles two distinct categories of data with two very different retention approaches. Understanding the difference between these categories is important, and we want to be unambiguous about each.
The contents of the files you upload — your Shopify order export and your courier remittance report — are retained for precisely zero seconds beyond what is required to complete the reconciliation process. As described in detail in Section 3, file data is processed in memory within a Cloudflare Worker instance and is discarded the moment that instance terminates at the conclusion of your request. There is no copy of your file data in any database, backup, transaction log, audit trail, or archive. This is not a data retention period — it is the complete and intentional absence of retention, built into the architecture of the system.
The full reconciliation results shown on your screen after an audit — the complete list of flags, individual shortfall amounts, AWB references, and order-level detail — are stored temporarily in your browser's session memory. This data exists only in your browser and is cleared automatically when you close the tab or browser window. It does not persist between sessions, and exporting a report generates the file entirely within your browser without any server-side operation.
After each completed run, PayTrace stores a compact audit summary to your account record. This summary contains: the date and time of the run, the total number of orders processed, the count of each flag type, the aggregate shortfall amount, the courier name, and the brand label you supplied. It does not contain individual AWB references, order IDs, customer names, delivery addresses, or any row-level data from your uploaded files. This summary is what populates the Audit History panel in your dashboard and is used to track your monthly run count. It is retained for the lifetime of your account and deleted when you request account deletion.
Account data — comprising your email address, subscription status, and sign-in provider — is retained for as long as your account remains active with PayTrace. This data is the minimum necessary to provide the service: without an email address and subscription status, we cannot authenticate you or enforce access controls. We do not create secondary copies of account data for analytical or commercial purposes, and we do not aggregate account data across users for any purpose.
You have the right to request permanent deletion of your account and all associated data at any time, regardless of whether you are within a trial, an active subscription, or an expired subscription. To request deletion, send an email to [email protected] with the subject line "Account Deletion Request" from the email address associated with your PayTrace account. We will permanently remove all account data from our database within 30 days of receiving your request and will confirm completion to you by email. Please note that once your account is deleted, the associated access history cannot be restored and a new registration would be treated as a first-time sign-up.
PayTrace uses the absolute minimum browser storage necessary to operate the service. We do not use advertising cookies, third-party tracking pixels, behavioural analytics platforms, heatmap tools, session recording software, or any other technology designed to monitor, profile, or target users based on their activity within or outside of the product. This is a deliberate product decision, not a regulatory concession.
When you sign in to PayTrace, your authentication state — your email address, display name, and sign-in provider — is saved to your browser's localStorage. This allows the application to recognise you as signed in across page refreshes and return visits without requiring you to authenticate again each time. This data is stored locally on your own device and is not accessible to any other website or service. It is transmitted to PayTrace's servers only during the initial sign-in flow and when your subscription status is checked against our database. You can clear this data at any time by signing out of PayTrace, which removes it from localStorage, or by clearing your browser's local storage manually.
Reconciliation results are held in your browser's session memory for the duration of your active session. This is what makes it possible for you to view your audit results, switch between the summary view and the detailed breakdown, and generate an export without having to re-upload your files. This data lives only in your browser, is not transmitted to PayTrace servers after the initial reconciliation response is received, and is cleared automatically when you close the tab or browser window. Nothing from a previous session carries over into a new one.
PayTrace does not use Google Analytics, Meta Pixel, Mixpanel, Amplitude, Hotjar, FullStory, Clarity, or any equivalent analytics or behavioural tracking platform. We do not record which pages you visit, how long you spend on any part of the site, what actions you take within the product, or any usage behaviour of any kind. We do not use browser fingerprinting, device identification, cross-site tracking, or any technology designed to identify or track you across the web. There are no advertising cookies set by PayTrace or by any advertising network operating through the PayTrace platform. The only storage PayTrace writes to in your browser is the authentication state in localStorage and the session results in session memory — both described above and both entirely within your control.
If you have any questions about this privacy policy, how we handle your data, or wish to raise any concern about our data practices, please contact us at [email protect