Privacy Policy

When you use e-dokan, we collect the following types of information to provide and improve our services:

Account Information

When you register for an account, we collect your name, email address, phone number, business name, and store URL slug. This information is necessary to create and manage your store on our platform.

Usage Data

We automatically collect information about how you interact with our platform, including pages visited, features used, time spent on the platform, browser type, device information, and IP address. This helps us understand how our service is used and improve the user experience.

Payment Information

If you subscribe to a paid plan, we collect billing-related information such as your payment method details and transaction history. Payment processing is handled by third-party payment gateways, and we do not store your full credit card or mobile banking credentials on our servers.

We use the information we collect to:

• Create and maintain your e-commerce store and user account
• Process transactions and manage your subscription billing
• Provide customer support and respond to your inquiries
• Send important service notifications, including account verification, subscription renewals, and security alerts
• Analyze usage patterns to improve our platform features and performance
• Prevent fraud, abuse, and unauthorized access to our services
• Comply with legal obligations and enforce our Terms of Service

Your data is stored in secure MongoDB databases with strict access controls and multi-tenant isolation. Each store's data is logically separated using tenant-specific identifiers, ensuring no cross-tenant data leakage.

Sensitive credentials, such as courier API keys and third-party integration tokens, are encrypted using AES-256-GCM encryption before storage. We employ industry-standard security practices including encrypted connections (HTTPS/TLS), regular security audits, and secure authentication via NextAuth with JWT tokens.

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We continuously monitor and update our security practices to protect your data.

We integrate with select third-party services to provide full e-commerce functionality. These include:

• Payment Gateways (e.g., bKash, Nagad, SSLCommerz) for processing customer payments securely
• Courier APIs (e.g., Steadfast, Pathao, RedX, Paperfly) for order delivery and shipment tracking
• Cloud Storage (Backblaze B2) for storing product images and media assets
• Hosting & Infrastructure (Vercel) for application deployment and domain management

Each third-party service has its own privacy policy governing their use of your data. We only share the minimum information necessary for these services to function. We encourage you to review the privacy policies of these third-party providers.

We use cookies and similar technologies to:

• Maintain your authentication session across subdomains so you stay logged in
• Remember your preferences and store settings for a better experience
• Analyze platform usage and performance through analytics tools

Essential cookies (such as authentication cookies) are required for the platform to function properly. Our authentication cookies are configured as cross-subdomain cookies to enable seamless access across your store and admin panel. You can control non-essential cookies through your browser settings.

You have the following rights regarding your personal data on our platform:

• Access: You can request a copy of all personal data we hold about you and your store at any time
• Correction: You can update or correct your account information directly from your admin dashboard
• Deletion: You can request the permanent deletion of your account and all associated store data
• Export: You can request an export of your store data, including products, orders, and customer information, in a portable format
• Restriction: You can request that we limit the processing of your personal data under certain circumstances

To exercise any of these rights, please contact us at support@e-dokan.app. We will respond to your request within 30 days.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: