Data Retention Policy

Last Updated: December 2024

Overview

This document outlines how long we retain different types of data and the processes for data deletion in the Returns App.

Data Categories and Retention Periods

1. Customer Data

Data Type	Retention Period	Deletion Trigger
Customer Email	Until return completed or app uninstalled	Automatic
Customer Phone	Until return completed or app uninstalled	Automatic
Return Request Details	7 years (for legal/accounting) or until app uninstalled	Automatic on uninstall

2. Merchant Data

Data Type	Retention Period	Deletion Trigger
Return Settings	Until app uninstalled	Automatic
Session Data	Until app uninstalled or session expires	Automatic

3. Audit Logs

Data Type	Retention Period	Deletion Trigger
Access Logs	2 years	Scheduled cleanup
Security Events	7 years	Scheduled cleanup

Automatic Deletion Events

App Uninstallation

When a merchant uninstalls the Returns App, the following data is automatically deleted:

1. Immediately Deleted:

• Session data
• Return settings
• All return requests for that shop
• All return items for that shop
• Order-specific return settings

2. Deleted Within 30 Days:

• Audit logs associated with the shop
• Any cached data

Return Request Completion

When a return request is marked as "completed":

• Customer contact information may be anonymized after 90 days
• Return request records are retained for accounting purposes

Scheduled Data Cleanup

The following cleanup jobs run periodically:

Daily Cleanup

• Remove expired session data
• Clear abandoned return request drafts (older than 24 hours)

Monthly Cleanup

• Anonymize customer data in completed returns older than 90 days
• Archive old return requests (older than 1 year)

Annual Cleanup

• Purge archived data older than 7 years
• Remove audit logs older than 2 years

Data Deletion Requests

Merchant Requests

Merchants can request immediate data deletion by:

1. Uninstalling the app (triggers automatic deletion)
2. Contacting support for selective deletion

Customer Requests

Customers should contact the merchant directly for data deletion. Merchants can:

1. Delete individual return requests from the dashboard
2. Contact us for bulk deletion requests

Legal Holds

Data subject to legal holds or investigations may be retained beyond normal retention periods as required by law.

Data Anonymization

Instead of deletion, some data may be anonymized for analytics:

• Customer email → hashed/removed
• Customer phone → removed
• Order details → aggregated statistics only

Anonymized data cannot be linked back to individuals.

Implementation Details

Technical Implementation

Deletion Process:
1. App uninstall webhook received
2. Delete all ReturnRequest records for shop
3. Delete all ReturnItem records (cascade)
4. Delete ReturnSettings for shop
5. Delete OrderReturnSettings for shop
6. Delete Session records for shop
7. Queue audit log cleanup
8. Confirm deletion in logs

Verification

After deletion:

• Query database to confirm no records exist for shop
• Generate deletion certificate if requested

Compliance

This retention policy is designed to comply with:

• GDPR - European General Data Protection Regulation
• CCPA - California Consumer Privacy Act
• Shopify Requirements - Shopify's app data handling guidelines

Updates to This Policy

Changes to retention periods will be:

1. Announced 30 days in advance
2. Applied to new data immediately
3. Applied to existing data according to the new schedule

Contact

For questions about data retention or deletion requests:

• Merchants: Contact through Shopify Partner Dashboard
• Data protection inquiries: [Contact email]

---

This policy governs the retention and deletion of all data processed by the Returns App.