Privacy Policy
Last Updated: December 2024
Overview
This Privacy Policy explains how the Returns App ("App", "we", "us", or "our") collects, uses, and protects
personal data when merchants install and use our application through the Shopify platform.
Data Controller
The merchant who installs and uses this App is the data controller for their customers' personal data. We act
as a data processor on behalf of merchants.
Data We Collect
Customer Data
When customers use the return portal, we collect and process the following personal data:
| Data Type |
Purpose |
Retention |
| Email Address |
Order verification and return request identification |
Until return is completed or merchant uninstalls app |
| Phone Number |
Order verification (alternative to email) |
Until return is completed or merchant uninstalls app |
Order Data
We access order information through Shopify's Admin API to:
- Verify order ownership
- Display order details in the return portal
- Process return requests
This data is accessed in real-time from Shopify and is not stored permanently in our systems.
Merchant Data
We store merchant configuration settings including:
- Return policy preferences
- Refund settings
- Support contact information
How We Use Data
We use customer data strictly for the following purposes:
- Order Verification - Confirming that return requests match valid orders
- Return Processing - Managing and tracking return requests
- Communication - Enabling merchants to contact customers about their returns
Data Sharing
We do NOT:
- Sell customer data to third parties
- Share customer data with advertisers
- Use customer data for marketing purposes
- Transfer data outside of what is necessary for app functionality
Customer data may be shared with:
- Shopify - As required for API functionality
- Hosting Provider - For application hosting (data encrypted in transit and at rest)
Data Security
We implement the following security measures:
- Encryption in Transit - All data transmitted via HTTPS/TLS
- Encryption at Rest - Database encryption in production environments
- Access Controls - Limited access to production systems
- Audit Logging - Access to customer data is logged for compliance
Data Retention
- Active Merchants - Data is retained while the merchant has the app installed
- App Uninstallation - All customer data is deleted when a merchant uninstalls the app
- Return Requests - Completed return requests may be retained for up to 7 years for
legal/accounting purposes, unless the merchant requests earlier deletion
See our Data Retention Policy for complete details.
Customer Rights
Customers can exercise their data protection rights by contacting the merchant directly. Merchants can:
- Access - View all return request data in the app dashboard
- Delete - Request data deletion by uninstalling the app
- Export - Contact us for data export requests
For GDPR (EU Customers)
EU customers have the right to:
- Access their personal data
- Rectify inaccurate data
- Request erasure ("right to be forgotten")
- Restrict processing
- Data portability
- Object to processing
To exercise these rights, contact the merchant who operates the store.
For CCPA (California Customers)
California residents have the right to:
- Know what personal data is collected
- Know whether personal data is sold or disclosed
- Opt-out of the sale of personal data (we do not sell data)
- Request deletion of personal data
- Non-discrimination for exercising privacy rights
Consent
By using the return portal, customers consent to the collection and processing of their email address and/or
phone number for the purpose of processing their return request.
Customers can withdraw consent by not submitting a return request. For existing return requests, customers
should contact the merchant directly.
Cookies and Tracking
The return portal does NOT use:
- Tracking cookies
- Analytics trackers
- Advertising pixels
Session data may be used temporarily to maintain the return request flow.
Changes to This Policy
We may update this Privacy Policy from time to time. Merchants will be notified of material changes through
the Shopify app dashboard.
Contact
For privacy-related inquiries:
- Merchants: Contact us through the Shopify Partner Dashboard
- Customers: Contact the merchant who operates the store where you made your purchase