Privacy Policy

1. Who we are

ReturnHQ ("we", "us") is a Shopify app that helps merchants manage customer return and exchange requests. This policy explains what data we collect when a merchant installs ReturnHQ on their Shopify store, and what happens to that data.

2. Data we collect from the merchant

When you install ReturnHQ, we store the following about your shop:

• Shop domain (e.g. your-store.myshopify.com) and shop name
• Store admin email address (for app-level notifications)
• An offline access token issued by Shopify, used to call the Shopify API on your behalf
• Your app configuration: portal branding, return reasons, return policies, refund settings, integration credentials, warehouse addresses

3. Customer data we access

To process a return, we read information about your customers and their orders from Shopify. We access only what's needed to fulfil the return, and only for orders the customer themselves has selected.

• Name — displayed alongside the return request in your dashboard so you can identify the order.
• Email — used to send return status notifications, gift card codes, and refund confirmations to the customer.
• Phone — used to send WhatsApp/SMS notifications (via your chosen integration) and to create UPI/bank payout links for COD refunds.
• Shipping address — passed to your courier (Delhivery, Shiprocket, etc.) to schedule reverse pickup.
• Order details — line items, prices, fulfilment status, and refund history. Used to verify return eligibility, calculate refund amounts, and create the refund or gift card on Shopify.

4. What we don't do with the data

• We don't sell, rent, or share customer data with anyone other than the third-party services you explicitly configure (e.g. Razorpay for payouts, Delhivery for pickups).
• We don't use customer data for advertising or marketing.
• We don't train any machine learning models on your customer data.

5. How we protect the data

• All data is transmitted over TLS (HTTPS).
• Shopify access tokens and integration API secrets are encrypted at rest.
• We follow the principle of least privilege — only the Shopify scopes our app actually needs are requested.
• Webhook payloads are HMAC-verified before being processed.

6. How long we keep the data

• While the app is installed — for as long as the merchant continues using the app.
• After uninstall — Shopify sends us a shop/redact webhook 48 hours after uninstall, at which point we hard-delete all data associated with that shop (returns, items, settings, integration credentials).
• Customer redaction requests — when Shopify forwards a customers/redact webhook, we anonymize the customer's name, email, and phone on any return records within 30 days. The return record itself is kept (anonymized) for the merchant's operational and accounting history.
• Customer data requests — when Shopify forwards a customers/data_request webhook, we compile the customer's return history within 30 days and provide it to the merchant for forwarding to the customer.

7. Sub-processors

We rely on the following sub-processors to operate ReturnHQ:

• Vercel — application hosting
• Neon — managed Postgres database
• Shopify — source of all Shopify-side data
• Razorpay, Easebuzz — payment / payout services (only when the merchant configures them)
• Delhivery, Shiprocket — reverse pickup logistics (only when the merchant configures them)

8. Your rights

If you're a customer of a store that uses ReturnHQ, please contact the store directly to request access, correction, or deletion of your data. The store can forward GDPR/DPDP requests to Shopify, which automatically notifies us. If you can't reach the store, you can email us directly at support@returnhq.app.

9. Changes to this policy

We'll update this page if our practices change. The "Last updated" date at the top reflects the most recent revision. For significant changes, merchants will receive an email notification.

10. Contact

Questions about this policy or our data practices? Email us at support@returnhq.app.