Privacy Policy

Last updated: March 4, 2026

RefundSentry ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application and related services (collectively, the "Service").

1. Information We Collect

1.1 Store Information

When you install RefundSentry, we collect:

  • Your Shopify store domain (e.g., yourstore.myshopify.com)
  • Store owner email address (for account and billing notifications only)
  • OAuth access tokens (encrypted at rest) to access your store data

1.2 Order and Return Data

To provide fraud detection services, we access and process:

  • Shopify resource IDs (order IDs, customer IDs, product IDs, return IDs)
  • Return metadata (reason codes, refund amounts, timestamps, status)
  • Order metadata (order totals, discount usage, fulfillment status)
  • Product variant information (for return pattern analysis)
  • Country/region codes (for policy matching, not full addresses)

1.3 Aggregate Statistics

We calculate and store aggregate statistics including:

  • Customer return counts and refund totals
  • Product return rates
  • Risk scores and confidence levels

2. Information We DO NOT Collect or Store

RefundSentry is designed as a Level 1 data security platform. We explicitly do not collect, store, or process:

  • Customer names
  • Customer email addresses
  • Customer phone numbers
  • Customer mailing addresses (beyond country/region codes)
  • Payment card information
  • Any other personally identifiable information (PII)

3. How We Use Your Information

We use the collected information to:

  • Calculate real-time fraud risk scores for returns
  • Identify return abuse patterns and serial returners
  • Detect coordinated fraud rings
  • Power automated workflow actions (tagging, approvals)
  • Generate analytics and insights for your dashboard
  • Improve our fraud detection algorithms
  • Provide customer support

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your store data or customer information to third parties for marketing or any other purposes.

4.2 No Cross-Merchant Data Sharing

Your store's data is isolated and never shared with other merchants. Each merchant's fraud scoring is based solely on their own store's data.

4.3 Service Providers

We may share data with trusted service providers who assist us in operating our Service:

  • Cloud hosting providers (for data storage and processing)
  • Analytics services (aggregated, anonymized data only)

4.4 Legal Requirements

We may disclose information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Security

We implement industry-standard security measures including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Encrypted storage of OAuth access tokens
  • Regular security audits and vulnerability assessments
  • Access controls and authentication requirements
  • Secure cloud infrastructure with SOC 2 compliance

6. Data Retention

6.1 Active Subscriptions

We retain your store's return data and aggregate statistics for the duration of your active subscription to provide historical analysis and trend detection.

6.2 After Uninstallation

When you uninstall RefundSentry, we initiate data deletion within 48 hours. All store data, customer IDs, and associated metadata are permanently deleted within 30 days.

6.3 GDPR Data Requests

We support Shopify's mandatory GDPR webhooks. When we receive a customer data request or redaction request from Shopify, we process it within 30 days.

7. Your Rights

7.1 Access and Portability

You can access your store's data through the RefundSentry dashboard at any time. Contact us if you need a data export.

7.2 Deletion

You can request deletion of your data at any time by uninstalling the app or contacting us directly.

7.3 GDPR Rights (EU Users)

If you are in the European Union, you have additional rights including:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

7.4 CCPA Rights (California Users)

If you are a California resident, you have the right to:

  • Know what personal information is collected
  • Know whether your personal information is sold or disclosed
  • Say no to the sale of personal information (we do not sell data)
  • Request deletion of personal information
  • Non-discrimination for exercising your rights

8. Children's Privacy

RefundSentry is a business-to-business service intended for Shopify merchants. We do not knowingly collect information from children under 13 years of age.

9. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where required.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide notice via email or in-app notification.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

12. Shopify App Store

RefundSentry is distributed through the Shopify App Store. By using our Service, you also agree to Shopify's Privacy Policy and Terms of Service.