Privacy Policy

Last updated: January 1, 2025

1. Information We Collect

When you install RefundSaviour on your Shopify store, we collect:

  • Store information: Your Shopify shop domain, shop name, store owner email, and shop currency/timezone settings.
  • Order data: Order IDs, item names, prices, and customer email addresses — only for orders where a refund interception is triggered.
  • Usage data: Number of interceptions, offers made, and outcomes (accepted/declined) for analytics purposes.
  • Account data: Email address and name if you create an admin account on our platform.

2. How We Use Your Information

We use collected information to:

  • Provide the refund interception and AI negotiation service
  • Display analytics and reporting in your dashboard
  • Process subscription billing via Paddle
  • Send transactional emails (billing receipts, alerts)
  • Improve our AI models and service quality

We do not sell your data or your customers' data to any third party.

3. Customer Data

We process your customers' email addresses and order information solely to deliver the RefundSaviour service to your store. This data is used to:

  • Identify which order a refund request relates to
  • Generate personalised AI responses
  • Record interception outcomes in your merchant dashboard

Customer email addresses are stored securely and never used for marketing purposes. You, as the merchant, remain the data controller for your customers' personal data under GDPR and applicable privacy laws.

4. Data Sharing

We share data only with the following service providers, strictly to operate the platform:

  • Supabase — database hosting (EU/US region, SOC 2 compliant)
  • OpenAI — AI response generation (data processed under OpenAI's API terms; not used for model training)
  • Paddle — subscription billing and payment processing
  • Shopify — app platform and OAuth authentication

5. Data Retention

We retain your store data for as long as your account is active. If you uninstall the app, we delete your store data within 30 days, except where we are required to retain records for legal or tax compliance purposes.

Interception records are retained for 12 months to support analytics and then automatically deleted.

6. Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Row-level security on all database tables
  • API keys and secrets stored as encrypted environment variables, never in code
  • Regular security audits

7. Your Rights

Under GDPR and similar regulations, you have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Export your data in a portable format
  • Object to or restrict processing

To exercise any of these rights, email us at privacy@refundsaviour.com.

8. Cookies

Our web application uses session cookies for authentication only. We do not use tracking cookies or advertising cookies. The Shopify theme widget runs in your storefront and does not set any cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active merchants via email and display a notice in the dashboard at least 7 days before material changes take effect.

10. Contact

For privacy-related questions, contact us at privacy@refundsaviour.com.