Privacy Policy. This page is ready
Effective: 2025-12-12
This Privacy Policy explains how Returninja collects, uses, and safeguards information when you install and use our Shopify app. We adhere to Shopify’s privacy and data protection requirements and minimize personal data by design.
Merchant data (shop‑level data): shop domain, app access token, plan and trial status, A/B configuration, app settings, metaobject configuration (nudge copy), and design defaults. This is configuration data about your store, not your customers.
Orders (from read_orders): order ID (GID), created date, currency and total, line item details (product/variant IDs, SKU, product type, tags, variant options such as size and color, quantities) and the Shopify customer ID reference if present. We do not store customer names, emails, phone numbers, addresses, or payment details.
Return records: refund/return ID, associated order ID, status, created date, and optional return value. We use this to measure historical return rates and the impact of interventions.
Risk and analytics events: exposure and intervention logs with A/B bucket, band, risk signals, and interaction flags. We may also store the Shopify customer ID, anonymous session ID, and order ID references to measure outcomes over time. No customer names, email addresses, phone numbers, or postal addresses are stored in these events.
Shopify Admin API scopes: read_orders, read_products, read_customers, read_metaobjects, write_metaobjects, write_metaobject_definitions.
Although the app is authorized for read_customers, we currently use only the Shopify customer identifier (ID) where needed to link orders, returns, and analytics. We do not copy customer contact details (name, email, phone, addresses) into our own database.
Storefront telemetry (nudge exposures and user actions) is collected by our theme extension and sent over HTTPS to our backend using signed, server‑to‑server calls from the embedded app to our Core API. CORS and HMAC‑style signatures are used to prevent unauthorized logging.
Compute order-level return risk scores and bands.
Show targeted, minimal hints to reduce preventable returns.
Measure effectiveness through A/B testing and aggregate analytics.
Improve the app’s accuracy and merchant experience.
Orders are retained up to 18 months for rolling analytics, then removed by our data retention job.
Return records may be retained up to 24 months to support long‑term return rate benchmarks.
Intervention, exposure, and user‑action events are retained up to 12 months.
Customer identifiers in older orders are anonymized (removed) after approximately 6 months.
Uninstall or shop/redact webhook triggers full merchant data deletion (orders, returns, analytics, and settings) for that shop.
customers/data_request: acknowledged.
customers/redact: we remove customer ID references from stored orders and events.
shop/redact and app/uninstalled: we purge all merchant-related data.
All public telemetry is relayed via Shopify App Proxy and signed to our Core API with HMAC.
Admin endpoints require app authentication; CORS is restricted.
We do not sell personal data. Limited data is shared with essential sub‑processors (e.g., hosting/database and monitoring) strictly to provide the service, under data processing agreements.
Depending on your location, you may have rights to access, correct, delete, or restrict processing. Merchants should use Shopify’s privacy tools to initiate requests, or contact us.
Questions about privacy? Email support@returninja.com or visit https://app.returninja.com.
Returninja is a product of EXPAND TECHNOLOGIES SRL.
Registration no.: RO28673660
EUID: ROONRC.J35/2921/2015
Registered address: 302700 Ghirosa, P. Craiului 7, Romania