ReturnGuard AI

Last updated · May 13, 2026

Privacy Policy

ReturnGuard AI is a Shopify app that helps merchants score, review, and decide on customer return requests. This policy explains what data we receive from Shopify on a merchant's behalf, how we use it, and how we delete it.

1. Who this policy applies to

This policy applies to Shopify merchants (the "Merchant") who install ReturnGuard AI on their store, and to the end customers of those Merchants whose order and return information is processed by ReturnGuard AI as part of operating the merchant's returns workflow.

2. What we collect from Shopify

When a Merchant installs ReturnGuard AI, they grant the following Shopify access scopes: read_orders, read_returns, read_products, and read_customers. Through Shopify's Admin GraphQL API we receive:

  • Orders (id, name, status, totals, currency, created_at).
  • Return requests and their state changes.
  • Product titles and identifiers referenced by orders/returns.
  • Customer aggregate information (display name, order count, account age, optional email) — only as needed to compute return risk.
  • Shop identifier (e.g. store.myshopify.com).

We do not ask for, collect, or store payment card data, social security or government-issued IDs, biometrics, or passwords.

3. What we collect from merchants directly

  • Decisions you make in the app (approve / review / hold), tied to orders and returns.
  • Playbook rules, risk thresholds, and other configuration you set up inside the app.
  • Subscription status and billing identifiers returned by Shopify Billing API.
  • Webhook payloads sent by Shopify (orders, refunds, returns, GDPR compliance events) for audit purposes.

4. How we use this data

  • To compute a risk score and recommended action for each return.
  • To present a returns queue, audit log, and dashboards.
  • To execute the automation rules ("playbooks") you configure.
  • To enforce subscription plan limits returned by Shopify Billing.
  • To respond to support requests you initiate. We never sell or rent merchant or customer data, and we don't use it to train any third-party AI model.

5. Data storage and security

Data is stored in a managed PostgreSQL database hosted in the European Union and accessed over TLS. Access to production data is limited to the maintainers of ReturnGuard AI. Webhook payloads are stored truncated (max ~16 KB per event) and only for audit/debug purposes.

6. Data retention and deletion

ReturnGuard AI honors Shopify's mandatory GDPR webhooks:

  • shop/redact — when a Merchant uninstalls the app, we delete all return decisions, playbooks, risk settings, webhook logs, and onboarding state associated with that shop within 48 hours, as required by Shopify.
  • customers/redact — we delete return decisions and decision events scoped to the customer's orders listed in the payload.
  • customers/data_request — we forward the request to the merchant so they can fulfill the customer's data export. We do not store customer profile rows independently of orders.

Merchants can additionally request manual deletion of their data at any time by emailing supportreturnguard.ai@gmail.com.

7. Sub-processors

We rely on the following sub-processors to operate the service:

  • Shopify Inc. — auth, billing, and source of merchant data.
  • Render (Render Services Inc.) — application hosting.
  • Supabase (Supabase Inc.) — managed PostgreSQL database.

8. Children

ReturnGuard AI is a B2B tool for Shopify merchants and is not directed to children under 16.

9. Changes

We may update this policy. Material changes will be highlighted on this page and on the merchant's dashboard inside the app.

10. Contact

Questions or requests can be sent to supportreturnguard.ai@gmail.com.