Privacy Policy

2.1 Shopify API Data

We collect the following information through Shopify's APIs:

• Customer Information: Name, email address, phone number, order history, return history, and customer preferences
• Order Data: Order IDs, fulfillment status, order amounts, products purchased, shipping information, and payment details
• Product Information: Product IDs, titles, variants, descriptions, and inventory levels
• Return Requests: Return request details, status, reasons, and associated customer information
• Shop Information: Store details, settings, and configuration preferences
• Webhook Data: Real-time event data for orders, returns, products, and compliance requests

2.2 Merchant Data

We collect information from merchants who use our app:

• Account Information: Store connection details, access tokens, and authentication credentials
• Billing Information: Subscription details, payment information, and billing history
• App Settings: Configuration preferences, policy settings, and threshold configurations
• Support Information: Contact details, support requests, and communication history

2.3 Customer Data

We process customer data to provide our services:

• AI Ratings: Customer ratings calculated by our AI model based on order and return patterns
• Return History: Detailed return request history and associated patterns
• Order Fulfillment: Order fulfillment data and delivery information
• Customer Segmentation: AI-generated customer segmentation and behavioral analysis
• Transaction Records: Purchase history and transaction details

2.4 Technical Data

We automatically collect certain technical information:

• Usage Data: App usage patterns, feature utilization, and performance metrics
• Log Data: Server logs, error reports, and system performance data
• Device Information: Device type, operating system, and browser information
• IP Addresses: IP addresses for security and analytics purposes

3.1 Core Service Functions

• AI-Powered Customer Ratings: Calculate customer ratings using our AI model to assess return risk and customer behavior patterns
• Return Management: Process return requests and determine approval or rejection based on AI analysis
• Customer Segmentation: Generate customer segments and behavioral analysis for targeted marketing and risk assessment
• Dashboard Analytics: Provide insights, KPIs, and performance metrics to merchants
• Automated Workflows: Enable automated decision-making for returns and customer management

3.2 AI Model Training and Improvement

• Machine Learning: Use aggregated and anonymized data to improve AI model accuracy
• Pattern Recognition: Analyze return patterns to enhance predictive capabilities
• Algorithm Optimization: Continuously refine rating algorithms based on performance data

3.3 Administrative Purposes

• Service Delivery: Maintain and operate the Return Shield app
• Customer Support: Respond to inquiries and provide technical assistance
• Billing and Payments: Process subscription fees and manage accounts
• Legal Compliance: Meet regulatory requirements and respond to compliance requests
• Security Monitoring: Detect and prevent fraud, security breaches, and unauthorized access

4.1 Third-Party Service Providers

We share data with specific third-party services necessary for our operations:

• AI Rating Service: Customer order history is sent to our external AI service (rate-xdhd.onrender.com) for rating calculations
• Cloud Infrastructure: Data is stored on secure cloud hosting providers with appropriate safeguards
• Payment Processors: Billing information is processed through secure payment gateways
• Analytics Providers: Anonymized usage data may be shared for performance monitoring

4.2 Shopify Platform Integration

We exchange data with Shopify through their APIs and webhook system:

• Webhook Processing: Receive real-time data updates for orders, returns, products, and compliance events
• API Calls: Retrieve and update store data as needed for app functionality
• HMAC Validation: All webhook communications are secured with HMAC validation

4.3 Legal Disclosures

We may disclose your information when required by law or to protect our rights:

• To comply with legal obligations, court orders, or government requests
• To protect our rights, property, or safety, or that of others
• In connection with business transfers or acquisitions
• To prevent fraud or unauthorized activities

4.4 Data Processing Agreements

All third-party service providers are bound by data processing agreements that ensure they maintain appropriate security measures and only process data for specified purposes in accordance with our instructions.

5.1 Retention Periods

• Customer Data: Retained for the duration of the merchant's active subscription to Return Shield
• Historical Analytics: Aggregated and anonymized data may be retained for up to 3 years for service improvement
• Support Records: Customer support communications retained for 2 years
• Billing Information: Retained for 7 years as required by tax and accounting regulations
• Log Data: Technical logs retained for 90 days for security and troubleshooting purposes

5.2 Automatic Data Deletion

We automatically delete data in the following circumstances:

• App Uninstall: All customer and merchant data is deleted within 30 days of app uninstallation
• Account Closure: Data deletion upon merchant account closure or subscription termination
• Compliance Requests: Immediate deletion upon valid data deletion requests
• Retention Expiry: Automatic deletion when retention periods expire

5.3 Data Portability

Upon request, we can provide your data in a structured, commonly used, and machine-readable format to facilitate data portability to other services.

6.1 Data Subject Rights

You have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data we process
• Right of Rectification: Request correction of inaccurate or incomplete data
• Right of Erasure: Request deletion of your personal data
• Right of Portability: Receive your data in a portable format
• Right to Restrict Processing: Request limitation of data processing in certain circumstances
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing where applicable

6.2 How to Exercise Your Rights

To exercise your rights, please contact us through:

• Email: founder@wiranium.com
• Support Portal: Through your Return Shield dashboard
• Webhook Processing: We automatically process GDPR/CPRA compliance requests received via Shopify webhooks

6.3 Response Timeframes

We will respond to your requests within 30 days of receipt. For complex requests, we may extend this period by an additional 60 days with proper notification.

7.1 Technical Safeguards

• Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256
• Database Security: PostgreSQL database with encrypted storage and access controls
• HMAC Validation: All webhook communications secured with HMAC signature verification
• Access Controls: Role-based access controls and multi-factor authentication
• Network Security: Firewalls, intrusion detection, and regular security monitoring

7.2 Operational Security

• Regular Audits: Quarterly security assessments and penetration testing
• Staff Training: Regular security awareness training for all team members
• Incident Response: 24/7 monitoring and rapid incident response procedures
• Backup Systems: Regular encrypted backups with tested restore procedures

7.3 Compliance Certifications

Our infrastructure providers maintain SOC 2 Type II, ISO 27001, and other relevant security certifications. We regularly review and audit our compliance with industry standards.

8.1 Transfer Mechanisms

When we transfer personal data internationally, we ensure appropriate safeguards:

• Adequacy Decisions: Transfers to countries with adequate data protection levels
• Standard Contractual Clauses: EU-approved standard contractual clauses for other transfers
• Certification Programs: Transfers under recognized certification frameworks
• Binding Corporate Rules: Internal data transfer agreements where applicable

8.2 Data Locations

Your data may be processed in the following locations:

• Primary Storage: Cloud infrastructure in the United States and Europe
• AI Processing: External AI service hosted in secure cloud environments
• Backup Locations: Encrypted backups in geographically distributed data centers

10.1 Processing Purposes and Legal Bases

10.2 Legitimate Interest Assessments

Where we rely on legitimate interests, we have conducted balancing tests to ensure our interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests.

11.1 Your California Privacy Rights

If you are a California resident, you have additional rights under the CPRA:

• Right to Know: Request information about personal information collected, used, disclosed, or sold
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of the sale or sharing of personal information
• Right to Limit: Limit the use of sensitive personal information
• Right to Non-Discrimination: Not be discriminated against for exercising your rights

11.2 Categories of Personal Information

11.3 Sale and Sharing of Personal Information

We do not sell personal information as defined by the CPRA. We may share personal information with service providers for business purposes as described in this policy.

11.4 Exercising Your California Rights

To exercise your California privacy rights:

• Email us at: founder@wiranium.com
• Use the privacy request form in your Return Shield dashboard
• We will verify your identity before processing requests
• You may designate an authorized agent to make requests on your behalf

12.1 Privacy Inquiries

12.2 General Support

12.3 Regulatory Authorities

You have the right to lodge a complaint with supervisory authorities in your jurisdiction if you believe we have not adequately addressed your privacy concerns.

13.1 Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

• Material Changes: We will provide prominent notice at least 30 days before material changes take effect
• Minor Updates: We will update the "Last updated" date for non-material changes
• Notification Methods: Email notifications to merchants and in-app notifications

13.2 Continued Use

Your continued use of Return Shield after policy updates constitutes acceptance of the revised policy. If you do not agree with changes, you may discontinue use of the app.

13.3 Policy Archive

Previous versions of this Privacy Policy are available upon request for your reference.