1. Data We Collect Through Shopify APIs

Eturns is a Shopify app that provides AI-powered after-sale support (returns, exchanges, and refunds). When a merchant installs Eturns, we access the following data through Shopify's API with the merchant's authorization:

Store Data

Products and variants — title, price, product type, tags, inventory levels. Used to suggest exchanges and verify return eligibility.
Inventory levels — quantity available per variant. Used to confirm exchange availability in real time.
Store policies — return window, conditions, exclusions. Used by the AI to enforce the merchant's configured rules.

Order Data

Order details — order number, line items, prices paid, fulfillment status, existing returns and refunds. Accessed only when a customer provides their order number during a conversation.
Customer email — the email associated with the order. Used to verify the customer's identity and for abandoned conversation recovery (via Shopify Flow, not direct email).

Conversation Data

Chat messages — the text of messages exchanged between the customer and the AI chatbot. Used to process the customer's request and maintain conversation context.
Return/exchange requests — details of what the customer is requesting (items, reason, preferred resolution). Created and stored in our database for the merchant to review.

Merchant Account Data

Shop domain and access token — required for Shopify API access. Access token is stored encrypted.
Billing information — plan selection and subscription status. Processed through Shopify's Billing API (we do not store payment details).

2. How We Use Your Data

Return eligibility verification — checking order age, product conditions, and policy rules against the merchant's configuration.
AI conversation context — providing order and product information to the AI so it can assist the customer accurately.
Exchange suggestions — recommending alternative products based on inventory availability and customer preferences.
Analytics — aggregated usage metrics (conversation counts, resolution rates, credit usage) shown to the merchant in their dashboard.
Abandoned conversation recovery — when a customer leaves mid-conversation, we fire a Shopify Flow trigger so the merchant can follow up through their own email provider. We do not send emails directly to customers.

We do not use merchant or customer data for advertising, profiling, or any purpose other than providing the Eturns service.

3. Where Data Is Stored

All application data is stored in Convex, a US-based cloud database service with encryption at rest and in transit. Our application is hosted on Vercel (US-based). Both services maintain industry-standard security practices.

Shopify access tokens are encrypted using AES-256 before storage.
All data transmission uses HTTPS/TLS encryption.
Database access is restricted to the application service layer only — no direct human access to production data.

4. Data Retention and Deletion

When a Merchant Uninstalls Eturns

When a merchant uninstalls the app, Shopify sends an app/uninstalled webhook. We immediately delete all data associated with that merchant:

All conversations and chat messages
All return/exchange requests
All cached product data
All analytics events
Policy and widget configurations
Custom rules
OAuth sessions and encrypted access tokens
The merchant record itself

When a Customer Requests Data Deletion

When Shopify sends a customers/redact webhook, we redact all personal data for that customer within 30 days:

Customer email is removed from all conversations
Order references are removed from conversations
All messages sent by the customer are replaced with "[REDACTED per customer request]"

Shop Data Redaction

When Shopify sends a shop/redact webhook (48 hours after uninstall), we perform a complete data deletion identical to the uninstall process described above.

Customer Data Requests

When Shopify sends a customers/data_request webhook, we return an anonymized summary of the customer's data (conversation metadata and message timestamps only — no message content or personal identifiers).

5. Third-Party Services

We use the following third-party services to provide Eturns. Each processes data only as necessary for the service described:

Shopify (e-commerce platform) — source of store, order, and product data. Shopify Privacy Policy
Google AI (Gemini) — processes customer messages to generate AI responses. Messages are sent to the Gemini API for inference only and are not stored by Google for training. Gemini API Terms
Convex — cloud database for application data storage. Convex Privacy Policy
Vercel — application hosting and serverless functions. Vercel Privacy Policy

We do not sell, rent, or share merchant or customer data with any third parties for advertising, marketing, or any purpose unrelated to providing the Eturns service.

6. Customer Communications

Eturns does not send emails or other communications directly to customers. When a customer abandons a conversation, we fire a Shopify Flow trigger containing the customer's email and conversation details. The merchant controls all follow-up communications through their own Shopify Flow workflows and connected email providers (Shopify Email, Klaviyo, etc.).

7. Your Rights

Depending on your jurisdiction (GDPR, CCPA, PIPEDA, etc.), you may have the following rights regarding your personal data:

Access — request a copy of the personal data we hold about you.
Correction — request correction of inaccurate personal data.
Deletion — request deletion of your personal data. Merchants can uninstall Eturns at any time, which triggers complete data deletion. Customers can request deletion through the merchant, which triggers Shopify's redaction webhooks.
Restriction — request restriction of processing of your personal data.
Portability — request transfer of your data in a structured format.
Objection — object to processing of your personal data.

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

8. Data Security

All Shopify access tokens are encrypted at rest using AES-256
All data in transit is encrypted via HTTPS/TLS
Database access is limited to application service accounts
Webhook authenticity is verified using Shopify's HMAC signatures
Internal API endpoints are secured with secret-based authentication
Rate limiting is applied to all public-facing endpoints

9. Changes to This Policy

We may update this privacy policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. Continued use of Eturns after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this privacy policy or want to exercise your data rights, contact us at:

Email: contact@eturns.app
Website: www.eturns.app

1. Data We Collect Through Shopify APIs

Store Data

Products and variants — title, price, product type, tags, inventory levels. Used to suggest exchanges and verify return eligibility.
Inventory levels — quantity available per variant. Used to confirm exchange availability in real time.
Store policies — return window, conditions, exclusions. Used by the AI to enforce the merchant's configured rules.

Order Data

Order details — order number, line items, prices paid, fulfillment status, existing returns and refunds. Accessed only when a customer provides their order number during a conversation.
Customer email — the email associated with the order. Used to verify the customer's identity and for abandoned conversation recovery (via Shopify Flow, not direct email).

Conversation Data

Chat messages — the text of messages exchanged between the customer and the AI chatbot. Used to process the customer's request and maintain conversation context.
Return/exchange requests — details of what the customer is requesting (items, reason, preferred resolution). Created and stored in our database for the merchant to review.

Merchant Account Data

Shop domain and access token — required for Shopify API access. Access token is stored encrypted.
Billing information — plan selection and subscription status. Processed through Shopify's Billing API (we do not store payment details).

2. How We Use Your Data

Return eligibility verification — checking order age, product conditions, and policy rules against the merchant's configuration.
AI conversation context — providing order and product information to the AI so it can assist the customer accurately.
Exchange suggestions — recommending alternative products based on inventory availability and customer preferences.
Analytics — aggregated usage metrics (conversation counts, resolution rates, credit usage) shown to the merchant in their dashboard.
Abandoned conversation recovery — when a customer leaves mid-conversation, we fire a Shopify Flow trigger so the merchant can follow up through their own email provider. We do not send emails directly to customers.

We do not use merchant or customer data for advertising, profiling, or any purpose other than providing the Eturns service.

3. Where Data Is Stored

Shopify access tokens are encrypted using AES-256 before storage.
All data transmission uses HTTPS/TLS encryption.
Database access is restricted to the application service layer only — no direct human access to production data.

4. Data Retention and Deletion

When a Merchant Uninstalls Eturns

When a merchant uninstalls the app, Shopify sends an app/uninstalled webhook. We immediately delete all data associated with that merchant:

All conversations and chat messages
All return/exchange requests
All cached product data
All analytics events
Policy and widget configurations
Custom rules
OAuth sessions and encrypted access tokens
The merchant record itself

When a Customer Requests Data Deletion

When Shopify sends a customers/redact webhook, we redact all personal data for that customer within 30 days:

Customer email is removed from all conversations
Order references are removed from conversations
All messages sent by the customer are replaced with "[REDACTED per customer request]"

Shop Data Redaction

When Shopify sends a shop/redact webhook (48 hours after uninstall), we perform a complete data deletion identical to the uninstall process described above.

Customer Data Requests

5. Third-Party Services

We use the following third-party services to provide Eturns. Each processes data only as necessary for the service described:

Shopify (e-commerce platform) — source of store, order, and product data. Shopify Privacy Policy
Google AI (Gemini) — processes customer messages to generate AI responses. Messages are sent to the Gemini API for inference only and are not stored by Google for training. Gemini API Terms
Convex — cloud database for application data storage. Convex Privacy Policy
Vercel — application hosting and serverless functions. Vercel Privacy Policy

We do not sell, rent, or share merchant or customer data with any third parties for advertising, marketing, or any purpose unrelated to providing the Eturns service.

6. Customer Communications

7. Your Rights

Depending on your jurisdiction (GDPR, CCPA, PIPEDA, etc.), you may have the following rights regarding your personal data:

Access — request a copy of the personal data we hold about you.
Correction — request correction of inaccurate personal data.
Deletion — request deletion of your personal data. Merchants can uninstall Eturns at any time, which triggers complete data deletion. Customers can request deletion through the merchant, which triggers Shopify's redaction webhooks.
Restriction — request restriction of processing of your personal data.
Portability — request transfer of your data in a structured format.
Objection — object to processing of your personal data.

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

8. Data Security

All Shopify access tokens are encrypted at rest using AES-256
All data in transit is encrypted via HTTPS/TLS
Database access is limited to application service accounts
Webhook authenticity is verified using Shopify's HMAC signatures
Internal API endpoints are secured with secret-based authentication
Rate limiting is applied to all public-facing endpoints

9. Changes to This Policy

10. Contact Us

If you have questions about this privacy policy or want to exercise your data rights, contact us at:

Email: contact@eturns.app
Website: www.eturns.app

Privacy Policy

1. Data We Collect Through Shopify APIs

Store Data

Order Data

Conversation Data

Merchant Account Data

2. How We Use Your Data

3. Where Data Is Stored

4. Data Retention and Deletion

When a Merchant Uninstalls Eturns

When a Customer Requests Data Deletion

Shop Data Redaction

Customer Data Requests

5. Third-Party Services

6. Customer Communications

7. Your Rights

8. Data Security

9. Changes to This Policy

10. Contact Us

Privacy Policy

1. Data We Collect Through Shopify APIs

Store Data

Order Data

Conversation Data

Merchant Account Data

2. How We Use Your Data

3. Where Data Is Stored

4. Data Retention and Deletion

When a Merchant Uninstalls Eturns

When a Customer Requests Data Deletion

Shop Data Redaction

Customer Data Requests

5. Third-Party Services

6. Customer Communications

7. Your Rights

8. Data Security

9. Changes to This Policy

10. Contact Us