Data Processing Addendum

The merchant is the controller or business for its customer and order data. Returns Intelligence acts as a processor or service provider when processing that data to deliver the app.

Returns Intelligence follows merchant instructions expressed through app configuration, integration setup, uninstall events, support requests, and applicable law.

Processing is limited to analytics, reporting, diagnostics, syncing, exports, billing, security, support, and service operations.

The app minimizes direct customer identity processing. v1 cohort analytics use order, product, SKU, return, refund, quantity, status, reason, timestamp, and amount fields.

Support access is controlled through merchant support requests, scoped grants, expirations, revocation, and audit events. Direct database access is not the ordinary support workflow.

Data-quality support requests should include concrete operational examples and redacted screenshots or export snippets when useful, not passwords, tokens, customer payment details, full customer message bodies, or unnecessary personal data.

Active merchant analytics data is retained while the merchant account is active because cohort reporting, historical return rates, and trend comparisons require historical order and return records.

Raw vendor payloads are retained while needed for replayability and diagnostics, with a target default of up to 24 months for active tenants unless a merchant plan or legal obligation requires a different period.

Support requests, support access grants, and support audit events are retained for up to 24 months after closure for dispute, security, and service-quality evidence.

Generated exports and reports should be short-lived unless the merchant explicitly saves or downloads them.

After uninstall, account termination, or verified deletion request, active tenant credentials are revoked promptly and merchant analytics data is deleted or anonymized after a 30-day operational recovery window unless a shorter legal obligation applies.

Security, audit, sync checkpoint, billing, and delivery logs are retained for up to 24 months unless needed longer for fraud prevention, dispute handling, tax, legal, or security obligations. Backups follow the hosting provider's backup lifecycle and are allowed to age out through normal rotation.

Core subprocessors include the hosting, database, perimeter access, and Shopify services needed to run the app. Optional integration providers are used only when enabled by the merchant.

Returns Intelligence requires subprocessors to provide appropriate safeguards for the services they perform.