Privacy Policy

Effective date: April 19, 2026

Who we are

ReturnLens is a return-analytics tool for Shopify merchants, operated by a solo founder. If you have privacy questions, contact us at rs.chen@aftership.com.

Data we collect

ReturnLens reads order and return data from your connected Shopify store and stores the following categories:

  • Shopify store identifiers — your myshopify.com domain and the store-level access token we use to call the Shopify Admin API.
  • Shopify order metadata — order id, creation timestamps, line items, order totals, and the opaquecustomer_idreference already provided by Shopify. We do not pull or persist customer names, email addresses, shipping addresses, or phone numbers.
  • Return records — return id, reason code, return line items, and refund amounts.
  • Aggregated analytics snapshots — derived metrics such as return rate, anomaly flags, and AI-generated reduction suggestions computed from the data above.
  • Your user account — the email address and Google OAuth subject identifier you sign in with so we can associate your sessions to the correct merchant account.

We explicitly do not collect or store customer-level personally identifiable information (PII) such as customer names, emails, shipping addresses, or payment card data. When Shopify fires thecustomers/data_requestmandatory webhook, our handler returns a JSON response stating "no customer personal data is stored by ReturnLens" and performs no action, because there is no customer PII for us to export.

How we use your data

  • Compute return analytics, anomaly flags, and reduction suggestions for your dashboard.
  • Generate a weekly analysis snapshot which is emailed to the store-owner address on file.
  • Detect integration failures (missing webhook deliveries, API rate-limit hits) for operational alerting.

We do not sell or share your data for advertising. We do not run any third-party tracking pixels, analytics JS tags, or marketing SDKs inside the ReturnLens dashboard.

Third-party services

ReturnLens is built on the following service providers. Each receives only the data required to perform the function described.

  • Supabase — managed PostgreSQL database and authentication provider. Stores ourstores,orders,returns, andreturn_line_itemstables plus user account records.
  • Vercel — hosting and serverless function runtime. Processes inbound Shopify webhooks, OAuth callbacks, and authenticated dashboard requests. Vercel logs may briefly retain IP addresses and request metadata for operational purposes.
  • Creem — payment processor for subscription billing. ReturnLens never handles or stores payment card data; Creem receives only the minimum billing-related fields required to run checkout and subscription lifecycle.
  • Anthropic — Claude models used to score the free AI Agent Discoverability Test. Only public marketing-site input supplied by visitors is sent to Anthropic; your store data is not.
  • Google Gemini — Gemini 2.5 Flash generates AI reduction suggestions from aggregated return metrics. Only aggregated, de-identified snapshot data is transmitted — never raw customer identifiers or order line items tied to individuals.

Data retention

We retain your store data while your subscription is active. When you uninstall ReturnLens from your Shopify store, Shopify triggers theshop/redactmandatory compliance webhook approximately 48 hours later. Our handler deletes your row from the storestable, and PostgreSQL ON DELETE CASCADE foreign-key constraints remove all associated orders, returns, and return line items in the same transaction. No residual merchant data remains after the cascade completes. We have captured real-environment evidence of this cascade deleting 262 rows across 4 tables for a test store (April 2026).

Your rights

  • Access — because we do not store customer PII, responses to customers/data_request contain no personal data. Merchants may email us to request a copy of their own account record at any time.
  • Deletion — uninstalling the ReturnLens app from your Shopify store triggers theshop/redact cascade described above. Merchants who want immediate deletion before the 48-hour Shopify grace period can email the address below to request expedited purge.
  • Correction / objection — contact us; we will respond within 2 business days.

Contact

Privacy inquiries: rs.chen@aftership.com. Expected response time within 2 business days.