Português · English
Privacy Policy
Returns Margin Analytics · Last updated: 2026-06-17
Returns Margin Analytics (“the App”) helps Shopify merchants understand the margin they lose to product returns. This policy explains what data the App accesses, why, how it is stored, and the rights you and your customers have. The App is operated by Luís Ivars (sole operator).
1. Data we access
- Store & session data — your shop domain and the OAuth access token issued by Shopify, used solely to authenticate the App and call the Shopify Admin API on your behalf.
- Order & return data — order lines, return reasons, refund and shipping amounts. Read on demand to calculate margin loss per SKU. This is Shopify Protected Customer Data; we request only the minimum scopes needed (
read_orders,read_returns). - Product & cost data — variant SKUs, inventory and cost per item (COGS). Cost values you set in the App are stored to compute net loss.
- Usage telemetry — anonymous events (e.g. install, first report viewed) tied to the shop, used to improve the App. No end-customer personal data is included in telemetry.
2. How we use it
Data is used exclusively to provide the App’s functionality: calculating return-driven margin loss, recommending actions, exporting reports, syncing COGS, and managing your subscription. We do not sell your data, use it for advertising, or share it with third parties for their own purposes.
3. Storage & retention
Data is stored on a private server located in the EU, in a database accessible only to the operator. Order and return data is processed to produce aggregated reports; we retain the cost values, store record, sessions and aggregated/telemetry data for as long as the App is installed. When you uninstall, your store is marked churned and personal data is deleted in response to Shopify’s mandatory compliance webhooks (typically within 48 hours, or upon a redaction request).
4. Customer data requests (GDPR / CCPA)
The App implements Shopify’s mandatory privacy webhooks: customers/data_request, customers/redact and shop/redact. Requests from your customers should be made through you as the merchant (the data controller); we act as the data processor and will respond to redaction and data-request webhooks accordingly.
5. Sub-processors
We use Shopify (platform & APIs) and a private EU virtual server (hosting & database). No other sub-processors receive your data.
6. Security
Data is encrypted at rest (database-level, AES) and in transit (HTTPS/TLS). Access tokens and credentials are stored server-side and never exposed to the browser. Access to the database is restricted to the operator.
7. Your rights
You may request access to, correction of, or deletion of your data at any time by uninstalling the App or by contacting us. We will respond within the timeframes required by applicable law.
8. Changes
We may update this policy; the “last updated” date above reflects the latest version. Material changes will be reflected here.
9. Contact
Questions about this policy or your data: support@luisivars.pt.