Privacy Policy

1. Data we collect

From your customers who submit a withdrawal we collect only what the EU Consumer Rights Directive requires us to record: customer name, email address, and order number. Optional fields (phone, items, reason) are only stored if the customer chooses to provide them. From merchants who install the app we store shop domain, OAuth access token (encrypted at rest), email, and billing status. We never collect payment card data.

2. How we use it

To deliver EU Right-of-Withdrawal compliance: routing the customer's request to the merchant, audit-trail generation, and required regulatory reporting. We never sell or share data with third parties for marketing.

3. Data retention & deletion

Merchant data is purged within 30 days of app uninstall. The Shopify access token is wiped immediately on uninstall via our automated trigger. Customer withdrawal records are retained for 24 months as required by EU consumer-protection law, then deleted. You can request earlier deletion via customers/redact and shop/redact Shopify webhooks.

4. Your EU GDPR rights

Under the EU General Data Protection Regulation (GDPR) you have the right to access, rectify, erase, restrict, port and object to the processing of your personal data, and to lodge a complaint with your national supervisory authority. Email privacy@withdrawl.eu with your request — we respond within 30 days.

5. Sub-processors

• Resend — transactional email delivery (withdrawal confirmations).
• Supabase — database & backend hosting in the EU region.
• Shopify Inc. — when used as the install / billing channel.
• Stripe Inc. — only if merchant uses direct billing.

6. Security

All data is encrypted in transit (TLS 1.2+) and at rest. Row-level security policies isolate every store's data. Webhooks are HMAC-verified. Sessions use httpOnly secure cookies.

7. Contact

privacy@withdrawl.eu — Mintagency OÜ