Opstimal Return Rescue Privacy Policy

Data Opstimal Return Rescue Uses

Opstimal Return Rescue uses Shopify app sessions, merchant decision settings, redacted webhook receipts, product catalog facts, market/localization facts, and derived return-intelligence metrics needed to operate the command center.

• Protected order, return, refund, customer, and fulfillment adapters stay blocked until Shopify protected customer data approval is explicitly enabled.
• Real-store validation evidence is kept outside git under .evidence and must not contain passwords, access tokens, direct customer identifiers, or screenshots with sensitive data.
• Exported facts packages are designed to contain sanitized decision context and summary counts, not raw customer contact fields.

How Data Is Used

The app uses permitted Shopify data to explain return recommendations, identify SKU-level preventable return leaks, summarize market policy opportunities, and generate merchant-operable facts for support and operations.

Retention And Deletion

Shop-scoped sessions and merchant settings are deleted on app uninstall and shop redaction. Historical webhook ledger rows are pruned by the configured retention window, while the current webhook receipt is preserved for idempotency.

Shopify Compliance Webhooks

Opstimal Return Rescue subscribes to Shopify's mandatory privacy compliance topics: customers/data_request, customers/redact, and shop/redact. These routes acknowledge requests and avoid storing raw privacy webhook payloads.

Sharing And Security

Opstimal Return Rescue does not sell merchant or customer data. Operational logs are structured and redacted, and production secrets must stay in deployment configuration rather than source control.