Who this policy is for
This policy describes how ReturnGuard Labs LLC ("ReturnGuard", "we", "us") processes personal data when you use https://returnguard.net (the marketing site) and https://app.returnguard.net (the application). It also covers data our customers — fashion ecommerce brands — import into their workspace about their own end customers and orders.
When a brand uses ReturnGuard to manage their returns, the brand is the controller of the end customer data they import, and ReturnGuard acts as a processor on their behalf. Our agreement with that brand, plus our Data Processing page, governs how we handle that data.
What data we process
We process the following categories of data:
- Account data. Name, work email, password hash, profile photo, role, and authentication metadata for the people you invite into a workspace.
- Workspace data. Workspace name, brand settings, business rules, saved views, integrations configuration, billing contact, and subscription state.
- Product and return data. SKUs, variants, prices, product images, return cases, return reasons, refund decisions, recovery routes, condition assessments, and notes added by your team.
- Customer data imported by brands. End customer name, email, shipping address, order history, and return history that brands import or sync from their store. Brands choose what to import; we do not collect this directly from end consumers.
- Uploaded item photos. Photos of returned items uploaded for inspection or condition review. These may include tags, packaging, and the item itself.
- Usage analytics. Anonymous and pseudonymous events about which screens are used, which actions are taken, and how the product performs. We use this to improve the product.
- Cookies and similar technologies. See the Cookie Policy for the full list.
Billing and payment data
When Customer pays for a subscription, our payment processor handles card details directly. ReturnGuard stores plan, billing cycle, currency, invoice history, billing email, billing address, and a tokenized reference (such as the last four digits of the card) — never the full card number. Tax identifiers may be stored where required for invoicing and compliance.
AI feature usage
ReturnGuard recommendations are decision support — not final authority. Models score risk, condition, and recovery routing using your workspace's return, product, customer, and policy data. Workspace outputs are scoped to your workspace and reviewer decisions are always logged. Aggregated, non-personal signals may be used for global model refinement unless the workspace-level Opt-Out flag is enabled; personally identifying fields are hashed before any inclusion in training sets. ReturnGuard can prepare and route decisions, but human reviewers control refunds, ReturnGuard Score overrides, and account status changes.
Specifically: prompts and inputs you send to AI features come from your workspace data (returns, products, customer history, evidence photos, policies you have configured). Outputs are scored, shown to a human reviewer, and recorded in the audit log alongside the reviewer's decision. We do not use your workspace data to train shared external models, and we do not share inputs or outputs with other customers.
Third-party services
We rely on a small number of subprocessors to operate the service — categories include cloud hosting and database, authentication, file storage for evidence uploads, transactional email delivery, payment processing, error monitoring, and product analytics. The current vendor list and their roles are published on the Subprocessors page.
Why we process it
- To provide the service: authentication, return workflows, AI assistance, exports, and integrations.
- To bill and support paying customers.
- To detect abuse, prevent fraud, and protect the security of the service.
- To improve the product based on aggregated usage patterns.
- To comply with legal obligations and respond to valid legal requests.
Data retention
Customer personally identifying information (PII) is retained for 7 years. System logs are retained for 90 days. Anonymized data used for global model refinement is retained indefinitely because it no longer identifies a person or a workspace.
When a workspace is closed, we retain operational data for up to 30 days to allow restoration in the event of an accidental cancellation, and then we delete it from primary systems on the schedule above. Encrypted backups expire on a rolling 30-day cycle. Billing records are retained for as long as required by tax and accounting law. Shorter customer PII windows are available under enterprise agreements.
AI and model refinement
ReturnGuard uses machine learning to score risk, review condition, and route recovery. Data is used for global model refinement only if the tenant Opt-Out flag is disabled. Personally identifying fields are hashed before any inclusion in training sets. We do not claim zero training or zero retention.
Recommendations are decision support — not final authority. ReturnGuard can prepare and route decisions, but human reviewers control refunds, ReturnGuard Score overrides, and account status changes. Automated actions are limited to marking a return as Under Investigation and triggering a Request Photo Evidence email.
Data deletion
Workspace owners can request deletion of their workspace at any time by writing to support@returnguard.net. End customers of our brands should contact the brand directly to exercise their rights — that brand is the controller of their personal data and we will assist them in fulfilling the request.
Security controls
We protect data with the following controls:
- AES-256 at rest for the primary database and object storage; TLS 1.3 in transit for the application, APIs, and evidence uploads.
- Workspace-scoped row-level security at the database layer, so workspaces cannot read each other's data.
- Role-based access control (RBAC) across every workspace surface. Single sign-on supported via Okta and Azure Active Directory for enterprise workspaces.
- Least-privilege access for the small number of ReturnGuard engineers who maintain the service, with audit logging of administrative actions.
- Two-factor authentication available for all users and required for staff accounts.
- SOC 2 Type I issued February 2025, scoped to the Dallas data center and the primary SaaS application. ISO 27001 certification is pending the final Q3 2026 audit — not certified.
- Regular dependency scanning and a coordinated vulnerability disclosure process at security@returnguard.net.
See the Security page for more detail.
Your rights
Depending on where you live, you may have the right to access, correct, export, or delete personal data we hold about you, to object to or restrict certain processing, and to lodge a complaint with a supervisory authority. Workspace users can update or remove most of their account data directly in the app.
To exercise a right that you cannot fulfill in-app, write to support@returnguard.net. We respond within 30 days.
International transfers
ReturnGuard is operated from the United States. When we transfer data across borders to a subprocessor, we rely on standard contractual clauses or other recognized transfer mechanisms. Our current vendors are listed on the Subprocessors page.
Changes to this policy
When we make material changes, we update the "last updated" date at the top of this page and notify workspace owners by email. Continued use of the service after the effective date means you accept the updated policy.
Contact
Privacy questions go to privacy@returnguard.net. Postal mail to ReturnGuard Labs LLC, 32607 FM2978, Magnolia, TX 77354, United States.
This summary explains our practices and is not legal advice.
These pages describe how ReturnGuard operates today. They are written in plain language for our customers and are not legal advice. For contractual questions, contact support@returnguard.net.