Workspace isolation by default.
Every record — returns, customers, products, evidence — is scoped to the workspace that owns it. Row-level access rules enforce that boundary on every read and write.
Security & Data Controls
ReturnGuard handles fashion return data the way an operations team expects: scoped to your workspace, gated by role, logged on every change, and never used to make a decision your team didn't authorize.

Every record — returns, customers, products, evidence — is scoped to the workspace that owns it. Row-level access rules enforce that boundary on every read and write.
Owner, admin, analyst, CX manager, ops manager, warehouse reviewer, and viewer. Each role unlocks the surfaces it needs and nothing more.
Approvals, overrides, refund changes, recovery routing, rule edits, integration changes — recorded with actor, timestamp, and target. Exportable.
This page is maintained by ReturnGuard Labs LLC to answer common security and privacy questions about ReturnGuard. It reflects controls in the product today and attestations that have been issued in writing. It is not a substitute for an independent audit report.
SOC 2 Type I issued February 2025.
Scope includes the Dallas data center and the primary ReturnGuard SaaS application. Report available to enterprise customers under NDA on request to security@returnguard.net.
ISO 27001 certification pending final Q3 2026 audit.
ReturnGuard is preparing for ISO 27001 certification. We do not claim ISO 27001 certified status until the certificate is issued.
Plain language. The controls below describe what is in the product today.
ReturnGuard can prepare and route decisions, but human reviewers control refunds, ReturnGuard Score overrides, and account status changes. Each recommendation shows the inputs that informed it and can be overridden with a recorded reason.
Described as work in progress, not as issued attestations.
Reach the security team directly. We aim to acknowledge reports within two business days.