Privacy Policy

ReasonWhy is a Shopify app that helps merchants understand return patterns. We connect to your Shopify store and analyse order and return data to identify which products generate the most returns, why, and what can be changed to reduce them.

We access your store's orders and returns data via Shopify's Admin GraphQL API, using the read_orders and read_products scopes.

We store:

• Order identifiers (Shopify order GIDs) and return / line-item / product structure
• Free-text return reason notes entered by customers or merchants
• Product metadata (title, handle, image URL, vendor)

We deliberately do not collect or store: customer names, email addresses, phone numbers, or customer IDs. We do not hold any data classified as Shopify Protected Customer Data Level 2.

We use this data solely to:

• Calculate return rates and revenue impact per product
• Group return reasons using AI to identify themes and patterns (see Sub-processors below)
• Present ranked opportunities and actionable insights in the merchant dashboard

We do not sell, share with third parties for marketing, or use your data for any purpose other than providing the ReasonWhy service to you.

We use the following sub-processors for AI analysis of return reason text. Before any text is sent to these services, it is passed through a PII-scrubbing filter that removes names, email addresses, and phone numbers. Neither sub-processor receives identifiable customer information.

• Anthropic — large language model processing to generate return-reason labels and recommendations.
• OpenAI — vector embedding of return reason text for clustering and similarity analysis.

• Free-text return notes and raw order payloads are retained for 180 days after the return date. After that window they are permanently deleted or anonymised (raw payload reduced to the order GID only).
• Derived analytics — return counts, product metrics, cluster themes — do not contain free text and are retained while your account is active.
• LLM usage logs are retained for 30 days and then deleted.

Merchants and their customers may exercise rights of access, correction, and deletion under GDPR, CCPA, and equivalent regulations. Customer data deletion and access requests are handled via Shopify's mandatory GDPR webhooks. Merchants may contact us directly using the details below.

ReasonWhy implements all three mandatory Shopify privacy webhooks: customers/redact, shop/redact, and customers/data_request.

All data is transmitted over TLS. We maintain structured access logs for every access to protected customer data, retained for a minimum of 30 days. In the event of a suspected data exposure, we will notify affected merchants and Shopify in accordance with the Shopify Partner Program Agreement.

For privacy inquiries, data access requests, or concerns, contact us at: moyleadam590@gmail.com

We may update this privacy policy from time to time. When we do, we will post the updated policy at this URL and revise the effective date above. Continued use of ReasonWhy after a change constitutes acceptance of the updated policy.