Legal ยท Privacy Policy

How Leak Radar handles your data

Leak Radar is a Shopify app that helps merchants understand and reduce losses from product returns. This policy explains what data we process, how we use it, and your rights around it.

Last updated: March 2026

๐Ÿ”’

Short version

We only store anonymised refund and order analytics โ€” never customer names, emails, addresses, or payment details. When you uninstall, all your data is permanently deleted.

1

Data we access from Shopify

Leak Radar requests the minimum Shopify permissions required to calculate return-related metrics. We process:

  • โœ“Order data โ€” Order ID, order name/number, order totals, currency, and timestamps.
  • โœ“Refund data โ€” Refund IDs, refund amounts, reasons and notes, associated order IDs, and refunded line items (product title, variant, quantity, and amount).
  • โœ“Product metadata โ€” Product titles and IDs used to identify which products are driving return losses.
  • โœ“Shop settings โ€” Shop currency code, used to display monetary amounts in your local currency.
We do not store customer names, email addresses, phone numbers, delivery addresses, or payment card details.
2

How we use your data

We use the data described above exclusively to:

  • โ†’Calculate return rates, monetary losses, and trends over time for your store.
  • โ†’Surface which products and return reasons are costing you the most.
  • โ†’Generate prioritised action recommendations to help you reduce return losses.
  • โ†’Evaluate whether actions you take result in measurable improvement.

We do not sell, rent, or share your data with third parties for advertising, profiling, or any purpose unrelated to operating Leak Radar.

3

Data storage and retention

Analytics data (refund records, action history, product metrics) is stored in a secure PostgreSQL database hosted on Railway. Only authorised team members have access to production systems, solely for the purpose of maintaining the service.

Data is retained for as long as your store has Leak Radar installed. Upon uninstall, Shopify sends us an app/uninstalled webhook and โ€” 48 hours later โ€” a shop/redact webhook. Both events trigger permanent, irreversible deletion of all data associated with your shop.

4

GDPR, CCPA & privacy rights

Shopify is the data controller for your customers' personal data. Leak Radar acts as a data processor on your behalf and only handles order/refund analytics โ€” not personal data directly.

We implement Shopify's three mandatory privacy webhooks:

customers/data_request

Acknowledges a customer's data access request. Because we don't store personal customer data, Shopify's own export is the authoritative record.

customers/redact

Permanently deletes any refund analytics records linked to the customer's specified order IDs.

shop/redact

Permanently deletes every record stored for your shop โ€” refunds, actions, reason categories, and sessions.

5

Cookies and tracking

Leak Radar is an embedded Shopify app. It does not use third-party analytics scripts, advertising cookies, or any cross-site tracking. The only cookies set are those required by Shopify's authentication flow (session tokens).

6

Security

We use Shopify's official OAuth libraries for authentication and store access tokens securely. Our infrastructure is hosted on Railway and benefits from TLS encryption in transit and encryption at rest.

You are responsible for controlling which staff members in your Shopify organisation can access Leak Radar.

7

Changes to this policy

We may update this privacy policy from time to time. Material changes will be communicated via an in-app notice. The "Last updated" date at the top of this page always reflects the most recent revision.

8

Contact us

For any questions about this policy, data access requests, or deletion requests, reach out to us at:

โœ‰ leakradar@sorivox.com