Privacy Policy
Last updated: 9 July 2026
RefundAudit ("we", "our", "the app") is operated by B4SED Ltd. This policy explains what data RefundAudit collects, why it is collected, and how it is handled.
1. What RefundAudit Does
RefundAudit is a Shopify app that helps merchants see refund behavior. It builds a refund-centric audit projection, shows Actor and Channel attribution, sends a weekly Digest when enabled, and exports audit fields on request.
2. Protected Customer Data Posture
RefundAudit is designed for Shopify Level 1 protected customer data only. It persists Shopify order and refund references plus customer_id. It does not persist customer names, emails, phone numbers, or addresses.
3. Data We Collect
- Shop domain and access token - used to authenticate your store and read refund/order data needed for the app.
- Refund Records - refund ID, order ID, order number, refund and order timestamps, amount, currency, transaction status, refund note, bounded line-item summary, customer_id, Actor, and Channel.
- Actor Labels - merchant-entered labels for staff actor IDs.
- Daily order counts - store-level counts used as denominators for refund-rate review flags.
- Raw webhook events - short-lived debugging payloads retained for 30 days.
- Digest settings - whether the Digest is enabled, recipient addresses, and unsubscribe token.
4. PII Inventory
The personal data RefundAudit may hold is limited to Actor Labels, refund notes, and customer_id. Refund notes are merchant-entered free text and may contain personal data entered by the merchant or staff. Digest emails may include Actor Labels, but never customer names, customer emails, phones, addresses, refund notes, line-item details, or customer_id.
5. Data We Do Not Store
- Customer names
- Customer email addresses
- Customer phone numbers
- Billing or shipping addresses
- Payment card data
- General customer profiles or customer analytics records
6. How We Use Data
- Display the Refund Feed and refund totals in your Shopify admin.
- Attribute refunds to Actor and Channel where Shopify provides reliable evidence.
- Run four explainable review flag rules with history gates and weekly cap.
- Compose weekly Digest emails fresh from current projection state.
- Provide CSV exports of audit fields.
- Handle Shopify billing, app uninstall, and GDPR webhooks.
7. Data Retention
- Refund Records - retained while the app is installed because they are the product. If billing lapses, records remain read-only for a 60-day grace period, then are deleted if billing is not restored.
- Raw webhook events - automatically deleted after 30 days.
- Actor Labels and settings - retained while the app is installed and deleted on shop/redact.
- Backfill and review flag records - retained while the app is installed and deleted on shop/redact or after the lapsed-billing grace period expires.
- Digest emails - composed at send time and not stored as rendered business records.
8. GDPR Webhooks
- customers/data_request - RefundAudit stores the collected Refund Records for that customer_id in the GDPR request log for merchant export handling.
- customers/redact - RefundAudit sets matching Refund Record customer_id values to null and removes matching raw webhook payloads.
- shop/redact - RefundAudit deletes all shop data across every app table, including Actor Labels.
9. Data Storage and Processors
RefundAudit runs on Cloudflare Workers and stores data in Cloudflare D1. Data is encrypted in transit via TLS and encrypted at rest by Cloudflare. Weekly Digest email is sent through Resend when Digest is enabled and a recipient is configured.
10. Your Choices
You can disable the Digest, change recipients, export audit data, or uninstall the app at any time. Digest emails include a one-click unsubscribe link.
11. Contact
Privacy questions or data requests: support@refundaudit.app
B4SED Ltd, United Kingdom.