Privacy Policy

When you create an account, we collect your email address and password (hashed, never stored in plain text). If you provide a brand or company name during signup, we store that too.

When you upload a CSV, we process the rows to generate your analytics. For Pro plan users, we store a snapshot of the analytics results — not the raw CSV itself — in our database so you can track trends over time.

We collect standard server logs (IP address, browser type, pages visited) for security and debugging purposes. These are not sold or shared.

• To authenticate you and maintain your session
• To generate your return analytics dashboard
• To provide AI-powered recommendations (Pro plan only — see Third-party services below)
• To send transactional emails (account confirmation, password reset, payment receipts)
• To improve the product and diagnose errors

We do not sell your data. We do not use your data for advertising.

Supabase — We use Supabase for authentication and database storage. Your account data and analytics snapshots are stored in Supabase's hosted Postgres database. Supabase stores data in encrypted form at rest and in transit. See supabase.com/privacy.

OpenAI — Pro plan users who request AI recommendations have a summary of their return analytics (SKU names, return rates, return reasons) sent to OpenAI's API to generate recommendations. OpenAI does not use API data to train its models. Raw CSV data and personal information are never sent to OpenAI. See OpenAI API data usage policy.

Stripe — Paid plan billing is handled by Stripe. We never see or store your full card number. Stripe is PCI-DSS compliant. See stripe.com/privacy.

Free plan: Analytics are not persisted — each session is stateless. Your account (email, org name) is retained until you delete your account.

Pro plan: Analytics snapshots are retained for 12 months. Business plan: 36 months. You can request deletion at any time.

You have the right to access, correct, or delete any personal data we hold about you. If you are in the EU or California, you have additional rights under GDPR and CCPA respectively, including the right to data portability.

To request access, correction, or deletion of your data, email us at hello@returnlens.com. We will respond within 30 days.

We use a single session cookie to keep you logged in. We do not use advertising or tracking cookies. If you add analytics tools in future (e.g., Posthog), this policy will be updated accordingly.

Questions about this policy? Email hello@returnlens.com.