Privacy Policy

1. Introduction

Reinstate ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how your personal information is collected, used, and disclosed by Reinstate. By accessing or using our Service, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy.

2. Information We Collect

We collect information that you provide directly to us when you connect your Shopify store. This includes:

• Store Information: Your store domain, email address, and configuration data.
• Operational Data: We monitor specific Shopify API endpoints (orders, refunds, products, disputes) to calculate your health signals.
• OAuth Tokens: We securely store AES-256 encrypted access tokens to maintain the API connection.
• Payment Information: When you subscribe, we collect billing information through our third-party processor, Stripe. We do not store credit card numbers on our servers.

3. How We Use Your Information

The primary purpose of collecting your data is to provide the risk monitoring service. We use your data to:

• Analyze your store's health metrics against risk thresholds.
• Send you instant alerts when risk signals (like refund rates) are elevated.
• Generate custom appeal letters using AI in the event of a suspension.
• Improve the accuracy of our detection models to reduce false positives.

4. Third-Party Services

To provide our service, we share limited data with the following trusted partners:

• Stripe: For secure payment processing and subscription management.
• Google Gemini: To process suspension notices and generate customized appeal letters (data shared with Google is used solely for text generation and is not used to train their models).
• Supabase: For secure cloud database storage and authentication.

5. Data Security & Retention

We use commercially reasonable security measures (including AES-256 encryption and Row-Level Security) to protect your information. We retain your data for as long as your account is active. If you uninstall the Reinstate app, your store data and encrypted tokens are deleted from our active databases within 30 days.

6. Your Data Rights (GDPR & CCPA)

Depending on your location, you may have the following rights regarding your personal data:

• Right to Access: Request a copy of the data we hold about your store.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure: Request deletion of your store data. When you uninstall the Reinstate app, Shopify notifies us via a mandatory webhook and we permanently delete all associated store data within 30 days.
• Right to Portability: Request your data in a machine-readable format.
• Right to Object: Object to processing of your data in certain circumstances.

To exercise any of these rights, contact us at support@reinstate.app. We will respond within 30 days.

7. Shopify App Data Compliance

As a Shopify app, we comply with Shopify's Partner Program Agreement and API Terms of Service. We respond to mandatory GDPR webhooks including customers/data_request, customers/redact, and shop/redact. We do not store individual customer personal data — our service operates exclusively on aggregate store-level metrics.