Privacy Policy

Who we are

Retendr ("we", "us") provides refund intelligence for Shopify stores. For the purposes of the UK GDPR and the Data Protection Act 2018, we are the data controller for the personal data described below. If you have any questions about this policy or how we handle your data, contact us at info@retendr.co.uk.

This site is currently a pre-launch landing page. It does not host the Retendr product itself, and it does not process your customers' order data.

What we collect and why

We keep data collection to the minimum needed to run this site. The table below lists exactly what we collect, why, and the lawful basis we rely on.

Waitlist sign-ups

What: your email address, and the date and source of the sign-up. Why: so we can contact you about early access. Lawful basis: consent, which you give by submitting the form. You can withdraw it at any time (see Your rights).

The live demo

What: the illustrative return scenario you configure (return reason, order value, account age band, and prior-refund count). These are sample values, not real customer records, and we do not store them. Why: to generate a demo decision. Lawful basis: legitimate interest in demonstrating the product.

Booking a demo

What: if you book a call, your name, email, and chosen time are collected through our scheduling provider, Calendly. Why: to arrange and hold the call. Lawful basis: consent and the steps taken at your request to arrange the meeting.

Technical and security data

What: when you use the site, our hosting and rate-limiting providers process technical data such as your IP address and request metadata. Why: to serve the site, prevent abuse, and protect it from scraping and automated attacks. Lawful basis: legitimate interest in keeping the service secure and available.

Cookies and tracking

This site does not use first-party analytics, advertising cookies, or third-party tracking pixels. We do not profile you and we do not sell your data.

The one exception is the Calendly scheduler embedded on the Book a demo page. It is a third-party tool that may set its own cookies when it loads. Calendly displays its own consent banner so you can manage those cookies directly; see Calendly's policy linked below for details.

Third parties we rely on

We use a small number of trusted providers to run this site. Each processes data only as needed for the function described, under its own privacy policy:

• Anthropic — Powers the live demo. The scenario you configure (return reason, order value band, account age band, prior-refund count) is sent to Anthropic to generate a decision. These inputs are illustrative and are not used to identify you. View policy
• Notion — Stores waitlist sign-ups. If you join the waitlist, your email address and the date you signed up are written to a Notion database we control. View policy
• Calendly — Powers demo booking on the Book a demo page. If you book a call, Calendly collects your name, email, and chosen time. Calendly may set its own cookies and shows its own consent banner. View policy
• Vercel — Hosts the site and its serverless functions. Vercel processes technical request data (such as IP address) as part of serving and securing the site. View policy
• Upstash — Provides the rate-limiting layer that protects our API routes from abuse. It transiently stores request counters keyed to your IP address. View policy

International transfers

Some of our providers (such as Anthropic and Vercel) may process data on servers outside the UK, including in the United States. Where data is transferred internationally, it is protected by appropriate safeguards such as the UK International Data Transfer Agreement or equivalent contractual protections.

How long we keep it

We keep waitlist emails until we launch and onboard you, or until you ask us to remove you — whichever comes first. Booking details are retained for as long as needed to arrange and follow up on your call. Security and rate-limiting data is short-lived and expires automatically. We do not retain demo inputs.

How we protect your data

All traffic to this site is encrypted in transit over HTTPS. API keys and access tokens are held as server-side secrets and are never exposed to the browser. Our public endpoints are rate-limited to protect against scraping and abuse, and we collect only the data described above.

Your rights

Under the UK GDPR you have the right to access, rectify, erase, restrict, or object to our processing of your personal data, and the right to data portability. To exercise any of these rights — including removing yourself from the waitlist — email info@retendr.co.uk and we will respond within one month.

If you believe we have mishandled your data, you can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk. We would appreciate the chance to address your concern first.

Changes to this policy

We may update this policy as the product evolves. When we do, we will revise the "Last updated" date at the top of this page. Material changes will be highlighted on the site.