KeepersPrivacyTerms

Privacy Policy

Last updated July 8, 2026

Keepers ("we", "us") is a Shopify app built by 8th Origin LLC that runs returns and exchanges for a merchant's store — a branded customer portal, instant exchanges, keep-the-item refunds, and auto-generated return labels. This policy explains what we collect, how we use it, and the choices you have.

What we collect

  • Store information — your .myshopify.com domain, store name, and currency, provided by Shopify when you install.
  • Staff account — the name and email of the staff member who installs or configures Keepers, from your Shopify session, used only to authenticate you into the app.
  • App configuration — your return window, eligibility rules, feature toggles, and portal branding (logo, accent color, headline). This is data you create.
  • Return requests — when a customer starts a return or exchange, we store their name, email, order number, the items and reasons they selected, and the resulting label/tracking details, on your behalf. You are the controller of this data; we process it only to run the return through to refund or exchange.
  • Order data — order, line-item, product, and fulfillment details read from Shopify's API to check eligibility, create refunds and exchanges, and generate return labels.

How we use it

Solely to operate the app for you: run the customer return portal, check eligibility against your rules, process refunds and exchanges against real Shopify orders, and generate return labels. We do not sell data or use it for advertising. Customer details are used exclusively for the return they submitted.

Retention and deletion

Uninstalling Keepers deletes your store's configuration, settings, and return records within 48 hours via Shopify's mandatory shop/redact webhook. A customer's return records are removed when you delete them or when Shopify sends a customers/redact request for that customer.

Sharing

Data lives in our database hosted on Neon (Postgres, US region) and the app runs on Vercel. No other third parties receive your data.

Security & incident response

All traffic is encrypted in transit (TLS), and return records are stored on managed infrastructure that encrypts data at rest. Access to personal data is limited to the operator of the service, and return activity is recorded on each return's timeline. If we become aware of a security incident affecting personal data, we will investigate promptly and notify affected merchants without undue delay.

Contact

Questions or data requests: danny@8thorigin.com.