.svg)
Privacy policy
Who we are
Witzard.io (“we”, “us”, “our”) provides a software service for e-commerce merchants to manage product returns and to generate/store tax-deduction receipts (the “Service”). This Privacy Policy explains how we handle personal information.
Scope
This Policy covers personal information processed about:
1. merchant customers and their personnel; and
2.end consumers whose returns or tax receipts are handled via our Service.
1) Information we collect
We collect the following categories of personal information:
• Identifiers & Contact Information: first name, last name, email address.
Sources. We collect this information directly from you (e.g., account creation, dashboard inputs, support), or from your authorized integrations.
Purposes. We use the information to provide and operate the Service (returns workflows; issuing/storing tax-deduction receipts), support and communicate with you, secure our systems, comply with law, and improve the Service.
Retention. We retain personal information only as long as needed for the purposes above and to meet legal, tax, and audit obligations; then we delete or de-identify it. See Data Retention below.
Selling/Sharing. We do not sell personal information for money. We do not engage in cross-context behavioral advertising (“sharing”) based on the limited data we collect. If this changes, we will update this Policy and provide a “Do Not Sell or Share” mechanism.
2) How we use personal information
To provide, maintain, and improve the Service.
• To create and manage accounts; provide customer support and communications.
• To ensure security and integrity (fraud/abuse prevention; logging; access controls).
• To comply with legal obligations, enforce terms, and protect rights and safety.
• For internal analytics and service quality (on de-identified or aggregated data where possible).
We do not use your personal information for automated decision-making that produces legal or similarly significant effects.
3) How we disclose personal information
We disclose personal information to:
• Service providers / processors under written contracts, solely to provide services to us (e.g., cloud hosting, database, storage, email delivery, customer support tooling, logging/monitoring).
This includes our cloud database/hosting provider Supabase for secure storage and processing
• Integration partners as you instruct (e.g., e-commerce platforms or systems you connect).
• Professional advisors (legal, accounting) under duties of confidentiality.
• Authorities when required by law or to protect rights, safety, or security.
• Business transfers (merger, acquisition, reorganization, or asset sale).
We do not allow service providers to use your personal information for their own independent purposes.
4) Your privacy rights
Depending on where you live, you may have rights to:
• Access/Know the personal information we hold about you.
• Delete personal information.
• Correct inaccuracies.
• Opt out of sales or sharing (not applicable currently; see Section 1 if this changes).
• Data portability (receive a copy in a portable format).
• Limit the use/disclosure of sensitive data (not collected based on this Policy).
• Appeal our decision on your request (where required).
How to exercise your rights.
Submit a request at [link to web form] or email "support@witzard.io"
We will verify your identity and respond within applicable timeframes. You may designate an authorized agent as permitted by law.
Global Privacy Control (GPC).
If your browser sends a GPC signal, we will treat it as a valid opt-out of sale/sharing for that browser/session, to the extent required by law.
5) Your choices
• Emails. You can unsubscribe from non-essential emails via the link in the footer or by contacting us.
6) Security
We employ administrative, technical, and physical safeguards appropriate to the nature of the information, including but not limited to encryption in transit and at rest, role-based access controls (least privilege), secure key management, environment isolation, and logging/monitoring.
We use reputable third-party infrastructure and database providers, including Supabase, which offers enterprise-grade controls. Despite our efforts, no method of transmission or storage is 100% secure.
If you process payment cards: We do not store full payment card numbers within our systems; payment data is handled by specialized payment processors. If our scope changes, we will implement controls consistent with PCI DSS.
7) Data retention
We keep personal information only as long as necessary to provide the Service, for legitimate business needs (e.g., records, security), and to comply with legal, tax, and audit obligations. After the applicable period, we delete or de-identify the data.
Indicative defaults (adjust as needed):
• Account data (name, email): retained while the account is active and up to 6 months after closure, unless a longer period is required by law.
• Support communications: up to 6 months after closure.
You can request deletion at any time (subject to lawful exceptions).
8) Children’s privacy
Our Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided information, contact us and we will delete it.
9) International users
The Service is operated in the United States. If you access the Service from outside the U.S., your information may be processed in the U.S. and other countries where our providers operate, which may have different data-protection laws.
10) Changes to this Policy
We may update this Policy from time to time. When we do, we’ll revise the “Effective date” above and, if changes are material, provide additional notice (e.g., in-app notice or email).
Witzard.io (“we”, “us”, “our”) provides a software service for e-commerce merchants to manage product returns and to generate/store tax-deduction receipts (the “Service”). This Privacy Policy explains how we handle personal information.
Scope
This Policy covers personal information processed about:
1. merchant customers and their personnel; and
2.end consumers whose returns or tax receipts are handled via our Service.
1) Information we collect
We collect the following categories of personal information:
• Identifiers & Contact Information: first name, last name, email address.
Sources. We collect this information directly from you (e.g., account creation, dashboard inputs, support), or from your authorized integrations.
Purposes. We use the information to provide and operate the Service (returns workflows; issuing/storing tax-deduction receipts), support and communicate with you, secure our systems, comply with law, and improve the Service.
Retention. We retain personal information only as long as needed for the purposes above and to meet legal, tax, and audit obligations; then we delete or de-identify it. See Data Retention below.
Selling/Sharing. We do not sell personal information for money. We do not engage in cross-context behavioral advertising (“sharing”) based on the limited data we collect. If this changes, we will update this Policy and provide a “Do Not Sell or Share” mechanism.
2) How we use personal information
To provide, maintain, and improve the Service.
• To create and manage accounts; provide customer support and communications.
• To ensure security and integrity (fraud/abuse prevention; logging; access controls).
• To comply with legal obligations, enforce terms, and protect rights and safety.
• For internal analytics and service quality (on de-identified or aggregated data where possible).
We do not use your personal information for automated decision-making that produces legal or similarly significant effects.
3) How we disclose personal information
We disclose personal information to:
• Service providers / processors under written contracts, solely to provide services to us (e.g., cloud hosting, database, storage, email delivery, customer support tooling, logging/monitoring).
This includes our cloud database/hosting provider Supabase for secure storage and processing
• Integration partners as you instruct (e.g., e-commerce platforms or systems you connect).
• Professional advisors (legal, accounting) under duties of confidentiality.
• Authorities when required by law or to protect rights, safety, or security.
• Business transfers (merger, acquisition, reorganization, or asset sale).
We do not allow service providers to use your personal information for their own independent purposes.
4) Your privacy rights
Depending on where you live, you may have rights to:
• Access/Know the personal information we hold about you.
• Delete personal information.
• Correct inaccuracies.
• Opt out of sales or sharing (not applicable currently; see Section 1 if this changes).
• Data portability (receive a copy in a portable format).
• Limit the use/disclosure of sensitive data (not collected based on this Policy).
• Appeal our decision on your request (where required).
How to exercise your rights.
Submit a request at [link to web form] or email "support@witzard.io"
We will verify your identity and respond within applicable timeframes. You may designate an authorized agent as permitted by law.
Global Privacy Control (GPC).
If your browser sends a GPC signal, we will treat it as a valid opt-out of sale/sharing for that browser/session, to the extent required by law.
5) Your choices
• Emails. You can unsubscribe from non-essential emails via the link in the footer or by contacting us.
6) Security
We employ administrative, technical, and physical safeguards appropriate to the nature of the information, including but not limited to encryption in transit and at rest, role-based access controls (least privilege), secure key management, environment isolation, and logging/monitoring.
We use reputable third-party infrastructure and database providers, including Supabase, which offers enterprise-grade controls. Despite our efforts, no method of transmission or storage is 100% secure.
If you process payment cards: We do not store full payment card numbers within our systems; payment data is handled by specialized payment processors. If our scope changes, we will implement controls consistent with PCI DSS.
7) Data retention
We keep personal information only as long as necessary to provide the Service, for legitimate business needs (e.g., records, security), and to comply with legal, tax, and audit obligations. After the applicable period, we delete or de-identify the data.
Indicative defaults (adjust as needed):
• Account data (name, email): retained while the account is active and up to 6 months after closure, unless a longer period is required by law.
• Support communications: up to 6 months after closure.
You can request deletion at any time (subject to lawful exceptions).
8) Children’s privacy
Our Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided information, contact us and we will delete it.
9) International users
The Service is operated in the United States. If you access the Service from outside the U.S., your information may be processed in the U.S. and other countries where our providers operate, which may have different data-protection laws.
10) Changes to this Policy
We may update this Policy from time to time. When we do, we’ll revise the “Effective date” above and, if changes are material, provide additional notice (e.g., in-app notice or email).