Privacy Policy

Last updated: April 25, 2026

1. What we collect

Subscribers (item owners): name, email address, phone number, shipping address, payment method (stored by Stripe — we store only a Stripe customer ID), and item descriptions assigned to labels.

Finders: name, email address, phone number, shipping address, and the message submitted with a return request. Finders do not create accounts.

2. How we use your data

  • To operate the return flow — notifying owners, generating shipping labels, and disbursing rewards.
  • To process subscription payments via Stripe.
  • To send transactional emails (return notifications, shipping labels, reward confirmations).
  • To respond to support and sales enquiries.

We do not sell your data or use it for advertising.

3. Privacy between owners and finders

Owner personal information — name, email, phone, and address — is never shared with finders. Finders see only the item description and reward amount set by the owner. The owner's shipping address is used only server-side to generate the return label; it does not appear in any finder-facing response.

4. Data sharing

We share data only with the third-party services necessary to operate ReturnToMe:

  • Stripe — payment processing and subscription management.
  • EasyPost — pre-paid return shipping label generation.
  • PayPal — finder reward disbursement (where PayPal or Venmo is selected).
  • AWS SES — transactional email delivery.
  • AWS S3 — label photo storage.

We do not share data with any other third parties.

5. Data retention

Subscriber account data is retained for the life of the account and for 90 days after deletion. Find event records (including finder details) are retained for 2 years for dispute resolution purposes, then deleted. You may request earlier deletion by contacting support.

6. Security

Passwords are hashed with BCrypt and never stored in plain text. All data is transmitted over HTTPS. Access to production systems is restricted to authorised personnel. We use AWS RDS with encrypted storage and automated backups.

7. Your rights

You may request a copy of your data, correction of inaccurate data, or deletion of your account and associated data by emailing support@return-to-me.com. We will respond within 30 days.

8. Cookies

We use only a single session token stored in localStorage to keep you logged in. We do not use tracking cookies or third-party analytics.

9. Changes to this policy

We will notify subscribers by email at least 14 days before material changes to this policy take effect.

10. Contact

Privacy questions or requests: support@return-to-me.com.