Privacy Policy

Last updated: January 12, 2026

1. Introduction

Renda ("we," "our," or "us") provides a managed abandoned cart recovery service through iMessage for Shopify merchants. Our dedicated sales representatives contact customers who abandon their carts to help recover sales on your behalf. This Privacy Policy explains how we collect, use, and protect information when you use our platform.

2. Information We Collect

When you connect your Shopify store, we collect and store:

Customer contact information: Names, email addresses, and phone numbers
Abandoned checkout data: Shopify checkout IDs, cart values, cart items, and checkout URLs
Conversation records: Message history between our sales reps and customers
Recovery data: Order recovery status, recovered revenue amounts, and timestamps
Store information: Your Shopify store domain and integration credentials

We do NOT collect: Payment card information, physical addresses, or sensitive personal data.

3. How We Use Information

We use collected information to:

Enable our sales representatives to send personalized iMessage recovery messages
Track abandoned checkouts and identify which carts to recover
Calculate and display analytics including recovery rates, AOV, and revenue recovered
Provide you with real-time dashboards showing our performance
Improve our recovery strategies and service quality

4. iMessage Communications

Our service exclusively uses iMessage (Apple's messaging platform) to contact customers. We only reach out to customers with iMessage-enabled devices (blue text messages). We do not send SMS to non-Apple devices. Customers can opt out at any time by replying STOP, and we immediately honor all opt-out requests.

5. Data Protection

We protect your data through:

Encryption in transit: All data transmitted via HTTPS/TLS
Encryption at rest: Database encryption provided by our infrastructure (Supabase)
Access controls: Role-based access limits who can view customer data
Secure authentication: OAuth 2.0 for Shopify integration with CSRF protection
Webhook verification: HMAC signature validation on all Shopify webhooks

6. Data Sharing

We do not sell, rent, or share customer personal data with third parties for their marketing purposes. Data is shared only with:

SendBlue: Our iMessage delivery infrastructure, used solely to send and receive messages
Supabase: Our database provider for secure data storage

These providers are contractually bound to protect your data and use it only for the purposes of operating our service.

7. Data Retention

We retain data according to the following schedule:

Active accounts: Data retained while your Shopify app is installed
App uninstall: All shop data deleted within 48 hours
Customer data requests: Data provided or deleted within 30 days of request
Customer opt-outs: Phone number retained only in suppression list to prevent future contact

8. Customer Rights

End customers whose data we process have the right to:

Opt out of messages by replying STOP at any time
Request access to their data through Shopify or by contacting us
Request deletion of their data (we delete all conversations and messages)

We honor all opt-out requests immediately. When a customer requests data deletion through Shopify, we automatically delete their conversations and message history from our systems.

9. GDPR Compliance

We comply with GDPR requirements through mandatory Shopify webhooks. When Shopify notifies us of a customer data request, we collect and provide the customer's data. When notified of a deletion request, we delete the customer's conversations and messages. When a merchant uninstalls our app, we delete all associated shop data within 48 hours.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: rendainbox@gmail.com