returnEasier
Privacy policyGDPR · Updated on 01 May 2026

Privacy policy

How we collect, use and protect your data. No legal clichés: we tell you exactly what we do with your information and why.

01

Who is the controller?

The data controller is Julià Carboneras Girgas (Spanish Tax ID 40355527A), based at Calle Tramuntana 30, 17134 La Tallada d'Empordà, Girona (Spain). For any question about your personal data, write to us at gdpr@returneasier.com.

We process your data to deliver the service you signed up for, meet our legal obligations and tell you about relevant changes. We will never sell your data to third parties.

02

What data do we collect?

We distinguish three levels depending on how you interact with us:

  • Website visitor. Requested URL, truncated IP, language and user agent. If you accept analytics cookies, aggregated page events.
  • Lead (report download, trial sign-up). Email, Shopify store, language and the report data tied to your URL.
  • Customer / merchant. Legal name, VAT number, billing and account-holder details. Withdrawal-request data during the legal retention period.
03

What do we use it for?

Each purpose has its own legal basis. Here they all are:

Deliver the service
Performance of the contract (art. 6.1.b GDPR).
Comply with the law
Legal obligation (art. 6.1.c) — billing, audit log, tax retention.
Audit your store (free tool)
Explicit consent when you enter the URL.
Send product communications
Legitimate interest once you're a customer; consent if you're only a lead.
Improve the product
Legitimate interest, on data that is always anonymised.
04

Who do we share it with?

Only with processors, under a contract signed pursuant to art. 28 GDPR:

  • Shopify International Limited (Ireland) — store platform and subscription billing, via the official API.
  • Vercel — application hosting, EU region.
  • Neon — PostgreSQL database, EU region (eu-west).
  • Cloudflare R2 — PDF and photo storage, EU jurisdiction.
  • Brevo (France) — transactional email, EU servers.
  • Plausible Analytics (EU) — aggregated, cookieless visit metrics.

We work with providers configured in EU regions or jurisdictions. Some are headquartered outside the EEA (e.g. the US or Canada): any residual transfer is covered by the European Commission's standard contractual clauses (Decision 2021/914) or an adequacy decision.

05

How long do we keep the data?

Visitor data
13 months (recommended maximum).
Lead data without conversion
12 months from the last contact.
Active customer data
For the duration of the contractual relationship.
Tax / accounting data
Up to 10 years (accounting obligations).
Request audit log
5 years to defend against possible inspections.
06

Your rights

You have the right to access, rectify, erase, object, restrict processing and to data portability. You can exercise them by writing to gdpr@returneasier.com. We respond within a maximum of 30 days.

If you believe we haven't handled your request properly, you can lodge a complaint with your national data protection authority, or with our lead authority, the Spanish AEPD (aepd.es).

07

Changes to this policy

If we make material changes, we'll tell you by email at least 30 days in advance. The current version is always on this page, with the update date visible.

This document is governed by Spanish law. For any dispute, the parties submit to the Courts of Madrid, without prejudice to the consumer's mandatory rights in their country of residence.