Privacy Policy

Refundly (we, us or our), understands that protecting your personal information is important. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or otherwise collected by us when providing our platform Refundly to you (Services) or when otherwise interacting with you.

The information we collect

Personal information is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

The types of personal information we may collect about you include:

  • Identity Data including first name and last name. 
  • Contact Data including email address and telephone numbers.
  • Financial Data including bank account and payment card details (through our third party payment processor, Plaid).
  • Transaction Data including details about payments to you from Merchants  and from you to Merchants. 
  • Technical and Usage Data including internet protocol (IP) address, your login data, your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour, information about your access and use of our website, including through the use of Internet cookies, your communications with our website, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider.
  • Profile Data including your username and password for Refundly, purchases or orders you have made, support requests you have made, content you post, send, receive and share through our platform, your interests, preferences, feedback and survey responses.  
  • Interaction Data including information you provide to us when you participate in any interactive features of our Services.
  • Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Sensitive information is a subset of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information. We do not actively request sensitive information about you. If at any time we need to collect sensitive information about you, unless otherwise permitted by law, we will first obtain your consent and we will only use it as required or authorized by law. If sensitive data collection is necessary, we will obtain opt-in consent in compliance with applicable laws. 

How we collect personal information

We collect personal information in a variety of ways, including:

  • Directly: We collect personal information which you directly provide to us, including when you register for an account, through the ‘contact us’ option on Refundly, or when you request our assistance via email or over the telephone.
  • Indirectly: We may collect personal information which you indirectly provide to us while interacting with us, such as when you use Refundly, in emails, over the telephone and in your online inquiries.
  • From third parties: We collect personal information from third parties, such as details of your use of our website from our analytics and cookie providers and marketing providers. See the “Cookies” section below for more detail on the use of cookies.
  • From publicly available sources: We collect personal data from publicly available resources such as professional networking sites such as LinkedIn.

Why we collect, hold, use and disclose personal information

We have set out below, in a table format, a description of the purposes for which we plan to collect, hold, use and disclose your personal information.

  • Directly: We collect personal information which you directly provide to us, including when you register for an account, through the ‘contact us’ option on Refundly, or when you request our assistance via email, or over the telephone.
  • Indirectly: We may collect personal information which you indirectly provide to us while interacting with us, such as when you use Refundly, in emails, over the telephone and in your online enquiries.
  • From third parties: We collect personal information from third parties, such as details of your use of our website from our analytics and cookie providers and marketing providers. See the “Cookies” section below for more detail on the use of cookies.
  • From publicly available sources: We collect personal data from publicly available resources such as professional networking sites such as LinkedIn.
Purpose of use / disclosure
Type of Personal Information

To enable you to access and use Refundly, including to provide you with a login.

  • Identity Data
  • Contact Data
  • Profile Data

To contact and communicate with you about our Services including in response to any support requests you lodge with us or other enquiries you make with us.

  • Identity Data
  • Contact Data
  • Profile Data

For internal record keeping, administrative, invoicing and billing purposes.

  • Identity Data
  • Contact Data
  • Financial Data
  • Transaction Data

For analytics, market research and business development, including to operate and improve Refundly and associated social media platforms.

  • Profile Data
  • Technical and usage Data

For advertising and marketing, including to send you promotional information about information that we consider may be of interest to you.

  • Identity Data
  • Contact Data
  • Technical and usage Data
  • Profile Data
  • Marketing and communications Data

To comply with our legal obligations or if otherwise required or authorized by law. 

Our disclosures of personal information to third parties

We may disclose personal information to:

  • our employees, contractors and/or related entities;
  • IT service providers, data storage, web-hosting and server providers;
  • marketing or advertising providers;
  • professional advisors, bankers, auditors, our insurers and insurance brokers;
  • payment systems operators such as Plaid;
  • our existing or potential agents or business partners;
  • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
  • courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; 
  • third parties to collect and process data, such as Google Analytics (To find out how Google uses data when you use third party websites or applications, please see www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time), or other relevant analytics businesses; and
  • any other third parties as required or permitted by law, such as where we receive a subpoena.

Google Analytics: We may have enabled Google Analytics Advertising Features including Remarketing Features, Advertising Reporting Features, Demographics and Interest Reports, Store Visits, Google Display Network Impression reporting etc. We and third-party vendors may use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together. 

You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin here.  To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device. 

Overseas disclosure

We may disclose personal information to:

  • our employees, contractors and/or related entities;
  • IT service providers, data storage, web-hosting and server providers;
  • marketing or advertising providers;
  • professional advisors, bankers, auditors, our insurers and insurance brokers;
  • payment systems operators such as Plaid;
  • our existing or potential agents or business partners;
  • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
  • courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; 
  • third parties to collect and process data, such as Google Analytics (To find out how Google uses data when you use third party websites or applications, please see www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time), or other relevant analytics businesses; and
  • any other third parties as required or permitted by law, such as where we receive a subpoena.

Google Analytics: We may have enabled Google Analytics Advertising Features including Remarketing Features, Advertising Reporting Features, Demographics and Interest Reports, Store Visits, Google Display Network Impression reporting etc. We and third-party vendors may use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together. 

You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin here.  To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device. 

Third-Party Email Data Access

Refundly requests access to your Gmail account only if you explicitly authorize it, and solely for reading order-related emails to facilitate tracking and support services. We comply with Google’s Gmail API Services User Data Policy, adhering to the following principles:

Appropriate Access

Refundly only requests access to the Gmail scope necessary to identify and process order-related emails, as specified by Google’s permissions for our application type. We may look at subject and sender to determine applicable emails; content access is limited to information relevant to shipment tracking and order management within your Gmail account.

Limited Use

We limit our use of data obtained from Gmail to providing user-facing features that are clearly displayed within Refundly’s user interface. Specifically:

  • Automated Shipment Processing: Order details are automatically extracted, and only order-related data is stored.
  • User-Facing Features Only: Data accessed from Gmail is solely used to provide shipment tracking, order management, and support features that are visible in your Refundly account. This data is not used for any unrelated purposes.

Transfers of data outside Refundly are not allowed, except in the following limited cases:

  • To Improve User Services: Data may be transferred only to provide or enhance Refundly’s user-facing shipment tracking features and only with your direct consent.
  • Security and Compliance: If necessary, data may be accessed to investigate security incidents, comply with applicable laws, or meet legal obligations.
  • Corporate Transactions: If Refundly is involved in a merger, acquisition, or asset sale, data transfers will occur only after obtaining your explicit consent.

Human Access for Troubleshooting

Refundly does not allow human access to your Gmail data except under very limited circumstances, including:

  • Troubleshooting and Bug Resolution: In some cases, Refundly’s authorized personnel may access shipment-related email data solely to resolve issues that affect the performance of shipment tracking. Human access is strictly limited to relevant shipment-related data and only as necessary.
  • Security Compliance: Access to email data may also occur if required for security purposes, such as investigating potential abuse or a data breach.
  • Legal Obligations: If required by law, we may allow limited access to specific email content to meet compliance obligations.

Refundly will never access other email content outside of shipment-related data, and such access is limited to only the data necessary for the purposes outlined above.

Prohibited Data Transfers and Uses

Refundly does not transfer, sell, or use your Gmail data for purposes outside of those explicitly authorized by you. Specifically:

  • No Advertising or Retargeting: Refundly does not transfer, sell, or use Gmail data for advertising purposes, including personalized or interest-based advertising.
  • No Data Brokers or Resellers: User data accessed from Gmail is never sold or shared with data brokers, credit assessment companies, or other third-party resellers.

All uses, transfers, or sales of data are restricted to ensure compliance with Google’s Gmail API User Data Policy.

Secure Data Handling

Refundly implements strict data security practices to ensure the protection of your Gmail data, including:

  • Secure Access and Storage: Data obtained through restricted scopes is securely stored and encrypted, with access limited to authorized Refundly personnel only.

User Rights

You have the right to manage your Gmail permissions at any time. You may disconnect Refundly’s access to Gmail by updating your permissions in your Google Account settings, which will revoke all data access for shipment tracking features.

Overseas disclosure

Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not it may affect our ability to provide our Services to you and your use of our Services.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us. 

Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. 

Deletion: You may request the deletion of your personal information, subject to certain exceptions where data is necessary for security, compliance, or other legal purposes.

Right to Non-Discrimination: Refundly will not discriminate against you for exercising any of your privacy rights, including your rights to access, correct, delete, or opt-out.

Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorized access, modification and disclosure.

While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.

Retention Policy: We retain your personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law. Data is securely deleted or anonymized once it is no longer needed.

Cookies

We may use cookies on our website from time to time. Cookies are text files placed in your computer's browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. If and when you choose to provide our online website with personal information, this information may be linked to the data stored in the cookie.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

Links to other websites

Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Personal information from social network accounts

If you connect your account with us to a social network account, such as Facebook, Google, we will collect your personal information from the social network. We will do this in accordance with the privacy settings you have chosen on that social network. 

The personal information that we may receive includes your name, ID, user name, handle, profile picture, gender, age, language, list of friends or follows and any other personal information you choose to share.

We use the personal information we receive from the social network to create a profile for you on our platform.

If you agree, we may also use your personal information to give you updates on the social network which might interest you. We will not post to your social network without your permission.

Where we have accessed your personal information through your Facebook account, you have the right to request the deletion of personal information that we have been provided by Facebook. To submit a request for the deletion of personal information we acquired from Facebook, please send us an email at the address at the end of this Privacy Policy and specify in your request which personal information you would like deleted. If we deny your request for the deletion of personal information, we will explain why. 

Amendments

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy.

For any questions or notices, please contact us at:

Refundly

Email: hello@oshri.co

Last update: October 25, 2024

© Novos Law 

RefundlyContact us
© Refundly 2023
Site by