Revoco - Privacy Policy

Last updated: 10 June 2026

Who we are

Revoco ("the app", "we", "us") is a Shopify app operated by OkayScale ApS. Revoco gives a merchant's storefront a compliant right-of-withdrawal function, records each withdrawal declaration as a tamper-evident legal record, and sends a confirmation-of-receipt on a durable medium. This policy explains what data the app processes and why.

Data we process

When a shopper submits a withdrawal declaration on a merchant's storefront, Revoco stores the information the shopper enters (name, order or contract number, email address, the items selected, and an optional reason) together with the exact server timestamp of receipt and the verbatim declaration text. To mark a declaration as "verified", Revoco reads the matching Shopify order's name and email through the Shopify Admin API. Revoco also stores each merchant's app settings (storefront button and form configuration, sender identity, processing rules) and the Shopify session needed to call the Admin API on the merchant's behalf.

How we use it

The data is used solely to provide the app's function: to record the withdrawal declaration as the authoritative legal record, to verify it against a real order, to send the confirmation-of-receipt email, and (when the merchant enables it) to cancel the matched order, create a Shopify return, or generate a PDF evidence pack. We do not sell personal data, and we do not use it for advertising or profiling.

Legal basis

Processing is necessary for the merchant to comply with their legal obligations under EU Directive 2023/2673 and national right-of-withdrawal law (for example German Section 356a BGB), and to perform the contract between the shopper and the merchant. The merchant is the data controller for shopper data; Revoco acts as a data processor on the merchant's instructions.

Sub-processors

We use a small number of providers strictly to run the service: Shopify (the platform and Admin API), Railway (application hosting and the PostgreSQL database, hosted in the EU), and Amazon Web Services (Amazon SES, EU region eu-north-1/Stockholm) for transactional email delivery of the confirmation-of-receipt and merchant notifications. Each processes data only to deliver its part of the service.

Retention

Because a withdrawal declaration is a legal record, it is retained for as long as the merchant keeps the app installed, or for a retention period the merchant can configure in Settings → Compliance, whichever is shorter. Upon a verified customer deletion request (customers/redact), Revoco anonymizes the affected records: the shopper's name, email, reason and other personal details are scrubbed from the record, while the timestamped declaration skeleton is retained on the basis of the legal-obligation exemption (GDPR Art. 17(3)(b)) so the merchant keeps their statutory proof of receipt. When a merchant uninstalls the app, all of the shop's records, settings, audit entries and sessions are permanently deleted (shop/redact, ~48 hours after uninstall). Revoco implements Shopify's mandatory privacy webhooks (customers/data_request, customers/redact, shop/redact) to support data-subject and shop deletion requests.

Your rights

Shoppers have the right to access, correct, or delete their personal data and to restrict or object to its processing. Because the merchant is the controller, please direct such requests to the merchant whose store you used; the merchant can action them through Revoco, and we will assist the merchant as their processor.

Security

Data is transmitted over TLS and stored in a managed PostgreSQL database. App-proxy requests are verified with an HMAC signature, and admin actions are authenticated with Shopify session tokens. Access to production systems is limited to authorised personnel.

Support access

To provide support, authorised Revoco staff may view and adjust a shop's Revoco app settings (such as appearance, email and compliance options) on the merchant's behalf — for example to apply a change a merchant has asked us to make. This access is limited to the app's own configuration, is protected by separate authenticated, time-limited access, and never includes signing in to the merchant's Shopify admin. Every change made this way is recorded in the shop's audit log.

Contact

For any privacy question or request, contact us at okayscaledk@gmail.com. We will respond within a reasonable time and, where applicable, coordinate with the merchant acting as data controller.