Legal

Privacy Policy

Last updated: 1 March 2026

This page is maintained by ReturnRack Ltd. to answer common privacy questions about ReturnRack. It is not a legal certification.

Who we are

ReturnRack Ltd. is a company registered in England & Wales (Company No. 13485729), with offices at Platform House, Wellington Street, Leeds LS1 4AP.

What we collect

We collect account information (name, work email, company), product usage data required to operate the service, and support communications you send us.

How we use it

To provide and improve the service, to keep it secure, to communicate with customers, and to comply with our legal obligations. We do not sell personal data.

Subprocessors

We use a limited set of vetted subprocessors for hosting, email delivery and error monitoring. A current list is available on request from our DPO.

Retention and deletion

Customer data is retained for the duration of the contract and deleted within 30 days of termination unless a longer retention period is required by law.

Your rights

Under UK GDPR you have the right to access, correct, delete and port your personal data. Contact privacy@returnrack.co.uk.

Cookies

We use essential cookies to run the service and optional analytics cookies with your consent. You can manage preferences via the cookie banner.

Security

ReturnRack is ISO 27001 certified, GDPR compliant and currently pursuing SOC 2 Type II certification. Data is encrypted in transit and at rest.