Last updated: 4 June 2026
Revoco ("the app", "we", "us") is a Shopify app operated by OkayScale ApS. Revoco gives a merchant's storefront a compliant right-of-withdrawal function, records each withdrawal declaration as a tamper-evident legal record, and sends a confirmation-of-receipt on a durable medium. This policy explains what data the app processes and why.
When a shopper submits a withdrawal declaration on a merchant's storefront, Revoco stores the information the shopper enters (name, order or contract number, email address, the items selected, and an optional reason) together with the exact server timestamp of receipt and the verbatim declaration text. To mark a declaration as "verified", Revoco reads the matching Shopify order's name and email through the Shopify Admin API. Revoco also stores each merchant's app settings (storefront button and form configuration, sender identity, processing rules) and the Shopify session needed to call the Admin API on the merchant's behalf.
The data is used solely to provide the app's function: to record the withdrawal declaration as the authoritative legal record, to verify it against a real order, to send the confirmation-of-receipt email, and (when the merchant enables it) to cancel the matched order, create a Shopify return, or generate a PDF evidence pack. We do not sell personal data, and we do not use it for advertising or profiling.
Processing is necessary for the merchant to comply with their legal obligations under EU Directive 2023/2673 and national right-of-withdrawal law (for example German Section 356a BGB), and to perform the contract between the shopper and the merchant. The merchant is the data controller for shopper data; Revoco acts as a data processor on the merchant's instructions.
We use a small number of providers strictly to run the service: Shopify (the platform and Admin API), Railway (application hosting and the PostgreSQL database, hosted in the EU), and Resend (transactional email delivery for the confirmation-of-receipt). Each processes data only to deliver its part of the service.
Because a withdrawal declaration is a legal record, it is retained for as long as the merchant keeps the app installed, or for a retention period the merchant configures, whichever is shorter. When a merchant uninstalls the app, or upon a verified deletion request, the associated records are deleted. Revoco implements Shopify's mandatory privacy webhooks (customers/data_request, customers/redact, shop/redact) to support data-subject and shop deletion requests.
Shoppers have the right to access, correct, or delete their personal data and to restrict or object to its processing. Because the merchant is the controller, please direct such requests to the merchant whose store you used; the merchant can action them through Revoco, and we will assist the merchant as their processor.
Data is transmitted over TLS and stored in a managed PostgreSQL database. App-proxy requests are verified with an HMAC signature, and admin actions are authenticated with Shopify session tokens. Access to production systems is limited to authorised personnel.
For any privacy question or request, contact us at okayscaledk@gmail.com. We will respond within a reasonable time and, where applicable, coordinate with the merchant acting as data controller.