Skip to main content

Legal

Data Compliance

Last updated: February 25, 2026

This page summarizes ReturnTracker's current data-protection and operational-security posture. ReturnTracker is a product/service of Hasher Technologies LLC and is not operated under a separate DBA/trade name.

Implemented Security Controls

  • Passwords are stored using one-way hashing (bcrypt).
  • Admin endpoints are role-restricted.
  • Session architecture uses short-lived access tokens with refresh tokens in httpOnly cookies.
  • Verification and password-reset flows use expiring token records.

Monitoring and Abuse Handling

We maintain operational logs and investigate abuse/security reports. Automated anti-abuse controls may evolve over time. ReturnTracker does not currently represent a 24/7 managed SOC service.

Certifications and Attestations

Unless explicitly stated in writing, Hasher Technologies LLC does not claim SOC 2, ISO 27001, HIPAA, or similar third-party certification for ReturnTracker.

Data Retention and Rights Requests

We retain account and tracker data as needed to operate the Service and meet security/compliance obligations. Data access, correction, export, and deletion requests are processed through support/legal request workflows after verification. We aim to respond within 30 days unless a lawful extension applies.

Incident and Compliance Contact

For compliance questions, incident reports, or rights requests, contact Hasher Technologies LLC at contact@returntracker.app.