// Trust & Security Report

    ReturnGO Ltd. logo

    ReturnGO Ltd.

    Post-purchase / returns and exchanges management platform for e-commerce brands (primarily Shopify), covering Returns, Exchanges, Return Coverage (paid return protection), Shipping label generation, Tracking & Notifications, the 'Edge' self-service customer portal, and an API / OEM white-label solution for logistics and platform partners.

    Certifications held

    3

    Maturity

    Growth

    Trains on your data

    Yes

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    ReturnGO is now recognized as SOC 2 Type II compliant, meeting the highest standards of security and data privacy.

    Verify on returngo.ai
    SOC 2 (homepage claim, corroborating)
    HELD

    SOC 2 Enterprise-Grade Security. Don't skimp on post-purchase security. With ReturnGO's secure SOC 2 certified platform, you can streamline returns while protecting customer data.

    Verify on returngo.ai
    GDPR (documented privacy posture, not a certification)
    HELD

    ReturnGo is headquartered in Israel, a jurisdiction which is considered by the European Commission to be offering an adequate level of protection ... you may request access to, and rectification or erasure of your Personal Data.

    Verify on returngo.ai
    > Show 7 unconfirmed / not-held certifications
    ISO 27001
    NOT CONFIRMED

    No public evidence: ISO 27001 is not mentioned anywhere on the vendor's site (homepage, SOC 2 announcement, privacy policy, or terms of service), and no independent trust center exists to check.

    source: returngo.ai
    HIPAA
    NOT CONFIRMED

    No public evidence: HIPAA is not referenced on the vendor's site. ReturnGO processes e-commerce order/return data, not health records, so HIPAA is likely out of scope for the product rather than an unmet requirement.

    source: returngo.ai
    PCI DSS
    NOT CONFIRMED

    No public evidence: not mentioned on the vendor's site. ReturnGO integrates with third-party carriers/payment rails for shipping labels and return coverage fees rather than stating it directly handles cardholder data itself.

    source: returngo.ai
    ISO 27017 / 27018 / 27701
    NOT CONFIRMED

    No public evidence: none of these cloud-security or privacy-information ISO extensions are mentioned anywhere on the vendor's site.

    source: returngo.ai
    ISO/IEC 42001 (AI management systems)
    NOT CONFIRMED

    No public evidence: no AI-governance certification is referenced, despite the product using 'algorithms' trained on customer usage data.

    source: returngo.ai
    CSA STAR / CSA STAR for AI
    NOT CONFIRMED

    No public evidence: not mentioned on the vendor's site.

    source: returngo.ai
    FedRAMP
    NOT CONFIRMED

    No public evidence and not applicable: ReturnGO is a commercial e-commerce SaaS with no indication of US federal government customers or FedRAMP authorization.

    source: returngo.ai

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Not offered

    Data region

    US (AWS servers), per privacy policy: 'Your Personal Data is maintained, processed and stored by us and our authorized Service Providers in the AWS servers in US' plus other locations 'as reasonably necessary.' Company is headquartered in Israel.

    Privacy policy states User Data ('profile and contact details, and usage, preferences, engagement, analytics data and data obtained from the Solution') is 'used by us to train our algorithms and create better services.' Terms of Service separately permit ReturnGO to 'aggregate, de-identify and/or anonymize Data' for service improvement. No explicit customer opt-out mechanism for algorithm training was found in either document, and no dedicated Data Processing Agreement (DPA) was located, so enterprise buyers should confirm training/opt-out terms contractually before onboarding.

    // Security controls

    Certification

    SOC 2 Type II compliant (announced April 2024); no named audit firm in vendor materials reviewed.

    returngo.ai

    Encryption

    "Industry-standard physical, procedural and technical security measures, including encryption as appropriate" — no specifics on in-transit vs at-rest algorithms disclosed.

    returngo.ai

    Hosting / infrastructure

    Data hosted on AWS servers in the US, per privacy policy; underlying AWS SOC 2/ISO certifications belong to AWS as host, not to ReturnGO directly.

    returngo.ai

    Email authentication

    DKIM and SPF protocols used for outbound notification emails; CAN-SPAM compliant; emails sent via Amazon SES.

    support.returngo.ai

    Data retention

    Personal data retained "for not more than 7 years from termination" of the customer engagement, subject to legal/dispute exceptions.

    returngo.ai

    Data ownership / liability

    Terms of Service cap ReturnGO's liability at 12 months of subscription fees and exclude indirect/consequential damages; ToS also states ReturnGO has 'no obligation to meet any service level or uptime availability parameters.'

    returngo.ai

    // Products & data scope

    ReturnGO Core (Returns & Exchanges)Returns management SaaS

    data: Order data, customer contact/profile data, return reason/analytics data

    Primary product; integrates with Shopify and other e-commerce platforms plus carriers, 3PL, ERP, helpdesk and loyalty systems.

    Edge (self-service return portal)Customer-facing return/exchange UI

    data: Customer order lookup, exchange selection data

    Branded self-service portal layered on the core platform; no separate compliance scope disclosed.

    Return CoverageReturn-protection / warranty-style add-on fee product

    data: Order value, coverage purchase/claim data

    Shifts return cost to shoppers via an optional paid coverage fee; no separate financial/insurance compliance disclosure (e.g., no PCI or insurance-regulatory certification) found.

    API / OEM SolutionWhite-label / partner integration API

    data: Same underlying return/shipment data, exposed to logistics and platform partners

    Marketed to 'Innovators' and 'Logistics Partners' to embed ReturnGO functionality; no distinct security documentation found for this surface, so the same SOC 2 Type II claim should be treated as covering the whole platform unless a report scope letter says otherwise.

    // What to watch

    • No independent trust center found (trust.returngo.ai does not resolve); SOC 2 Type II claim is corroborated by two vendor-domain pages (homepage badge + dedicated announcement post) but no downloadable report, auditor name, or report date range was accessible to verify scope and freshness.
    • Company was reportedly acquired in July 2025 (per TechCrunch/Dealroom coverage found via search, not vendor-confirmed) — post-acquisition ownership/security posture should be reconfirmed before listing as current.
    • Privacy policy confirms customer usage data is used to 'train our algorithms' with no explicit opt-out documented in the evidence reviewed; enterprise buyers handling sensitive order data should request a DPA, none was found publicly.
    • AWS hosting is disclosed, but ReturnGO does not claim AWS's certifications as its own in the pages reviewed — no host-vs-vendor conflation observed, noted here for transparency.
    • No ISO 27001, HIPAA, PCI DSS, or AI-governance (ISO 42001 / CSA STAR) certifications found; product is positioned as using 'algorithms' but carries no AI-specific governance certification.

    // At a glance

    Pricing model

    Subscription SaaS

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on ReturnGO Ltd.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    returngo.ai

    > Browse all vendor trust reports