01 Information we collect
We collect only what we need to run Return, pay you your share of revenue, and keep the marketplace honest. Information falls into the following categories:
| Category | Examples | Why |
|---|---|---|
| Account & contact | Name, email, account handle | Sign-in, support, payout notifications |
| Payout & payment | Tokenized payout details handled by Stripe | Sending you your 50% revenue share |
| Rewards activity | Points earned, missions, redemptions, progression | Crediting rewards and preventing fraud |
| Technical & device | Browser type, extension version, coarse region, anti-fraud signals | Security, compatibility, abuse prevention |
| Communications | Support tickets, emails you send us | Responding to and improving support |
02 How we use your information
Your information is used to deliver the service and improve it — never to surveil you. Specifically, we use it to:
- Operate Return, credit your points, and process your revenue share and payouts.
- Match clearly labeled "Sponsored" reward cards contextually — carrying the sponsoring advertiser's own name and logo, or an ABESTAI house card when no sponsor is available — not from your private conversations.
- Protect the marketplace against bots, fraud, theft, and cheating.
- Provide support, comply with legal obligations, and improve quality.
- Send service updates and — only where permitted — newsletters and promotions you can unsubscribe from at any time.
03 AI conversations & advertising
This is the part that matters most, so we make it explicit. Return is a companion that runs while AI is generating a response — and that is the only moment it acts.
Reward cards are matched using non-sensitive, contextual signals (such as the site category and your opted-in preferences). A reward card may display the sponsoring advertiser's own brand name and logo next to a clear "Sponsored" label — that brand is the advertiser who paid for the placement, not ABESTAI — and advertisers never receive your prompts, chats, or identity.
04 Data security & protection
Because money and competition are involved, security is foundational, not optional. Our measures include:
- Encrypted transmission using industry-standard SSL/TLS protocols.
- Secure storage with access controls and encrypted backups.
- Stripe payment processing (PCI DSS Level 1 compliant) — we don't store full card numbers.
- Network firewalls, intrusion detection, and regular security audits.
- Employee confidentiality training and least-privilege access.
No system is perfectly secure, but we work continuously to protect your information and will notify affected users of a material breach as required by law.
05 Information sharing & disclosure
We share data narrowly and only when there is a clear reason:
- With service providers who run the platform on our behalf (e.g., Stripe for payments) under strict obligations.
- When legally required, such as a valid legal request or to protect rights and safety.
- As part of a business transfer (e.g., merger or acquisition), with this policy continuing to apply.
06 Data retention
We keep account, transaction, and rewards records for as long as your account is active and for the period needed to meet legal, accounting, tax, and anti-fraud obligations. When data is no longer required for these purposes, we delete or anonymize it.
07 Your rights & choices
You stay in control of Return and your data. Depending on your location, you may have the right to:
- Access & portability — request a copy of your personal data.
- Correction — fix inaccurate or incomplete information.
- Deletion — request erasure, subject to legal and anti-fraud retention duties.
- Opt-out & control — Return is opt-in and per-site; pause or disable it anytime, and unsubscribe from marketing.
To exercise any right, contact us using the details below. We respond within the timeframes required by applicable law.
08 Cookies & tracking technologies
We use cookies and similar technologies for essential functionality, to remember your preferences, to measure analytics, and to keep the service secure. You can manage cookies through your browser settings; disabling some may affect how Return works.
09 International data transfers
Return operates globally, so your information may be processed in countries other than your own. When we transfer data internationally, we apply appropriate safeguards and handle it in accordance with this policy and Singapore law.
10 Children's privacy
Return is not directed to children under the age required by your jurisdiction (and never under 13). We do not knowingly collect personal data from children. If you believe a child has provided us information, contact us and we will delete it.
11 Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised version here with a new "Last updated" date and, for material changes, provide additional notice. Continued use of Return after an update indicates acceptance of the revised policy.
12 Governing law
This Privacy Policy is governed by the laws of Singapore, without regard to conflict-of-law principles.
13 Contact us
Questions about your privacy or this policy? We'd genuinely like to hear from you.
Talk to the Return privacy team
Reach out for data requests, security reports, or anything else about how Return handles your information.