Need to verify a device? Use the button below to access the Retsu Certified search tool.
Access Retsu Certified Search© Dehhani Ltd 2026
v1.91.81
Dehhani Ltd — Retsu
Last Updated: July 17th, 2026
These Terms of Service ("Terms") govern your access to and use of the Retsu product suite and all related tools and services (collectively, the "Service"), operated by Dehhani Ltd, a company registered in England and Wales ("us," "we," or "our"). By accessing or using any part of the Service, you agree to be bound by these Terms. If you do not agree, you must not access or use the Service.
Retsu is the same product and service previously known as "Device Setup Utility" ("DSU"). Effective June 21st, 2026, the product suite, its component applications (Retsu — Portal, Retsu — Profiler, and Retsu — Erasure, formerly DSU — Portal, DSU — Profiler, and DSU — Erasure), and the web portal (now at portal.retsu.uk, formerly devicesetup.app) have been renamed and rebranded. The change is one of name and branding only.
This rebranding does not create a new product, a new legal entity, or a new agreement, and does not otherwise alter the substance of these Terms. In particular:
The legacy domain devicesetup.app and the "Device Setup Utility"/"DSU" naming may continue to appear on, or redirect from, certain historical materials, third-party listings, or previously issued certificates for a transitional period. Where you have any question about whether a record or reference under the former name relates to your account, contact us at support@dehhani.uk.
The Service comprises the following components:
References to the "Service" throughout these Terms include all of the above components unless otherwise specified.
The Service allows you to post, link, store, share, and otherwise make available certain information, text, graphics, images, or other material ("Content"). You are responsible for the Content that you post on or through the Service, including its legality, reliability, and appropriateness.
Users may purchase a profiling licence to access both Retsu — Profiler and Retsu — Erasure. Each licence permits a defined number of device submissions determined by the selected package. Licence consumption is recorded on a per-device basis; each device submission from either Retsu — Profiler or Retsu — Erasure decrements the available profiling allowance by one.
Erasure licences are purchased separately and are required in addition to a profiling licence to perform data erasure operations using the Retsu — Erasure module. Each erasure operation (one or more drives on a single device) consumes the number of erasure licence credits corresponding to the number of drives erased. Erasure licence credits are non-transferable between accounts.
Licence keys are issued to a single account and must not be shared, redistributed, sublicensed, or used by any party other than the licensed account holder and their authorised sub-users. We reserve the right to revoke any licence key found to be in breach of this restriction without refund.
The Service requires an active internet connection to authenticate licence keys, verify erasure credits, and submit device reports. The application communicates with our servers on each use for licence verification and report submission. You acknowledge that the Service cannot operate without connectivity to our servers.
If your licence allowance or erasure credits are exhausted during a session, you will be unable to submit further reports or perform additional erasures until additional credits are purchased. Partially completed operations at the point of exhaustion may not be recorded. It is your responsibility to maintain adequate licence credits for your intended workload.
Profiling licence subscriptions may be cancelled by the user at any time. Cancelled licences remain active until the end of the current billing period. Erasure licence credits do not expire but are non-refundable once purchased. All licence purchases are non-refundable.
Users receive a referral code that may be shared with others. When a referral code is used during a licence purchase, both the referrer and the referee will receive 100 additional device credits on a valid profiling licence. Referral credits: (a) are credited to a valid, active profiling licence only; (b) expire 12 months from the date of award if unused; (c) are non-transferable and have no cash value; (d) will be forfeited if the qualifying licence is cancelled or revoked; and (e) may be withdrawn or modified at any time if we have reasonable grounds to suspect abuse, fraudulent referrals, or self-referrals. We reserve the right to modify or discontinue the referral programme at any time on 30 days' notice.
We reserve the right to increase or otherwise modify the prices of all services, licence packages, erasure credits, and add-on subscriptions at any time. Users will be notified of any price modifications by email at least 30 days prior to such changes taking effect. Continued use of the Service after the effective date of a price change constitutes acceptance of the revised pricing. One-time purchases (including erasure credit packs) are charged at the price displayed at the time of purchase.
The Retsu — Erasure module generates erasure certificates that document the erasure method applied (e.g., NIST SP 800-88 Clear/Purge, DoD 5220.22-M, HMG IS5) and the verification outcome. Erasure certificates are a record of the process performed. They do not constitute a warranty, guarantee, or representation that data is irrecoverable under all circumstances, including advanced forensic recovery methods.
Retsu — Erasure performs media sanitisation in conformance with the National Institute of Standards and Technology Special Publication 800-88 Revision 2 (NIST SP 800-88 Rev. 2), Guidelines for Media Sanitization. Our NIST SP 800-88 conformance statement, which describes how the software meets these guidelines, is available at Retsu NIST SP 800-88 Conformance Statement (PDF).
Evidentiary retention. Erasure certificates and their associated submission records (including the erasure method, verification outcome, device identifiers, technician identifier, and timestamps) are evidentiary documents that may be relied upon for data-protection compliance and audit purposes. Dehhani Ltd retains these records for the lifetime of your account and for a minimum of six (6) years from the date of erasure, in order to support compliance audits and to enable verification via the Retsu Certified portal, after which they may be deleted. This retention period operates independently of, and survives, the deletion of other device data; you remain responsible for archiving copies of any certificates required to meet your own regulatory obligations.
Due to the architecture of solid-state storage devices — including wear-levelling, over-provisioning, and controller-managed block allocation — software-based overwrite methods may not sanitise all addressable and non-addressable storage areas. For SSDs and NVMe drives, the NIST SP 800-88 Purge method (which issues ATA Secure Erase or NVMe Format commands to the drive firmware) is strongly recommended. The selection of the appropriate erasure method for the storage media in use is solely the responsibility of the user. We do not warrant that any software-based erasure method will render data irrecoverable from solid-state media.
To the maximum extent permitted by applicable law, Dehhani Ltd shall not be liable for any data breach, data exposure, regulatory penalty, claim, loss, or damage arising from or in connection with residual data on storage media that has been processed by the Retsu — Erasure module, regardless of the erasure method selected. This limitation applies whether the claim arises in contract, tort (including negligence), strict liability, or any other legal theory.
You are solely responsible for: (a) selecting an erasure standard appropriate to the sensitivity classification of the data and the regulatory requirements applicable to your organisation; (b) verifying that the erasure method is compatible with the target storage media; (c) maintaining and archiving erasure certificates as required by your compliance obligations; and (d) physically destroying storage media where software-based erasure is insufficient for your security requirements.
Data erasure operations performed by the Retsu — Erasure module — including, without limitation, NIST SP 800-88 Purge, NIST SP 800-88 Clear, DoD 5220.22-M, HMG IS5, and Gutmann overwrite methods — are permanent and irreversible. Once an erasure operation has been initiated and completed, the data on the target storage medium cannot be recovered by any means. You acknowledge that you have sole responsibility for ensuring that all data on the target device has been backed up or is no longer required prior to initiating any erasure operation. Dehhani Ltd shall bear no liability whatsoever for data loss resulting from erasure operations initiated by you or any authorised user of your account.
The operating system deployment functionality within Retsu — Erasure installs an operating system image onto the target storage drive. This process partitions, formats, and overwrites the contents of the selected drive. All existing data on the target drive will be permanently destroyed as a consequence of operating system installation. It is your sole responsibility to ensure that the correct target drive is selected and that no data requiring preservation resides on that drive prior to initiating deployment.
Retsu — Erasure performs automated hardware diagnostic tests by interfacing with device components through the Linux kernel and available device drivers within the live operating environment. You acknowledge that: (a) certain hardware components may not be detected or may not be fully testable where the requisite Linux kernel drivers are not available or are not compatible with the specific hardware revision; (b) test results are generated programmatically and reflect the software's interpretation of hardware responses at the time of testing; and (c) hardware test results do not constitute a warranty or guarantee of device functionality and should be independently verified where they are material to any commercial, contractual, or regulatory decision.
The Retsu — Portal provides a remote command interface that permits authorised users to issue instructions to devices running Retsu — Erasure over an authenticated WebSocket connection. Available remote commands include, without limitation: initiating data erasure, running hardware tests, deploying operating systems, submitting device reports, and powering off or rebooting the device. You are solely responsible for: (a) controlling which individuals have access to your Retsu — Portal account and the ability to issue remote commands; (b) ensuring that sub-users granted access to the Portal are authorised to perform remote operations on connected devices; and (c) any and all consequences arising from remote commands issued from your account, whether authorised or resulting from a failure to secure your account credentials. Dehhani Ltd shall not be liable for any loss, damage, or data destruction resulting from remote commands issued by you, your sub-users, or any third party who obtains access to your account.
Retsu — Erasure operates within a custom Linux live environment with root-level (superuser) privileges on the target device. This level of access is necessary to perform low-level hardware interrogation, direct storage media access for data erasure, drive partitioning for operating system deployment, and hardware diagnostic operations. You acknowledge and accept that granting the software root-level access is an inherent requirement of its functionality, and that Dehhani Ltd shall not be liable for any unintended consequence arising from the software's operation at this privilege level, provided the software is used in accordance with these Terms and the accompanying documentation.
Retsu — Erasure may periodically retrieve and apply software updates from Dehhani Ltd's servers ("OTA Updates"). These updates may modify the live operating environment, application code, driver support, and erasure or testing capabilities. OTA Updates are delivered automatically when the device is connected to the internet and has verified its licence key. By using the Service, you consent to the automatic application of OTA Updates. Dehhani Ltd shall use reasonable efforts to ensure that updates do not adversely affect existing functionality; however, we do not warrant that any specific feature or behaviour will remain unchanged following an update.
Each Retsu — Erasure installation authenticates against Dehhani Ltd's servers using a licence key and an associated verification code embedded in the bootable media. The verification code uniquely identifies the installation medium and is used to validate the licence, synchronise account settings, and authorise erasure credit consumption. You must not tamper with, extract, reverse-engineer, or redistribute verification codes. Dehhani Ltd reserves the right to revoke any verification code or licence key that is found to be compromised, shared without authorisation, or used in violation of these Terms.
In the course of its operation, Retsu — Erasure collects and transmits the following categories of data to Dehhani Ltd's servers: (a) device hardware specifications, including serial numbers, manufacturer and model identifiers, processor, memory, storage, battery, and network adapter details; (b) hardware diagnostic test results and erasure verification outcomes; (c) erasure certificates and associated metadata; (d) device photographs captured during processing (where the Device Photo Capture feature is enabled); (e) Wi-Fi network credentials entered by the user for the purpose of establishing internet connectivity, which are encrypted in transit and at rest; (f) session metadata, including session duration, technician identifiers, and timestamps; and (g) application telemetry necessary for licence verification and service operation. This data is collected solely for the purposes set out in Section 6 (Data Collection & Privacy) and is processed in accordance with applicable data protection legislation.
To ensure that erasure certificates, hardware test results, and audit records carry an accurate and trustworthy timestamp — and to confirm that the device has working internet connectivity before licence verification and report submission — Retsu — Erasure performs a time-synchronisation and connectivity check during operation. As part of this check, the device's public IP address is transmitted to one or more independent third-party network services that return the current time, time zone, and/or approximate geographic location associated with that IP address. The third-party services that may be used for this purpose currently include ip-api.com (operated by Bürger & Riedel UG, Germany), ipwho.is (USA), ipapi.co (USA), and network endpoints operated by Cloudflare, Inc. (USA) and Google LLC (USA). The data transmitted to these services is limited to the device's public IP address and the technical parameters of the request; no device hardware data, erasure data, account credentials, or personal data held in your account is sent to these services. A public IP address may constitute personal data under the UK GDPR where it can be associated with an identifiable individual. These services act as sub-processors and are listed in our Privacy Policy and GDPR Policy, where the applicable transfer safeguards are described. Where you require a configuration in which these external time-synchronisation checks are disabled or restricted to a specific provider for your compliance posture, contact us at support@dehhani.uk.
Retsu — Profiler and Retsu — Erasure (collectively, the "Profiling Tools") retrieve hardware specification data, diagnostic telemetry, and test results by interrogating system firmware interfaces (including, without limitation, SMBIOS/DMI tables, ACPI data, WMI providers, PCI/USB descriptor fields, and manufacturer-specific APIs). The completeness, accuracy, and availability of such data are determined entirely by the device manufacturer, the firmware revision installed, and the operating environment in which the Profiling Tools execute. Dehhani Ltd does not control, author, or validate the data exposed by these hardware interfaces and makes no representation or warranty — express, implied, or statutory — as to the accuracy, completeness, reliability, or fitness for any particular purpose of any hardware specification data retrieved by the Profiling Tools.
You acknowledge and accept that the Profiling Tools may, under certain circumstances: (a) be unable to retrieve one or more hardware specifications where the device firmware does not expose the relevant data fields, or where the requisite kernel drivers or hardware abstraction layers are unavailable in the execution environment; (b) return data that is inaccurate, incomplete, truncated, or inconsistent with the physical hardware installed, due to firmware misreporting, OEM customisation, missing or outdated driver support, or hardware abstraction limitations; or (c) report nominal or default values where the underlying interface returns null, zero, or placeholder responses. These limitations are inherent to software-based hardware interrogation and are not defects in the Service.
You are solely and exclusively responsible for: (a) reviewing all hardware specification data, diagnostic results, and device reports generated by the Profiling Tools before relying upon, publishing, or distributing such data; (b) exercising reasonable due diligence to identify and correct any errors, omissions, or anomalies in the reported data; (c) independently verifying any data point that is material to a commercial transaction, regulatory obligation, warranty claim, or compliance requirement; and (d) ensuring that any data exported, shared, or used in downstream systems (including, without limitation, marketplace listings, invoices, certificates, and inventory records) has been validated for accuracy. Failure to exercise such due diligence shall not give rise to any claim against Dehhani Ltd.
To the maximum extent permitted by applicable law, Dehhani Ltd shall not be liable for any loss, damage, cost, expense, claim, or liability (whether direct, indirect, incidental, consequential, special, or exemplary) arising from or in connection with: (a) inaccurate, incomplete, or missing hardware specification data reported by the Profiling Tools; (b) any decision, transaction, or action taken in reliance upon data generated by the Profiling Tools without independent verification; or (c) any regulatory penalty, contractual dispute, customer complaint, or reputational harm resulting from the publication or distribution of unverified device data. This exclusion applies whether the claim arises in contract, tort (including negligence), strict liability, misrepresentation, or any other legal or equitable theory.
We offer add-on packages that provide additional features. These add-ons are available on a subscription basis (yearly or monthly).
Add-ons may be cancelled at any time. Access will expire at the end of the current payment cycle.
Add-ons may rely on third-party APIs. Customer data may be shared with third parties solely to the extent necessary to provide the functionality of the relevant add-on. For details on specific marketplace integrations, see Section 12. Where a third-party provider acts as a data processor of personal data on our behalf or yours, we enter into or rely upon appropriate data processing agreements or standard contractual clauses with that provider. A current list of sub-processors is available upon request at support@dehhani.uk and is set out in our GDPR Policy.
The Eris AI Assistant is an optional add-on feature (the "Eris Add-On") that, when activated on your account, provides an artificial intelligence-powered assistant interface within the Retsu — Portal. The Eris Add-On is powered by the OpenAI API, operated by OpenAI, L.L.C. and its affiliates ("OpenAI"). By activating and using the Eris Add-On, you acknowledge and agree that certain data from your account will be transmitted to OpenAI's servers for the purpose of generating the assistant's responses.
Agentic functionality. The Eris Add-On is not limited to answering questions. On your instruction, it can read your account data, generate analysis, predictions, and recommendations, and perform actions on your records on your behalf, including (without limitation) creating, editing, moving, recycling (soft-deleting), and permanently removing or consuming clients, devices, batches, and sales, inbound, and outbound orders, and sharing or broadcasting batch and listing information. Actions that are irreversible (such as permanently consuming an item) require your explicit confirmation before Eris will carry them out. You acknowledge and agree that any action performed by the Eris Add-On at your or your sub-user's instruction is treated as an action taken by you, is your sole responsibility, and is subject to the same Account Holder and sub-user responsibilities set out elsewhere in these Terms. Dehhani Ltd shall not be liable for any loss, deletion, modification, disclosure, or other consequence arising from instructions you or your sub-users give to the Eris Add-On, or from your reliance on its analysis, predictions, valuations, or recommendations, which do not constitute professional, financial, or legal advice and should be independently verified where material.
External market data. To generate pricing and disposition insight, the Eris Add-On may retrieve publicly available third-party market information (for example sold-item comparables from eBay and trade listings from TheBrokerSite). Such information is provided by third parties, may be inaccurate, incomplete, or out of date, and is offered for indicative purposes only; Dehhani Ltd does not warrant it and accepts no liability for decisions made in reliance on it.
Specifically, each request made to the Eris Add-On transmits the following categories of data to OpenAI:
The foregoing data is transmitted to OpenAI solely for the purpose of generating a response to your query and is not used by Dehhani Ltd for any other purpose. Dehhani Ltd does not transmit account passwords, payment card data, full database exports, or unrelated account records as part of any Eris Add-On request.
OpenAI processes the transmitted data in accordance with its own privacy policy and data processing terms. Transfers of data to OpenAI are made on the basis of appropriate safeguards in accordance with UK GDPR Chapter V, including OpenAI's standard contractual clauses or applicable adequacy arrangements. You are advised to review OpenAI's privacy policy and data processing addendum prior to enabling the Eris Add-On, particularly if your account holds personal data relating to third parties (including client contacts, sub-users, or individuals identifiable from device photographs).
As Account Holder, you accept sole responsibility for ensuring that your use of the Eris Add-On — including the transmission of any personal data within your account to OpenAI — complies with all applicable data protection legislation, including the UK GDPR and the Data Protection Act 2018, and with any obligations owed by you to the individuals whose data is held within your account. Dehhani Ltd shall not be liable for any regulatory penalty, claim, or loss arising from your use of the Eris Add-On in connection with personal data for which you are the data controller.
Retention and audit. To provide, support, secure, and improve the Eris Add-On, Dehhani Ltd retains on its servers a transcript of your Eris conversations, any feedback you provide on its responses, and derived quality and diagnostic records. Actions performed by the Eris Add-On are recorded in the account audit trail (Section 13) in the same manner as actions taken manually, attributed to the assistant acting on your behalf. This data is used only for the operation, security, and improvement of the feature and is processed in accordance with our Privacy Policy and GDPR Policy; you may request its deletion. The Eris Add-On may be deactivated at any time, which will prevent further data transmission to OpenAI in connection with the assistant feature.
In the course of providing the Service, we collect and process the following categories of data:
All data is transmitted to and stored on servers operated by or on behalf of Dehhani Ltd via the portal.retsu.uk (formerly devicesetup.app) portal.
Two-factor authentication. The Service offers optional two-factor authentication (2FA) using a time-based one-time-password (TOTP) authenticator app such as Google Authenticator or Microsoft Authenticator. Where you enable it, you are responsible for keeping your authenticator device and one-time recovery codes secure and confidential. If you lose access to both your authenticator and your recovery codes, an account administrator may need to reset your second factor before you can sign in again.
Users may upload images of devices to the Portal for record-keeping and inventory management purposes. Such images are stored on our servers and associated with the relevant device record.
The Service includes an optional "Device Photo Capture" feature, which is disabled by default and may be enabled or disabled at any time by the account administrator via the settings menu on the Retsu — Portal. When enabled, this feature instructs Retsu — Profiler and Retsu — Erasure to capture photographs using the device's built-in webcam during the diagnostic or erasure process. Captured images are automatically uploaded to and stored on our servers alongside the corresponding device report.
The purpose of Device Photo Capture is to provide users with a visual record of webcam functionality and an opportunity to assess the physical condition of the device at the time of processing. You acknowledge that images captured by this feature may incidentally contain identifiable individuals or surroundings within the webcam's field of view, and that such images may, depending on their content, constitute personal data — and in some circumstances special-category data — under the UK GDPR and the Data Protection Act 2018.
Account Holder responsibility and lawful basis. Device Photo Capture is a feature you elect to enable. By enabling it, you, as Account Holder and data controller for your account, acknowledge and agree that: (a) you are solely responsible for establishing a valid lawful basis under UK/EU GDPR for the capture (which will typically require the explicit consent of, or a documented legitimate-interest assessment in respect of, any operator or other individual who may be captured); (b) you are responsible for informing your operators, technicians, and any other affected individuals that webcam images are captured during device processing, and for obtaining any consents required; (c) where required by applicable law, you are responsible for conducting a Data Protection Impact Assessment (DPIA) prior to enabling the feature; and (d) Dehhani Ltd acts only as a processor in storing these images on your instruction and shall not be liable for any claim, regulatory penalty, or loss arising from your enabling or use of the feature without an appropriate lawful basis or required notifications. It remains your responsibility to ensure that the use of this feature complies with all applicable privacy and data protection laws in your jurisdiction.
Images captured via Device Photo Capture are not exposed to non-authenticated users at any point. They are excluded from publicly accessible certificate verification pages, broadcast communications, shared batches, and all other externally visible features of the Service. Captured images are accessible only to authenticated users on the Account Holder's account, solely within the corresponding device report on the Retsu — Portal.
Data is collected for the purposes of: licence verification, device report generation, erasure certification, audit trail maintenance, device image storage, and the general operation of the Service.
Where the Service processes personal data of individuals located in the United Kingdom, such processing is subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Details of our data processing practices, lawful bases, data subject rights, and contact information for our data protection enquiries are set out in our GDPR Policy and Privacy Policy.
The Service includes Google Maps features and content for displaying collection and delivery addresses and for the optional Client Map mode. When an authorised user opens Client Map mode, the Service sends the most complete available billing or shipping address saved for each addressable client from the user's browser to Google's geocoding service so that the address can be converted into map coordinates and displayed on a Google map. When a public collection or delivery map is loaded, the relevant address and ordinary browser request data may also be sent to Google. Client business names and account statuses are rendered by Retsu over the map and are not included in the address submitted for geocoding.
Use of Google Maps features and content is subject to the then-current Google Maps/Google Earth Additional Terms of Service and Google Privacy Policy. Google may receive and process address queries, IP address, user-agent, referring origin and map interaction or technical data under those terms. As Account Holder, you are responsible for ensuring that you have a lawful basis and have provided any required notice before you or your sub-users use Google Maps with an address relating to another person, and you must not use the feature to send data to Google where doing so would breach applicable law or Google's terms.
Google Maps and geocoding results are provided for convenience and may be inaccurate, incomplete, delayed or unavailable. They must not be treated as verified address, routing, collection, delivery, safety or compliance instructions. Availability depends on Google's services and may change without notice. Further details are set out in our Privacy Policy, GDPR Policy and Cookies Policy.
Device reports, erasure certificates, and associated data are retained for as long as your account remains active. Billing and transactional records are retained for a minimum of 6 years from the date of transaction in compliance with HMRC requirements. You may request deletion of your data in accordance with our Privacy Policy.
You may export your device data, order records, and erasure certificates from the Platform at any time in CSV, XLSX, or PDF format using the built-in export functions. You may also exercise your right to data portability under UK GDPR by contacting us at support@dehhani.uk.
If your account has had no login activity for a continuous period of 24 months, we may notify you by email at your registered address that your account is considered inactive. If no response is received within 30 days of that notification, we reserve the right to deactivate the account. Deactivation does not constitute deletion; your data will be retained in accordance with our Privacy Policy until you request deletion or your account is closed. We will provide a further 30 days' notice before any permanent deletion of inactive account data.
Dehhani Ltd operates the Service as a multi-tenant platform serving many independent customers, some of whom may be competitors. We treat the data within your account — including your device inventory, pricing, client and buyer contacts, inbound and outbound order records, manifests, container references, and erasure records — as your confidential information. We implement logical access controls designed to ensure that data belonging to one customer's account is not accessible to, or visible to, any other customer. Data from one customer's manifests, inbound orders, container references, or inventory is never deliberately disclosed to, or made visible to, another customer through the Service. We will not use your confidential account data except as necessary to provide, secure, support, and improve the Service, to comply with a legal obligation, or as otherwise permitted in these Terms and our Privacy Policy. This obligation does not apply to information that is or becomes publicly available other than through our breach, or to data you elect to expose through the Service's public-sharing features (such as public batch share links or the Retsu Certified verification portal), the operation of which is described in Section 11 and our Privacy Policy.
The Service is provided on an "as available" basis. While we use commercially reasonable efforts to maintain availability, we do not guarantee uninterrupted or error-free access to the Service. The Service may be temporarily unavailable due to maintenance, updates, or circumstances beyond our reasonable control.
The Service requires an active internet connection for licence authentication, erasure credit verification, and report submission. If our servers are unreachable, you will be unable to authenticate, perform licensed operations, or submit reports until connectivity is restored. We shall not be liable for any loss or inconvenience arising from service unavailability.
Certain components of the Service may queue reports locally when connectivity is temporarily interrupted. Queued reports will be submitted automatically when connectivity is restored. We do not guarantee the integrity or delivery of locally queued data and accept no liability for reports that fail to submit due to local storage failure, device shutdown, or other causes.
The Retsu — Erasure module and associated tools may facilitate the deployment of operating system images (including Microsoft Windows) to target devices. You are solely responsible for ensuring that you hold valid licences for any operating system deployed using the Service. Dehhani Ltd does not provide, supply, or sublicence any Microsoft Windows licences or any other third-party operating system licences. Use of operating system deployment features constitutes your representation that you are appropriately licensed for such deployment.
The Service, including but not limited to the Portal, Retsu — Profiler, the Retsu — Erasure live environment, the user interface, all source code, object code, documentation, graphics, and design elements, is and remains the exclusive property of Dehhani Ltd. All rights not expressly granted herein are reserved.
Subject to your compliance with these Terms and payment of applicable fees, we grant you a limited, non-exclusive, non-transferable, revocable licence to use the Service for your internal business purposes. You may not copy, modify, distribute, reverse-engineer, decompile, disassemble, or create derivative works from any part of the Service.
Any suggestions, ideas, or feedback you provide regarding the Service may be used by us without obligation or compensation to you.
Retsu is a trademark of Dehhani Ltd. The Retsu name, the Retsu logo, and related marks, brand features, and product names used in connection with the Service are trademarks of Dehhani Ltd. Nothing in these Terms grants you any right or licence to use any Dehhani Ltd trademark without our prior written consent. Third-party names and marks referenced in the Service (for example eBay, Shopify, WooCommerce, Stripe, Blancco, and OpenAI) are the property of their respective owners and are used for identification purposes only.
The account administrator ("Account Holder") may create sub-user accounts and assign roles (including but not limited to Admin, Technician, Salesman, Storeman, and General) via the Retsu — Portal. Each sub-user is authenticated by their own credentials and, where applicable, a unique five-digit PIN for Retsu — Erasure operations.
The Account Holder is solely responsible for: (a) the creation, management, and supervision of all sub-user accounts under their organisation; (b) ensuring that sub-users are appropriately trained and authorised to perform the operations permitted by their assigned roles; and (c) all actions taken by sub-users under the Account Holder's account, including but not limited to device submissions, data erasure operations, and the generation of reports and certificates. Dehhani Ltd shall not be liable for any loss, damage, or regulatory consequence arising from the actions or omissions of sub-users.
Where PINs are used to authenticate sub-users for erasure operations, the Account Holder is responsible for ensuring that PINs are kept confidential, assigned uniquely to individual sub-users, and changed promptly if compromised. Dehhani Ltd shall not be liable for any unauthorised erasure operations performed using valid PIN credentials.
Device reports and erasure certificates generated by the Service are assigned a unique identifier (UID). Certificate data — including device specifications, test results, grading assessments, and erasure outcomes — may be publicly queried by any party in possession of the UID via the certificate verification portal at portal.retsu.uk/cert/search (formerly devicesetup.app/cert/search). This public verification functionality is a core feature of the Service designed to enable third-party verification of device history and certification status.
You acknowledge that any party to whom you disclose a device UID (whether directly, via printed labels, QR codes, or otherwise) will be able to access the associated certificate data. It is your responsibility to control the distribution of UIDs in accordance with your confidentiality requirements. Dehhani Ltd shall not be liable for any disclosure of device information resulting from the sharing of UIDs by you or your sub-users.
The Service offers integration with third-party marketplace platforms, including but not limited to eBay, Shopify, and WooCommerce (collectively, "Marketplace Integrations"). Marketplace Integrations enable the synchronisation of device data, images, pricing, and inventory information between the Retsu — Portal and the connected third-party platform.
When you enable a Marketplace Integration, you authorise the transfer of relevant device data and images to the connected third-party platform. Once data has been transmitted to a third-party platform, it is governed by that platform's own terms of service and privacy policy. Dehhani Ltd has no control over and accepts no responsibility for the handling, storage, or processing of data by third-party platforms.
Marketplace Integrations depend on the availability and continued operation of third-party APIs. We do not warrant the availability, reliability, or performance of any third-party platform or API. Changes to third-party APIs may affect the functionality of Marketplace Integrations without prior notice.
When you publish or re-publish a listing to eBay through a Marketplace Integration, the Service automatically appends a small "Powered by Retsu" attribution image to the end of that listing's description before it is sent to the marketplace. This attribution is a standard feature of the eBay Marketplace Integration and applies to all eBay listings published through the Service; it cannot be removed on a per-listing basis. The attribution consists of a static image hosted by Dehhani Ltd, contains no active content, script, or third-party tracking, and does not alter the substance of the product description you provide. The image is re-applied each time a listing is published or re-published and is de-duplicated so that only a single attribution appears.
You acknowledge and agree that, by enabling and using the eBay Marketplace Integration, you grant Dehhani Ltd permission to include this attribution within the listings you publish from your eBay seller account through the Service. You remain solely responsible for ensuring that your listings, including this attribution, comply with eBay's listing policies and any other rules applicable to your account. If you do not wish your eBay listings to carry this attribution, you should not publish them through the eBay Marketplace Integration.
The Service maintains a comprehensive audit trail that records significant account and device events, including but not limited to: device submissions, modifications, and deletions; erasure operations; user account changes; sub-user actions; and actions performed by the Eris AI Assistant on your behalf (see Section 5.4). Audit trail records are maintained for the duration of your account and may be retained thereafter as required by law. Audit trail data is immutable and may be relied upon by Dehhani Ltd in the investigation and resolution of disputes, compliance enquiries, or suspected violations of these Terms.
The Service may assign or record cosmetic and functional grades to devices (including display, casing, keyboard, and final grading assessments). Grading is based on criteria applied by the user, automated diagnostic results, or a combination thereof. Device grades do not constitute a professional valuation, warranty of condition, or guarantee of fitness for any particular purpose. Grading is provided as a record-keeping and classification tool only. Dehhani Ltd shall not be liable for any loss arising from reliance on device grades by you or any third party.
By using the Service, you consent to receiving transactional and operational emails, including but not limited to: account notifications, sub-user credential communications, licence and billing alerts, service announcements, and system notifications. These communications are integral to the operation of the Service and cannot be opted out of while your account remains active.
The Service enables Account Holders to send broadcast communications to their clients. You are solely responsible for the content of any broadcast communications you send via the Service and for ensuring compliance with all applicable email marketing and privacy regulations (including the Privacy and Electronic Communications Regulations 2003 and, where applicable, the EU ePrivacy Directive).
The modification, falsification, forgery, or misrepresentation of any certificate, report, or document generated by the Service — including but not limited to erasure certificates, device reports, grading assessments, and PAT test records — is strictly prohibited. Any such activity may result in the immediate and permanent termination of your account without refund, and Dehhani Ltd reserves the right to pursue all available legal remedies, including reporting such conduct to relevant regulatory and law enforcement authorities.
All purchases are processed through the payment provider Stripe. No customer credit or debit card data is stored on our servers.
Payments are processed securely through Stripe in compliance with PCI-DSS standards.
The Service may contain links to third-party websites or services not owned or controlled by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. You acknowledge and agree that we are not responsible or liable for any damage or loss caused or alleged to be caused by the use of or reliance on any content, goods, or services available on or through such websites or services.
Nothing in these Terms excludes or limits our liability for: (a) death or personal injury caused by our negligence; (b) fraud or fraudulent misrepresentation; or (c) any other liability that cannot be excluded or limited by applicable law.
Subject to the foregoing, to the maximum extent permitted by applicable law, Dehhani Ltd, its directors, employees, and agents shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits, revenue, data, or business opportunity, arising out of or in connection with your use of the Service, whether based on contract, tort, negligence, strict liability, or any other legal theory, even if we have been advised of the possibility of such damages.
Our total aggregate liability to you for all claims arising out of or relating to the Service shall not exceed the total amount paid by you to us in the twelve (12) months immediately preceding the event giving rise to the claim.
You agree to indemnify, defend, and hold harmless Dehhani Ltd and its directors, employees, and agents from and against any claims, liabilities, damages, losses, and expenses (including reasonable legal fees) arising out of or in connection with: (a) your use of the Service; (b) your breach of these Terms; (c) your selection of erasure methods and reliance on erasure certificates; (d) actions taken by your sub-users; (e) broadcast communications sent via the Service; or (f) your violation of any applicable law or regulation.
We reserve the right to modify or replace these Terms at our sole discretion. If a revision is material, we will provide at least 30 days' notice prior to any new terms taking effect. Continued use of the Service after such notice constitutes acceptance of the revised Terms.
We reserve the right, at our sole discretion, to suspend or terminate any licence, or to suspend, terminate, or revoke your user account and access to the Service, with or without prior notice, if we suspect abuse, misuse, fraudulent activity, tampering, certificate falsification, or any violation of these Terms. Upon suspension or termination, all rights granted to you under these Terms will immediately cease. No refunds or credits will be provided for any unused portion of a licence or erasure credits.
If you have a complaint or dispute arising out of or in connection with the Service or these Terms, we encourage you to contact us first at support@dehhani.uk to seek an informal resolution. We will use reasonable efforts to resolve any dispute within 14 days of receipt of a written complaint. If a dispute cannot be resolved informally within 30 days of the initial complaint, either party may escalate the matter in accordance with the dispute resolution process below.
For disputes involving amounts up to the small claims limit, you may use the UK small claims court process without prior notice to us. For disputes above this threshold, both parties agree to attempt in good faith to resolve the dispute through mediation administered by a mutually agreed mediator before commencing formal legal proceedings. The costs of mediation shall be borne equally unless otherwise agreed. Nothing in this clause prevents either party from seeking urgent injunctive relief.
These Terms shall be governed by and construed in accordance with the laws of England and Wales. Subject to the dispute resolution process in Section 23, any disputes arising out of or in connection with these Terms that cannot be resolved by mediation shall be subject to the exclusive jurisdiction of the courts of England and Wales.
If any provision of these Terms is held to be invalid or unenforceable, such provision shall be struck and the remaining provisions shall remain in full force and effect.
Dehhani Ltd shall not be liable for any failure or delay in performing its obligations under these Terms where such failure or delay results from circumstances beyond our reasonable control, including but not limited to: acts of God, natural disasters, epidemics or pandemics, fire, flood, war, terrorism, civil unrest, government actions or sanctions, power outages, internet service provider failures, cyberattacks (including distributed denial-of-service attacks), failure of third-party infrastructure or hosting providers, and industrial disputes. During any period of force majeure, our obligations under these Terms shall be suspended to the extent affected, and the time for performance shall be extended accordingly.
No failure or delay by Dehhani Ltd in exercising any right, power, or remedy under these Terms shall operate as a waiver of that right, power, or remedy. No single or partial exercise of any right, power, or remedy shall preclude any other or further exercise thereof or the exercise of any other right, power, or remedy. The rights and remedies provided in these Terms are cumulative and not exclusive of any rights or remedies provided by law.
These Terms, together with our Privacy Policy, GDPR Policy, Cookies Policy, and any other policies referenced herein, constitute the entire agreement between you and Dehhani Ltd with respect to the Service and supersede all prior or contemporaneous communications, proposals, and agreements, whether oral or written, between you and Dehhani Ltd relating to the Service.
You must be at least 18 years of age to create an account and use the Service. By creating an account, you represent and warrant that you are at least 18 years old. If we become aware that an account has been created by a person under the age of 18, we reserve the right to terminate that account immediately without notice.
By creating an account and using the Service, you confirm that you have read, understood, and agree to be bound by these Terms. If you are agreeing to these Terms on behalf of a company or other legal entity, you represent that you have authority to bind that entity to these Terms.
If you have any questions about these Terms, please contact us at support@dehhani.uk.
Dehhani Ltd — Retsu
Last Updated: July 17th, 2026
This Privacy Policy describes how Dehhani Ltd ("we", "us", or "our") collects, uses, shares, and protects personal information in connection with Retsu (formerly "Device Setup Utility" / "DSU") at portal.retsu.uk (formerly devicesetup.app) (the "Platform"). Retsu is the same product and service formerly known as "Device Setup Utility" ("DSU"); the change is one of name and branding only and does not affect your rights, our obligations, or the validity of any records or certificates issued under the former name.
We collect the following categories of personal data:
For the separate Retsu — Erasure IP-based time-synchronisation and connectivity checks, the listed providers (ip-api.com, ipwho.is, ipapi.co, Cloudflare, and Google) receive only the device's public IP address and technical request parameters; no device hardware data, erasure data or account credentials are sent for that purpose. This limitation does not describe Google Maps address requests, which are explained in the Google Maps entry above. See our Terms of Service §§3.13 and 6.6 for further detail.
We do not sell, trade, or rent your personal data to any third party.
The Eris AI Assistant ("Eris") is an optional, separately licensed add-on powered by the OpenAI API. Eris is not merely a question-and-answer tool: it is an agentic assistant that, on your instruction, can read your account data, generate analysis and recommendations, and carry out actions on your records — for example creating, editing, moving, recycling, or permanently removing clients, devices, batches, and sales, inbound, or outbound orders. When active, each interaction transmits data to OpenAI's servers solely to generate the assistant's response, and any actions Eris performs are executed on our servers within your account.
Data transmitted to OpenAI per request:
Not transmitted: passwords, payment card data, full database exports, or records unrelated to your request.
External market data. To produce pricing and disposition insight, Eris may also retrieve publicly available market information (for example sold-item comparables from eBay and trade listings from TheBrokerSite). These lookups send only the relevant search terms (such as a device make and model), not your personal data.
Actions taken by Eris. Where you instruct Eris to change data, the resulting create, edit, move, or delete operations are recorded in the account audit log in the same way as actions taken manually, attributed to the assistant acting on your (or your sub-user's) behalf. Irreversible actions (such as permanently consuming an item) require your explicit confirmation before Eris will proceed.
What we retain on our servers. To operate, secure, and improve the assistant, Dehhani Ltd retains on its own servers: (a) a transcript of your Eris conversations; (b) any feedback you give on a response (for example marking it helpful or incorrect); and (c) derived diagnostic and quality records (such as anonymisable test cases and learned operating context) used to improve Eris's accuracy. Audit-log entries for actions Eris performs are retained as part of the account audit trail. This data is used only to provide, support, secure, and improve the Eris feature and is not sold or used for advertising. (This corrects earlier versions of this policy, which stated that no conversation data was retained on our servers.)
OpenAI's retention. Data transmitted to OpenAI is processed under OpenAI's API data-usage terms. OpenAI does not use data submitted via its API to train its models by default, and applies its own limited retention for abuse monitoring. OpenAI's own terms govern data held on its infrastructure.
The lawful basis is contract performance (UK GDPR Art 6(1)(b)) for delivery of the add-on, and legitimate interests (Art 6(1)(f)) to enable contextually accurate responses and to secure and improve the feature. As Account Holder, you remain the data controller for personal data in your account and are responsible for ensuring your use of Eris — including any action you instruct it to take and any personal data thereby transmitted to OpenAI — complies with applicable data protection law. Eris may be deactivated at any time, which prevents further transmission to OpenAI. You may request deletion of your Eris conversation transcripts and feedback records by contacting us.
Retsu includes features that may expose information to third parties without requiring them to log in:
/cert/search. The information exposed may include device specifications, test results, grading assessments, and erasure outcomes linked to that UID.You have the right to access, rectify, erase, restrict, port, or object to the processing of your personal data, and to withdraw consent at any time. Contact us at support@dehhani.uk. We will respond within one calendar month.
Dehhani Ltd has determined that a formal Data Protection Officer is not required under UK GDPR Article 37 at this time. Data protection enquiries: support@dehhani.uk. Registered office: 124 City Road, Dehhani Ltd, London, England, EC1V 2NX. Dehhani Ltd is registered with the ICO as a data controller; our registration number is available on request. Public listing on the ICO register may not reflect the most recent registration status immediately.
We may update this Privacy Policy at any time. Material changes will be notified by updating the "Last Updated" date above.
Contact: support@dehhani.uk
Dehhani Ltd trading as Retsu
Last Updated: July 17th, 2026
This notice explains how Dehhani Ltd ("Retsu", "we", "us") complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Data (Use and Access) Act 2025 and, where electronic communications or device storage are involved, the Privacy and Electronic Communications Regulations (PECR). It should be read with our Privacy Policy and Cookie Policy.
Controller activities. Dehhani Ltd is the controller for account administration, subscriptions and billing, service security, support, product communications and our own service-improvement activities.
Processor activities. When an account holder uploads or creates data about its staff, clients, buyers, suppliers, drivers, devices, orders or other contacts and asks Retsu to handle it, the account holder is normally the controller and Dehhani Ltd acts as its processor. The account holder decides why that data is used, who may access it and how long it should be kept. People whose data was supplied by an account holder should usually contact that organisation first; we will assist it with valid requests.
We have not appointed a statutory Data Protection Officer because our current processing does not require one. Privacy matters are overseen by the directors and the designated privacy lead. Our ICO registration details are available on request.
Depending on the features used, we may process:
Data comes directly from account holders and sub-users; from people using client, buyer, collection, driver, certificate or shared links; from connected marketplaces and service integrations; from device software and uploaded reports; and automatically from browsers, devices and security systems. When an account holder asks Eris to research current market information, limited data may also come from public sources.
Account and authentication information marked as required is necessary to create and secure an account and perform the service contract. Optional features require the information needed for that feature; declining it means the relevant feature may not work. Retsu is a business service and is not intended for children under 18. We do not ask users to submit special-category or criminal-offence data unless there is a documented lawful need and appropriate protection.
For customer-controlled records, we process the data on the account holder's documented instructions. The account holder is responsible for establishing its own lawful basis, providing notices to affected people and configuring access, sharing and retention appropriately.
Data is shared only as needed to provide, secure or support the selected service, comply with law, or where the account holder directs us. Recipients may include authorised account users; people invited through a client, buyer, collection, driver or certificate link; professional advisers and authorities; and the service providers below.
Some Retsu features create public or bearer links. Anyone who receives such a link may be able to view the information it exposes, and recipients may forward it. Account holders should share links only with intended recipients and revoke or delete them when no longer needed.
Providers currently used or supported include Microsoft Azure (application hosting, SQL database, blob/file storage and Application Insights/Monitor telemetry), Stripe (payments), our configured SMTP/email provider, OpenAI (Eris responses), Google reCAPTCHA (registration security) and Google Maps (interactive address maps and, when an authorised user opens Client Map mode, geocoding of saved client addresses), report providers such as Blancco, WipeCenter and YouWipe, RemoveBackground.ai/rembg when background removal is requested, connected marketplace or commerce providers, browser push providers if notifications are enabled, content-delivery networks, and limited network/time services used for security or diagnostics. A connected provider may be our processor, the account holder's processor, or an independent controller depending on the service and the instructions given. Its own notice will apply where it acts independently.
Google Maps processing. Google Maps is not loaded on the authenticated Clients page until an authorised user selects Map mode. At that point, the most complete available billing or shipping address for each addressable client is sent from the user's browser to Google's geocoding service; Google also receives ordinary technical data such as IP address, user-agent and referring origin. Public collection or delivery maps may send the displayed address and technical request data when the map is loaded. Google returns coordinates and map content so Retsu can place the address. Client names and statuses are rendered separately by Retsu and are not included in the address submitted for geocoding. Retsu keeps returned coordinates only in memory for the current page load and does not add them to the client record. Google may retain or otherwise process data it receives under the Google Maps terms and Google Privacy Policy, including where it acts as an independent controller. Account holders must have an appropriate lawful basis and give affected people any required notice before instructing Retsu to submit their address to Google.
We require processors to handle data only for authorised purposes, protect it and assist with data-protection obligations. An up-to-date subprocessor list and relevant contractual information are available from support@dehhani.uk.
Eris sends the prompt and the minimum relevant conversation, account and page context to OpenAI to generate a response. Retsu also stores server-side chat logs, workflow events, feedback and diagnostics for continuity, security, support and improvement. Browser storage may keep a local conversation copy. Clearing the conversation in the browser removes that local state but does not by itself erase server logs; contact us or the account controller to request deletion.
Feedback can include the prompt, response, recent conversation and page context shown with the feedback control. Users should not enter secrets or unnecessary personal data. Eris can make recommendations and prepare actions, but user confirmation is required for consequential platform actions. Retsu does not make decisions based solely on automated processing that produce legal or similarly significant effects.
Our primary application, database and file storage use Microsoft Azure. Some providers or their support operations may process data outside the United Kingdom. Where UK personal data is transferred to a country without applicable UK adequacy regulations, we use an approved safeguard as appropriate, such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, and complete the required transfer-risk or data-protection assessment. Where available and applicable, we may rely on UK adequacy arrangements, including an organisation's valid certification under the UK Extension to the EU-US Data Privacy Framework. Details of the safeguard relevant to a transfer are available on request.
We keep personal data only for as long as necessary for the purpose, the account holder's instructions, legal obligations and the establishment or defence of claims. Current operational periods are:
Deletion from live systems may not immediately remove data from encrypted, access-restricted backups; backup copies expire on their normal rotation and are not restored for ordinary use. Providers may retain limited records under their own legal obligations.
Depending on the circumstances, people may have rights to be informed; obtain access and a copy; correct inaccurate data; request erasure; restrict or object to processing; receive portable data; withdraw consent; and obtain safeguards relating to solely automated decisions. These rights are not absolute and exemptions may apply.
Your right to object: You can object at any time to direct marketing. You can also object to processing based on legitimate interests; we will stop unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing is needed for legal claims.
Send a request to support@dehhani.uk. Please identify the account or organisation involved and the data concerned. We may need proportionate identity verification. We normally respond within one month and may extend by up to two further months for a complex request, explaining the reason within the first month. Requests are normally free, although the law permits a reasonable fee or refusal for manifestly unfounded or excessive requests.
If the data was supplied by a Retsu account holder, please contact that organisation first. We will support it in responding to valid requests.
Controls include TLS in transit, secure and HttpOnly production session cookies, scrypt password hashing, encryption for selected stored secrets, optional two-factor authentication via a time-based one-time-password (TOTP) authenticator app with per-account lockout on repeated failed codes, role- and client-based access controls, rate limiting, CAPTCHA and IP controls where appropriate, audit logging, restricted administrative access, backups and incident monitoring. No internet service can guarantee absolute security, so account holders must also use strong credentials, protect sharing links and assign the minimum necessary permissions.
We maintain records of processing appropriate to our activities, review processors and contracts, and carry out a data protection impact assessment where processing is likely to create a high risk. A notifiable personal-data breach will be reported to the ICO without undue delay and, where feasible, within 72 hours of awareness. Affected people will be told without undue delay where the breach is likely to create a high risk to them.
Email support@dehhani.uk with the subject “Data Protection Complaint”, describing what happened, the account or organisation involved, the outcome sought and any relevant evidence. We will acknowledge a complaint within 30 days, investigate it without undue delay, provide appropriate progress information and tell the complainant the outcome.
You may also complain to the Information Commissioner's Office at ico.org.uk/make-a-complaint, or to your local supervisory authority where applicable. We would appreciate the opportunity to address the concern first, but that is not a condition of contacting the ICO.
We review this notice when our services, providers or legal obligations change. Material changes will be highlighted in the service or communicated to account holders. Questions and requests should be sent to support@dehhani.uk or by post to Dehhani Ltd, 124 City Road, London, England, EC1V 2NX.
Dehhani Ltd trading as Retsu
Last Updated: July 17th, 2026
This policy explains how Retsu uses cookies and similar technologies, including local storage, session storage, service workers and cache storage. These technologies are covered by the Privacy and Electronic Communications Regulations (PECR) when they store information on, or access information from, a user's device.
Retsu does not deliberately use advertising or cross-site behavioural-tracking cookies, and we do not currently deploy an analytics cookie suite. Core authentication, security and payment technologies fall within the strictly-necessary exception; user-interface preferences fall within the appearance exception; and other storage is used to provide functionality the user has requested. We still explain these technologies below even where PECR does not require consent. Optional third-party content must be held back for consent if its storage does not qualify for an exception.
If we introduce non-essential analytics, advertising or other optional device storage, it will be disabled until the user has received clear information and given any consent required by PECR. Refusing optional storage will not prevent access to the core service.
Separately from cookies, our servers generate operational and diagnostic telemetry (for example performance metrics and error or exception traces, via Microsoft Azure Application Insights / Azure Monitor) to keep the service secure and reliable. This telemetry is generated and processed server-side; it does not store or read information on your device and so falls outside the scope of this policy. It is described in our Privacy Policy and GDPR notice.
| Name / provider | Purpose | When used | Duration |
|---|---|---|---|
connect.sidRetsu |
A signed, opaque identifier for the server-side session. It supports authentication, account security, permissions and requested settings. The cookie does not contain the underlying account data. | When the platform needs a session, which can occur before sign-in for security, registration, CAPTCHA, OAuth or embedded-app state. | Browser session. The corresponding server-side session record may remain for up to 30 days. |
_GRECAPTCHAGoogle reCAPTCHA |
Bot, abuse and fraud prevention. | On registration or another page where reCAPTCHA is requested. | Persistent and controlled by Google. Google may use additional storage under its own terms. |
__stripe_mid, __stripe_sid and related Stripe storage |
Payment processing and fraud prevention. | Only when a user opens the subscription or payment experience that loads Stripe. | Stripe lists approximately one year for __stripe_mid and 30 minutes for __stripe_sid; other payment storage depends on the selected Stripe feature. |
| Google Maps content, address geocoding and provider storage | Displays collection and delivery addresses and, in Client Map mode, sends saved client addresses to Google's browser geocoder so clients can be placed on an interactive map. | On applicable public inbound/client portal pages when an address map is available, or on the authenticated Clients page only after a user selects Map mode. Public map iframes are lazy-loaded as they approach the visible page. | Retsu keeps returned coordinates only in current-page memory and does not persist them in browser storage. Google-controlled session or persistent storage may be used; the exact items and duration depend on Google's current service configuration. |
The production session cookie is marked Secure and HttpOnly and uses SameSite=None so authenticated sessions can work in supported embedded commerce contexts. Stripe and Google may act as independent controllers for relevant provider processing; see their privacy, cookie and service information before using those features.
| Technology | Examples and purpose | Duration |
|---|---|---|
| Local storage | Theme and interface preferences; filters, panel sizes, scanner/completion state and editor/layout settings; Retsu Sheets or ProCut workspace settings; and Eris conversation, memory, workflow and feedback-interface state. Some saved workspaces or histories may contain data entered by the user. | Until the preference or conversation is reset, the browser data is cleared, or the application replaces an old value. |
| Session storage | Temporary navigation state, device-list cache and embedded Shopify state such as the shop, host and short-lived identity token. | Normally until the relevant browser tab or session is closed. |
| Service worker and Cache Storage | Same-origin static assets and an offline application shell, used to improve reliability and loading performance. | Until the cache version is replaced, the service worker is removed or the browser data is cleared. |
Currency, language, role and similar account settings may also be held in the server-side session associated with connect.sid. Clearing an Eris conversation in the browser clears its local copy only; server-side assistant logs and feedback are covered by our GDPR and Privacy notices.
Shopify App Bridge may be loaded in an embedded Shopify context and Shopify may use its own session or device technologies. Retsu also stores the temporary Shopify values described above in session storage. Other connected marketplaces open or communicate with the provider selected by the account holder; provider storage is governed by the relevant provider's notice.
If browser notifications are available and a user opts in, the browser creates a push subscription and uses a service worker and the browser vendor's push infrastructure. The subscription is stored server-side so the requested notification can be delivered; it is not an advertising cookie and can be disabled through browser notification settings.
Some pages request fonts, icons or scripts from third-party content-delivery networks. Those providers receive ordinary request data such as IP address, user-agent and referring page. We do not use those requests for Retsu advertising or analytics. Provider-controlled technologies remain subject to the provider's own notice and to our obligation not to deploy non-essential storage without any required consent.
When an account holder enables open monitoring for a batch email, the emailed link may contain a unique broadcast token. Opening that link can record the recipient/broadcast reference, opening time, browser user-agent and a one-way hash of the IP address. This is link-based server logging rather than a cookie or browser-storage technology. The account holder must have a lawful basis and give recipients appropriate information. The GDPR notice explains the associated data processing.
Browser settings can view or delete cookies, site data, local/session storage, cached data, service workers and notification permissions. Blocking connect.sid will prevent sign-in and other session-dependent features. Clearing local storage removes saved preferences and may remove locally held Eris history or workspace state. Clearing session storage can interrupt an embedded Shopify session.
There is no universal “Do Not Track” (DNT) standard, so Retsu does not currently make a separate technical response to DNT signals. We do not deliberately deploy advertising or analytics cookies, and DNT does not change the operation of the necessary technologies described above.
We review this policy when our platform or providers change. Material changes will be highlighted in the service or communicated to account holders. Questions can be sent to support@dehhani.uk or by post to Dehhani Ltd, 124 City Road, London, England, EC1V 2NX.