Privacy Policy

Chargeback Shield ("we", "our", or "us") is committed to protecting the privacy of merchants and their customers. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Shopify application and related services.

• Fraud Prevention: Analyzing order signals to compute risk scores and flag potentially fraudulent transactions.
• Dispute Drafting: Using AI to generate evidence-backed chargeback response letters on your behalf.
• Fraud Network: Aggregating anonymized fraud signals across merchants to improve detection accuracy. No personally identifiable information is shared in this network.
• Service Operation: Processing webhooks, maintaining your account, and delivering the core functionality of Chargeback Shield.
• Communications: Sending dispute alerts and service notifications to the email address on your merchant account.

We retain order and customer data for up to 3 years from the date of collection. Data is automatically deleted after this period. Fraud signal data may be retained longer in anonymized, aggregated form. You may request deletion of your data at any time (see Section 7).

See our Security & Incident Response Policy.

We do not sell your personal data. We may share data with:

• Supabase: Our database provider (data stored in US-East region).
• OpenAI: To generate dispute response drafts. Order and dispute data may be sent to OpenAI's API.
• Shopify: As required to operate within their platform.
• Legal Obligations: When required by law, court order, or government authority.

We implement industry-standard security measures including TLS encryption in transit, row-level security on our database, and scoped API access tokens. No method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

If you are located in the European Economic Area (EEA) or the UK, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Data Portability: Request your data in a machine-readable format.
• Right to Object: Object to processing of your personal data for certain purposes.
• Right to Restrict Processing: Request that we limit how we use your data.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Our application uses session cookies required for authentication and security. We do not use third-party tracking or advertising cookies.

Chargeback Shield is a B2B service intended for merchants. We do not knowingly collect data from individuals under the age of 18.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance.

For privacy-related questions or to exercise your rights, contact: