Privacy Policy

Last Updated: March 29, 2026

This Privacy Policy describes how Chargeback Defense Copilot ("we", "us", or "our") collects, uses, and shares your personal information when you use our services.

1. Information We Collect

1.1 Information You Provide

• Account Information: When you create an account, we collect your name, email address, and business information.
• Shopify Store Data: We access your Shopify store data including orders, customers, and products to provide chargeback defense services.
• Communication Data: When you contact us, we collect your name, email address, and the content of your messages.
• Payment Information: We collect payment information through secure payment processors (Stripe, PayPal).

1.2 Information Collected Automatically

• Usage Data: We collect information about how you interact with our services, including IP address, browser type, pages visited, and timestamps.
• Cookies and Similar Technologies: We use cookies to maintain your session and improve our services.
• Log Data: Our servers automatically record information when you access our services.

2. How We Use Your Information

• To provide, maintain, and improve our chargeback defense services
• To process transactions and send transaction notifications
• To communicate with you about updates, security alerts, and support messages
• To detect, prevent, and address technical issues and fraudulent activities
• To comply with legal obligations and enforce our terms

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal information based on:

• Contractual Necessity: To fulfill our obligations under our Terms of Service
• Legitimate Interests: To improve our services and prevent fraud
• Consent: When you explicitly consent to specific processing activities
• Legal Obligation: To comply with applicable laws and regulations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

• Service Providers: Third-party vendors who help us operate our services (hosting, payment processing, analytics)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you direct us to share your information

5. Data Retention

We retain your personal information only as long as necessary to:

• Provide our services to you
• Comply with legal obligations (tax, accounting, etc.)
• Resolve disputes and enforce our agreements
• Maintain business records for legitimate business purposes

We typically retain data for 3 years after account termination, unless longer retention is required by law.

6. Your Rights (GDPR & CCPA)

6.1 GDPR Rights (EEA Users)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to certain processing activities

6.2 CCPA Rights (California Users)

• Right to Know: Know what personal information is collected and how it's used
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Secure development practices and regular updates

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission.

9. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us:

• Email: privacy@chargebackdefense.com
• Address: 123 Compliance Street, San Francisco, CA 94107, USA
• Data Protection Officer: dpo@chargebackdefense.com