Privacy Policy

Last Updated: December 18, 2025

Introduction

Chargeback Protector ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application.

Information We Collect

We collect and process the following types of information:

Shop Information

  • Your Shopify store domain and basic store information
  • OAuth access tokens provided by Shopify for API access

Order and Dispute Data

  • Order IDs and order numbers (for dispute tracking and report regeneration)
  • Dispute creation timestamps
  • Basic order information necessary for generating chargeback evidence reports

Return Policy Information

  • Your store's return/refund policy text
  • Timestamps when policies were created or updated
  • Policy version history for accurate dispute evidence

Billing and Usage Data

  • Report generation usage statistics
  • Billing transaction records
  • Subscription status information

How We Use Your Information

We use the collected information for the following purposes:

  • To provide chargeback dispute evidence generation services
  • To process billing and subscription management
  • To maintain accurate records for legal compliance
  • To improve our services and troubleshoot issues
  • To comply with legal obligations and Shopify platform requirements

Information We Do Not Collect or Store

We are committed to minimal data collection and do not store:

  • Customer personal information (names, addresses, emails, phone numbers)
  • Payment card information or financial details
  • Product inventory or catalog data
  • Customer browsing or purchase history
  • Any protected health information (PHI) or sensitive personal data

Data Storage and Security

  • All data is stored securely using industry-standard encryption
  • Access to your data is limited to our application servers for processing
  • Both development and production use PostgreSQL: local development runs on Dockerized Postgres; production runs on managed Fly.io Postgres with access controls
  • Data is transmitted securely using HTTPS/TLS encryption

Data Retention and Deletion

We retain your data only as long as necessary for the purposes outlined in this policy:

  • Order IDs and dispute records: Deleted on uninstall
  • Return policy history: Deleted on uninstall
  • Shop session data: Deleted immediately upon app uninstall
  • Billing and usage records (ReportUsage, billing flags): Retained until Shopify sends shop/redact (~48 hours after uninstall), then deleted

Important: Upon uninstall, customer and policy data are removed immediately. Billing/usage records are retained only until the required shop/redact webhook (~48 hours after uninstall), then deleted to comply with Shopify's data deletion requirements and GDPR. Shopify may retain billing invoices in your Shopify account per their policies.

Data Sharing and Third Parties

We do not sell, trade, or rent your data to third parties. We only share data in the following limited circumstances:

  • Shopify: We integrate with Shopify's APIs to access necessary store data for dispute processing
  • Payment Processors: Billing information is processed through Shopify's billing system
  • Legal Requirements: We may disclose information if required by law or to protect our rights

International Data Transfers

Our services are hosted in the United States. If you are located outside the US, please be aware that your data may be transferred to, processed, and stored in the US. We ensure appropriate safeguards are in place for international data transfers.

Your Rights

Depending on your location, you may have the following rights regarding your data:

  • Access: Request a copy of the data we hold about your store
  • Rectification: Request correction of inaccurate data
  • Deletion: Request deletion of your data (also happens automatically on app uninstall)
  • Portability: Request your data in a portable format
  • Objection: Object to certain types of data processing

Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

Cookies and Tracking

We do not set our own cookies. The embedded app relies on Shopify's platform session mechanisms (and any essential cookies Shopify sets) for authentication and security. We do not use tracking cookies, analytics pixels, or third-party advertising cookies.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of our service after any changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: support@chargebackprotector.com
Subject: Privacy Policy Inquiry

We will respond to your inquiry within 30 days.

Compliance

This Privacy Policy complies with:

  • Shopify's App Requirements and Data Protection Guidelines
  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Other applicable privacy laws and regulations
← Back to Home