Chargeback Copilot Privacy Policy
Last updated: March 4, 2026
Chargeback Copilot helps merchants prepare dispute evidence packs. This policy explains what data we access, why we use it, and how we protect it.
Who this policy applies to
This policy applies to merchants and merchant staff who install and use Chargeback Copilot in their store admin.
Data roles
- For merchant store and transaction data, the merchant is the controller and Chargeback Copilot acts as processor.
- For app account, billing, and service reliability data, Chargeback Copilot acts as controller.
Data we access
- Order, fulfillment, and shipping records needed for dispute support files
- Limited customer identity and contact details tied to disputed orders
- Payments dispute records, amounts, reasons, deadlines, and status updates
- Store identifiers and app installation metadata
How we use data
- Generate dispute evidence packs, checklists, and downloadable PDF summaries
- Display deadlines, dispute status, and workflow context inside the app
- Provide customer support and investigate errors
- Maintain security and reliability logs
Lawful basis
We process data to perform our contract with merchants, provide the requested service, and maintain platform security and reliability.
Sharing and subprocessors
- Cloudflare provides hosting, runtime, and data storage infrastructure.
- An optional email provider is used only when merchants enable dispute alerts.
- We do not sell personal data.
International transfers
Service providers may process data in multiple regions. Where required, we apply contractual and organizational safeguards for cross-border transfers.
Cookies and local storage
Chargeback Copilot uses only necessary session/context storage to keep merchants authenticated and the embedded app working correctly.
Retention and deletion
- Data is retained while the app is installed, unless deletion is requested sooner.
- Uninstall and redaction events trigger deletion workflows for app-held data.
- We keep limited logs only as long as needed for security, debugging, and legal compliance.
Security
We use access controls, encryption in transit, and verification checks on incoming platform requests. No system is perfectly secure, but we continuously improve safeguards.
Data subject requests
The app supports platform compliance webhooks for customer data requests and redaction. Merchants may also contact us directly for privacy requests.
Your rights
Depending on your location, you may have rights to request access, correction, deletion, objection, restriction, or portability of personal data.
Children's privacy
Chargeback Copilot is a business tool and is not intended for use by children.
Policy updates
We may update this policy from time to time. Material changes will be reflected by the "Last updated" date above.
Contact
For privacy requests, contact support@chargebackcopilot.app.