Privacy Policy

ChargebackWiz ("we", "us", "our") is operated by [LEGAL ENTITY NAME], registered in Udaipur, Rajasthan, India. This policy explains what data we process when a merchant installs the ChargebackWiz app from the Shopify App Store, why we process it, and the rights available to merchants and their customers.

Contact for all privacy matters: privacy@chargebackwiz.com

1. Who we are in the data chain

For personal data of a merchant's customers, the merchant is the data controller and ChargebackWiz is a data processor acting on the merchant's instructions to provide chargeback management services. For merchant account data (store name, contact email, billing), we act as a controller.

2. Data we process and why

We process only the minimum data required to assemble and submit chargeback evidence:

DataSourcePurpose
Store name, domain, contact emailShopify APIAccount setup, notifications, billing
Dispute details (amount, reason, deadline, status)Shopify API webhooksCore service — tracking and fighting disputes
Order data for disputed orders (items, totals, dates)Shopify APIEvidence assembly
Customer name, email, billing/shipping address for disputed ordersShopify APIEvidence assembly (AVS match, delivery proof)
Fulfillment and tracking data for disputed ordersShopify APIEvidence assembly (proof of delivery)
Customer order history counts for disputed customersShopify APIEvidence assembly (repeat-customer signal)
WhatsApp number (optional, merchant's own)Provided by merchantUrgent deadline alerts, only if enabled

We do not process full payment card numbers, CVVs, passwords, or government IDs. We do not sell, rent, or share personal data with advertisers or data brokers. We do not use customer personal data to train AI models.

Important scope limit: we only retrieve customer data for orders that are actually disputed — not your whole customer base.

3. Where data goes

4. International transfers

Our servers are located in [REGION]. Where data of EU/UK residents is transferred outside the EEA/UK, we rely on Standard Contractual Clauses or an equivalent lawful transfer mechanism.

5. Security

Data is encrypted in transit (TLS) and at rest. Access is restricted to authorized personnel, protected by access controls and audit logging. We follow Shopify's Protected Customer Data requirements (Levels 1 and 2).

6. Retention

7. Merchant and customer rights

Depending on jurisdiction (GDPR/UK GDPR, CCPA/CPRA and other US state laws, India's DPDP Act 2023, PIPEDA), individuals may have rights to access, correct, delete, port, restrict, or object to processing of their personal data, and to withdraw consent. Customers should direct requests to the merchant (the controller); we support the merchant in fulfilling them through Shopify's privacy webhooks. Merchants and individuals can also contact privacy@chargebackwiz.com. We respond within one month (GDPR) / 45 days (CCPA) or sooner where local law requires.

California residents: we do not "sell" or "share" personal information as defined by the CCPA/CPRA, and we act as a "service provider" for merchant customer data.

8. Cookies

chargebackwiz.com uses only essential cookies and privacy-respecting analytics [ANALYTICS TOOL, e.g. Plausible — or remove if none]. The embedded Shopify app uses session tokens required for authentication and no advertising trackers.

9. Children

Our services are directed to businesses and not to children under 16. We do not knowingly process children's data.

10. Changes

We will post changes on this page and update the date above. Material changes will be notified to merchants by email.

11. Contact & grievance officer

[LEGAL ENTITY NAME], [ADDRESS, Udaipur, Rajasthan, India]
Email: privacy@chargebackwiz.com
Grievance Officer (DPDP Act, India): [NAME], grievance@chargebackwiz.com