Privacy Policy
Last updated: June 9, 2026
1. Who we are
ChargeShield ("we," "us," "our") provides automated chargeback defense services for Stripe-using merchants. Our platform is operated at chargeshield.org. For questions about this policy, contact us at support@chargeshield.org.
2. Information we collect
When you connect your Stripe account via Stripe Connect OAuth, we receive a permission token that lets us read dispute information and submit evidence on your behalf. We store: your Stripe account identifier, an encrypted refresh token, your billing email, and a payment method identifier (we never see your card number — Stripe handles that). We do NOT store: your customers' names, emails, IP addresses, billing addresses, dispute evidence text, or any payment details beyond what Stripe stores on its own systems.
3. How we use information
We use your Stripe permission token only to: (a) receive real-time notifications when a chargeback is filed against your account, (b) retrieve the specific charge and customer details for that disputed transaction so we can build a defense, and (c) submit your reviewed defense back to Stripe. Customer details retrieved during this process are held in temporary memory while building your defense and discarded immediately after — they are never written to our database.
4. AI processing
We use third-party AI services (currently Anthropic Claude) to draft defense narratives from the structured data on each dispute. AI providers process this data on our behalf under their own privacy and data-handling agreements with us. No raw customer payment details are sent to AI providers.
5. Data sharing
We do not sell, rent, or share your data with third parties for marketing. We share data only with: (a) Stripe, to submit dispute evidence on your behalf, (b) our infrastructure providers (database, hosting, AI) under standard service agreements, and (c) law enforcement if compelled by valid legal process.
6. Your rights
You can disconnect your Stripe account at any time from your ChargeShield dashboard, which immediately revokes our access. You can request deletion of any data we hold about you by emailing support@chargeshield.org. Depending on your jurisdiction (e.g. GDPR for EU residents, CCPA for California residents), you may have additional rights including access, correction, portability, and objection.
7. Security
We use industry-standard encryption (AES-128 + HMAC-SHA256) to encrypt sensitive credentials at rest. All connections to our service use HTTPS. Permission tokens are stored encrypted and never logged. We follow the principle of least data — we only store what's strictly necessary to provide the service.
8. Cookies
We use a single HttpOnly session cookie to keep you signed in. We do not use third-party tracking cookies or advertising trackers.
9. Changes to this policy
We may update this policy as the service evolves. Material changes will be announced via email to your connected billing address.
10. Contact
Questions, concerns, or rights requests: support@chargeshield.org.