This policy applies to merchants who install the Paidback Shopify app. It describes how we collect, use, and protect data in order to fight chargebacks on your behalf.
What We Collect
Paidback collects the following data when you install and use our Shopify app:
- Store information — shop name, domain, and email address
- Order data — order details, customer name, email, billing address, shipping address, and IP address (only for orders involved in a dispute)
- Fulfillment data — tracking numbers, carrier, and delivery status
- Payment dispute data — dispute reason, amount, status, evidence submitted, and outcomes
- Product data — product titles, descriptions, and images (used as dispute evidence where applicable)
We do not collect or store payment card numbers, bank account details, or passwords.
Why We Collect It
All data is collected solely to:
- Build and submit chargeback dispute evidence on your behalf
- Track dispute outcomes and calculate fees
- Improve our dispute response strategies
We do not use your data for advertising, marketing to your customers, or any purpose unrelated to chargeback dispute management.
Third-Party Services
We share limited data with these services solely to provide our product:
- Anthropic (Claude API) — dispute reason and order details to generate rebuttal letters. No customer personally identifiable information is included in AI prompts beyond what is necessary for the dispute response.
- EasyPost — tracking numbers to verify delivery status
- MaxMind — IP addresses to verify geographic location
- Postmark — merchant email addresses to send dispute notifications. We never email your customers.
We do not sell, rent, or share your data with anyone else.
Data Storage and Security
- All data is encrypted in transit via TLS
- Database access is restricted and authenticated
- Dispute data is retained for 12 months after dispute resolution for accounting and analytics purposes
- Store data is retained while your app is installed and for 30 days after uninstallation
Data Deletion
When you uninstall Paidback:
- We receive Shopify's mandatory data deletion webhooks
- Customer personal data (names, emails, addresses, IP addresses) is deleted within 30 days
- Anonymized dispute records (amounts, outcomes, fees) are retained for accounting purposes
You can request immediate deletion of all data by emailing privacy@paidback.io.
Your Rights
You may request:
- A copy of all data we hold about your store
- Deletion of your data
- Correction of inaccurate data
Contact privacy@paidback.io for any data requests. We respond within 30 days.
GDPR
If you or your customers are in the European Union, we act as a data processor on your behalf. We process personal data only as necessary to provide our dispute management service. You remain the data controller for your customers' information.
Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email to the address on your Shopify account.
Contact
Paidback
Email: privacy@paidback.io
Website: paidback.io