Privacy Policy

We collect three categories of data: information you give us when you sign up for DisputeDesk, information Shopify passes to us when you install the app on a store, and operational data we generate as the service runs. Each category is described in the sections below.

When you create a DisputeDesk account we store your email address, an encrypted password hash (handled by Supabase Auth), the Shopify store(s) you connect, your billing plan and trial status, language preference, and notification preferences. We use this information to authenticate you, send transactional email related to your account, and present a localized interface.

When a chargeback or inquiry arrives at a connected store, DisputeDesk reads the linked order from Shopify so it can assemble evidence. The fields we read include: order number, totals, line items, fulfillment and tracking details, billing and shipping addresses, payment method summary (AVS/CVV result codes, card brand, last four), the customer's email and display name on the order, and the dispute itself (reason, amount, due date, status). We never read products, customers, or orders outside the dispute workflow we were authorized for.

The platform writes operational telemetry to support engineering (audit events of who did what, job execution records, webhook delivery records). Telemetry references resources by internal ID rather than by personal identifiers wherever possible. When IP addresses are recorded for security purposes, they are retained only as long as necessary for that purpose.

To build evidence, DisputeDesk may also process: files merchants or their staff upload (delivery receipts, customer communication screenshots, signed contracts), policy snapshots taken from the store's public policy pages, and IP geolocation lookups (we send the order's recorded client IP to IPinfo to enrich the evidence with location and proxy/VPN signals). Uploaded files are stored in private object storage and signed short-lived URLs are used to reference them inside Shopify-bound evidence so file bytes are never exposed to the issuer or third parties.

DisputeDesk only accesses data inside Shopify stores where the merchant has installed our app and granted the documented OAuth scopes. The minimum scope set is published in our App Store listing and in our public source configuration. We do not request, store, or process Shopify data for stores where the app is not installed.

• Service delivery — generate evidence packs, render PDFs, save evidence into the merchant's Shopify dispute response, send transactional alerts the merchant has opted into (new dispute, evidence ready, deadline reminder).
• Audit and compliance — keep records that show what was generated, when it was submitted, and on whose behalf.
• Security and abuse prevention — authenticate users, enforce rate limits, detect and stop misuse.
• Service improvement — aggregate and de-identify metrics (e.g. dispute volume, win rates by reason). We do not sell personal data and we do not train AI models on customer data.

We do not sell personal data. We do not share Shopify customer data with advertisers or marketing networks. We share data only with the service providers listed below, where strictly required to operate the platform; and with Shopify itself, when we send evidence into the merchant's Shopify dispute response on their behalf.

• Shopify, Inc. — host platform; source of order, customer, and dispute data.
• Supabase — managed Postgres database, authentication, private file storage.
• Vercel — application hosting and content delivery.
• Resend — transactional email (welcome, password reset, dispute alerts, GDPR notifications to merchants).
• IPinfo — IP geolocation lookups against the order's recorded client IP. No PII is sent.
• OpenAI — used only by our public Resources Hub article pipeline. No Shopify customer data, order data, or evidence content is ever sent to OpenAI.
• Cal.com — demo booking on the marketing site; processes only the prospect's name and email.

We add or remove providers as the service evolves. Material changes are reflected on this page.

DisputeDesk supports the merchant's GDPR obligations. When we process Shopify customer data on a merchant's behalf we act as the data processor; the merchant is the data controller. We process under a Data Processing Agreement on request. When we process the merchant's own account data we act as the data controller.

When Shopify forwards a customers/data_request webhook for a customer of one of your stores, we acknowledge the request, record it in our audit log, and notify the merchant by email so the merchant can respond directly to the customer within their statutory window. The merchant remains the data controller.

When Shopify forwards a customers/redact webhook, we locate every record in our database that references the customer's email or full name within that store and replace the identifying fields with redacted markers. Both the structured dispute record and the JSON snapshot inside the evidence pack are scrubbed. We keep operational audit records that show the redaction occurred but those records do not contain the customer's name or email.

When Shopify forwards a shop/redact webhook (sent 48 hours after a merchant uninstalls the app), we delete all data associated with that store. This cascade covers disputes, evidence packs, evidence files, jobs, audit events, sessions, and the store record itself. The cascade is idempotent — a redelivered webhook is a no-op.

Customer data is protected by HTTPS in transit, encryption at rest for sensitive fields, least-privilege access via Supabase Row-Level Security, short-lived authentication tokens, and tightly scoped OAuth credentials. See our Security page for details on infrastructure protections, access controls, and responsible disclosure.

Dispute and evidence data are kept for seven years after the dispute is resolved, aligning with common financial-recordkeeping windows. Merchant accounts are deleted within ninety days of account closure unless an active legal hold applies. When a store is uninstalled we delete its data on receipt of the shop/redact webhook from Shopify (48 hours post-uninstall). Full retention windows by data category are on the Data Retention page.

Application infrastructure and database storage are operated by Supabase and Vercel. Data may be processed in the regions in which those vendors operate. Where data is transferred between jurisdictions, we rely on legally appropriate safeguards (such as Standard Contractual Clauses for transfers from the EU to the US).

DisputeDesk is a business-facing product. We do not knowingly collect personal information from children under 16. If you believe a child has interacted with our service, contact us and we will remove the data.

We update this page when our practices change. The “Last updated” date at the top reflects the most recent revision. Material changes will be highlighted; continued use of the service after a material change constitutes acceptance.

For privacy questions or to exercise your rights, contact privacy@disputedesk.app. Shopify customers should normally contact the merchant whose store they purchased from — the merchant is the data controller.