Cross icon
last updated
August 18, 2025

Privacy Policy

1. Introduction

WinChargebacks ("we," "our," "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our chargeback dispute management platform and related services (collectively, the "Services").

Our Services help e-commerce and hospitality businesses manage payment disputes by integrating with payment processors (Stripe, Shopify) and customer relationship management systems (HubSpot, Zendesk, Zoho, Mews) to collect, analyze, and submit dispute evidence.

By using our Services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the Services.

2. Information We Collect

We collect information necessary to provide dispute management services, authenticate users, and comply with legal requirements.

a. Account and Business Information

•  Registration details (name, email address, business name, job title)

•  Business preferences and configuration settings

•  User approval status and role assignments

•  Onboarding progress and integration setup data

b. Payment Processing Information

•  Billing and payment information (processed securely through third-party providers)

•  Subscription and service usage data

c. Automatically Collected Technical Data

•  Log data (IP address, browser type, device type, date/time of access)

•  Usage analytics (features accessed, pages viewed, actions performed)

•  Cookies and similar tracking technologies (see Section 8)

d. Integrated System Data

When you connect third-party services, we collect data from those integrations to provide dispute management services:

Payment Processor Data (Stripe, Shopify, Chase, etc)

•  Transaction details (amount, currency, date/time, status)

•  Payment method information (card scheme, last 4 digits, BIN, issuing country)

•  Authorization data (response codes, AVS/CVV results, 3D Secure information)

•  Dispute and chargeback records

•  Customer billing information (name, address, email)

CRM and Customer Data (HubSpot, Zendesk, Zoho, Mews)

•  Customer profiles (names, contact information, account history)

•  Communication records (support tickets, emails, appointment details)

•  Deal and payment history

•  Booking and reservation data (for hospitality businesses)

•  Service history and preferences

Evidence Collection Data

•  Device and network information (IP address, user agent, device ID)

•  Geographic location data (where available from payment processors)

•  Transaction fingerprints and security indicators

e. Support and Communications

•  Customer support requests and communications

•  Error reports and system notifications

•  User feedback and feature requests

3. How We Use Information

We use collected information to:

•  Provide, maintain, and improve our dispute management Services

•  Authenticate users and manage account access (including admin approval workflows)

•  Process payments and manage subscriptions

•  Connect and synchronize data from integrated payment processors and CRMs

•  Analyze dispute data completeness and generate evidence compilations

•  Automate dispute processing workflows and evidence collection

•  Monitor system performance and security

•  Communicate with users about service updates, support, and legal notices

•  Maintain audit trails for compliance and quality assurance

•  Enforce our terms of service and prevent unauthorized access

•  Comply with applicable legal obligations

4. Information Sharing and Disclosure

We may share information in the following limited circumstances:

Service Providers and Partners

•  ​ChargebackHelp​: Dispute processing and submission services

•  ​Payment Processors​: Secure payment processing (Stripe, Adyen, etc.)

•  ​CRM Platforms​: OAuth token management and API proxying (Pipedream)

•  ​Cloud Infrastructure​: Hosting and data storage providers

•  ​Analytics Services​: Usage monitoring and performance optimization

All service providers are contractually obligated to maintain confidentiality and security of your data.

Legal and Regulatory Requirements

•  When required by law, regulation, court order, or legal process

•  To protect against fraud, security threats, or illegal activity

•  To enforce our terms of service or protect user safety

Business Transfers

•  In connection with a merger, acquisition, or sale of assets, subject to continued data protection

Dispute Processing

•  Customer and transaction data may be shared with ChargebackHelp when submitting disputes for processing

•  Limited customer data necessary for dispute resolution may be included in submissions

We do not sell personal information to third parties for marketing purposes.

5. Data Security

We implement comprehensive security measures to protect your information:

•  Encryption of data in transit and at rest

•  Secure credential storage with AES-256 encryption for API tokens

•  Access controls and role-based permissions

•  Regular security audits and monitoring

•  Multi-tenant data isolation•  Secure webhook signature verification

While we strive to protect your data, no system is completely secure. We cannot guarantee absolute security.

Security and Privacy Support Channels
The organization maintains formal support channels for employees to ask questions or report concerns related to internal controls, security, privacy, and SOC 2 trust services criteria. Employees may use the following channels:

  1. Email: privacy@winchargebacks.io
  2. Slack: #security-support channel
  3. Security & Privacy Support Portal in Notion (includes request form and resources)

These channels are monitored by the CEO and technical lead. All employees are informed of these support mechanisms during onboarding. The organization ensures these channels remain available, documented, and reviewed annually.

6. International Data Transfers

Our Services operate globally and may involve transfers of data to the United States and other jurisdictions. We ensure appropriate safeguards are in place to protect your data in accordance with applicable privacy laws.

7. Data Retention

We retain information only as long as necessary:

•  ​Account Data​: For the duration of your account plus reasonable period for legal/compliance purposes

•  ​Transaction and Dispute Data​: As required for financial compliance and dispute resolution (typically 7+ years)

•  ​Audit Logs​: Minimum 7 years for compliance and security purposes

•  ​Technical Logs​: 90 days to 2 years depending on data type

•  ​Inactive Accounts​: 30 days after account closure before anonymization/deletion

11. Changes to this Policy

We may update this Privacy Policy from time to time. The updated version will be posted on our website with the “Effective Date” revised. Continued use of the Services after changes indicates acceptance of the updated policy.

12. Contact Us

For questions, concerns, or to exercise your privacy rights, please contact us at:

Win Chargebacks
Vancouver, BC, Canada
Email: Privacy@WinChargebacks.io