ChargeGuard

PRIVACY POLICY

Last updated June 14, 2026

This Privacy Notice for Berdibekov Solutions ("we," "us," or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

  • Visit our website at https://chargeguardapp.com
  • Use ChargeGuard. ChargeGuard is a Shopify app that helps merchants manage payment disputes and chargebacks. The app automatically detects disputes from Shopify Payments, collects order evidence, generates response letters, and submits evidence to payment processors to help merchants win chargeback cases.
  • Engage with us in other related ways, including any marketing or events

Questions or concerns? If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at berdibekovadilet@gmail.com.

TABLE OF CONTENTS

  1. 1. What information do we collect?
  2. 2. How do we process your information?
  3. 3. What legal bases do we rely on to process your personal information?
  4. 4. When and with whom do we share your personal information?
  5. 5. Is your information transferred internationally?
  6. 6. How long do we keep your information?
  7. 7. How do we keep your information safe?
  8. 8. Do we collect information from minors?
  9. 9. What are your privacy rights?
  10. 10. Controls for do-not-track features
  11. 11. Do United States residents have specific privacy rights?
  12. 12. Do we make updates to this notice?
  13. 13. How can you contact us about this notice?
  14. 14. How can you review, update, or delete the data we collect from you?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

We collect personal information that you voluntarily provide to us when you install our app, configure your account, or contact us for support.

Information collected automatically through Shopify

When you install ChargeGuard and grant the requested permissions, we access and store the following data from your Shopify store for the purpose of chargeback management and fraud prevention:

  • Order data: Order ID, order number, total amount, currency, line items, order date
  • Customer data: Customer email address, customer IP address (browser IP at time of order), billing address, shipping address
  • Payment data: Payment transaction ID, payment gateway used, dispute/chargeback details received from Shopify Payments
  • Fulfillment data: Tracking numbers, carrier names, fulfillment status
  • Risk data: Shopify risk assessment level for orders

Alert email address: If you configure email alerts, we store the email address you provide for sending dispute notifications.

Sensitive Information. We do not process sensitive personal information such as health data, biometric data, or government identification numbers.

Payment Data. ChargeGuard is currently free to install and use. We do not collect or process any payment or billing information from you.

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your information for the following purposes:

  • Chargeback detection: Receiving and storing dispute notifications from Shopify Payments
  • Evidence collection: Automatically retrieving order details, customer IP, and tracking information to build dispute evidence packages
  • Fraud prevention: Analyzing order data to calculate risk scores and flag potentially fraudulent orders
  • Customer blacklist: Storing email addresses and IP addresses of customers involved in confirmed fraudulent disputes (only from your own store data)
  • AI letter generation:Sending anonymized dispute information to Anthropic's API to generate professional dispute response letters
  • Email notifications: Sending dispute alerts to the email address you configure in Settings
  • Analytics:Displaying your store's chargeback statistics and win rate trends
  • Service improvement: Using error monitoring (Sentry) to identify and fix bugs

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

We only process your personal information when we believe it is necessary and we have a valid legal reason to do so under applicable law.

If you are located in the EU or UK:We rely on the following legal bases: Performance of a Contract (processing is necessary to provide the chargeback management service you subscribed to), Legitimate Interests (fraud prevention and service improvement), and Legal Obligation (complying with Shopify's GDPR requirements).

If you are located in Canada: We may process your information if you have given us specific permission, or in situations where your permission can be inferred from your use of the service.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

We may share your data with the following third-party service providers who perform services for us:

  • Email delivery: Resend (resend.com) — for sending dispute alert emails
  • Database hosting: Supabase (supabase.com) — for secure data storage
  • App hosting: Railway (railway.app) — for hosting the application
  • AI processing: Anthropic (anthropic.com) — for generating dispute response letters. Only dispute details and evidence data are sent; no full customer profiles are transmitted.
  • Error monitoring: Sentry (sentry.io) — for detecting and diagnosing technical errors
  • Payment processing: Stripe (stripe.com) — if you connect your Stripe account for dispute submission

We do not sell, trade, or rent your personal information or your customers' personal information to third parties.

We may also share your personal information in connection with any merger, sale of company assets, or acquisition of all or a portion of our business.

5. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

Our servers are located in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed by us and our service providers in the United States and other countries.

We have implemented appropriate safeguards including the European Commission's Standard Contractual Clauses for transfers of personal information from the EEA and UK to ensure your data is adequately protected.

6. HOW LONG DO WE KEEP YOUR INFORMATION?

We retain your data for as long as your ChargeGuard account is active or as needed to provide our services:

  • Order cache data (customer IP, addresses): Retained for 90 days after order creation, then automatically deleted
  • Dispute and evidence data: Retained for 2 years to support potential re-disputes and compliance requirements
  • Blacklist entries: Retained until manually removed by the merchant
  • Shop and settings data: Retained until the app is uninstalled; deleted within 48 hours after receiving the shop/redact webhook from Shopify

When we have no ongoing legitimate business need to process your personal information, we will delete or anonymize it.

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process, including:

  • Encrypted connections (HTTPS/TLS) for all data transmission
  • Database encryption at rest via Supabase
  • Access token security via Shopify's OAuth 2.0 protocol
  • Environment-based secrets management (no credentials in source code)

However, no electronic transmission over the Internet can be guaranteed to be 100% secure. You should only access the Services within a secure environment.

8. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly collect, solicit data from, or market to children under 18 years of age. ChargeGuard is a business tool intended for use by Shopify merchants who are at least 18 years of age. By using the Services, you represent that you are at least 18 years of age.

9. WHAT ARE YOUR PRIVACY RIGHTS?

Depending on your location, you may have the following rights:

  • The right to access the personal information we hold about you
  • The right to correct inaccurate personal information
  • The right to request deletion of your personal information
  • The right to withdraw consent at any time
  • The right to data portability
  • The right to object to processing

To exercise any of these rights, please contact us at berdibekovadilet@gmail.com. We will respond to your request within 30 days.

If you are located in the EEA or UK and believe we are unlawfully processing your personal information, you have the right to complain to your local data protection supervisory authority.

10. CONTROLS FOR DO-NOT-TRACK FEATURES

We do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online, as there is no finalized standard for how such signals should be interpreted.

11. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

If you are a resident of California, Colorado, Connecticut, Virginia, or other US states with applicable privacy laws, you may have the right to:

  • Request access to the personal information we hold about you
  • Request correction or deletion of your personal information
  • Opt out of the sale or sharing of your personal information (note: we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

To exercise these rights, email us at berdibekovadilet@gmail.com. We will respond within 45 days as required by applicable law.

12. DO WE MAKE UPDATES TO THIS NOTICE?

Yes, we will update this notice as necessary to stay compliant with relevant laws and to reflect changes in our data practices. The updated version will be indicated by an updated "Last updated" date at the top of this Privacy Notice. We encourage you to review this notice periodically.

13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may contact us at:

Berdibekov Solutions
Bishkek, Kyrgyzstan
Email: berdibekovadilet@gmail.com

14. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information we collect from you, correct inaccuracies, or delete your personal information.

To make a request, please email us at berdibekovadilet@gmail.com with the subject line "Data Request — ChargeGuard" and include your Shopify store domain so we can locate your data.

You may also uninstall the ChargeGuard app from your Shopify admin at any time, which will trigger automatic deletion of your store data within 48 hours.