RRecoup← Back to site

Privacy Policy

Last updated: June 22, 2026

Recoup (“we”, “us”) is a chargeback-representment application that helps merchants automatically respond to payment disputes. This policy explains how we handle personal data belonging to our merchants’ customers, prospective customers, and site visitors.

1. What data we process

When a chargeback is filed against a merchant, Recoup reads only the data needed to build dispute evidence:
  • Customer name, email, phone, and billing/shipping address
  • Order details and line items
  • Transaction risk signals (AVS/CVV results, order IP address, fraud / risk assessment)
  • Fulfillment and carrier tracking information

We access this data from the merchant’s connected platforms (Shopify, Whop, PayPal) and tracking providers (17TRACK) at the time a dispute is processed.

2. Why we process it

Solely to assemble and submit chargeback-representment evidence to the payment processor on the merchant’s behalf. We use it for no other purpose. We do not use it for marketing, advertising, profiling, or sale, and we limit our use of personal data to this purpose.

3. What we store

We do not persistently store customer personal data — it is fetched live when a dispute is processed and is not cached. We store only:
  • Merchant configuration and settings
  • OAuth access tokens for connected platforms (encrypted, server-side)
  • A dispute audit log (dispute IDs, status, amounts, and processing actions — not raw customer personal data)

4. Sharing and sub-processors

We do not sell or rent personal data. We use these sub-processors to operate the service:
  • Fly.io — application hosting
  • Supabase — database (settings, tokens, audit log)
  • Anthropic — AI generation of representment narrative text, provided only the minimum facts needed to draft the letter
  • 17TRACK — delivery-tracking lookups

5. Retention

Customer personal data is not retained beyond the processing of a dispute. Audit-log records (which do not contain raw personal data) are retained only as long as needed to provide the service and meet legal/dispute requirements, then deleted.

6. Security

Data is encrypted in transit (TLS) and at rest. Access to systems is restricted and protected by strong authentication. We maintain a security incident-response procedure for handling any breach.

7. Your rights and data deletion

Merchants and their customers may request access to or deletion of personal data. We honor Shopify’s mandatory data-deletion webhooks (customers/redact, shop/redact) and equivalent requests. Because we do not retain customer personal data, redaction requests are satisfied by removing any associated stored records.

8. Contact

Questions or requests: recoupsupport@gmail.com