Privacy Policy

Last updated: June 19, 2026

1. Introduction

DisputeShield ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

By using DisputeShield, you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

2.1 Account Information

When you register, we collect your email address, full name, and authentication credentials. If you sign in with Google, we receive your Google account's email and display name.

2.2 Case & Order Data

To create dispute cases, you provide order details (order ID, customer name, customer email, order value, dates), dispute information (type, amount, dates), and shipping details (carrier, tracking number, delivery status). This data is stored securely in our database and is only accessible by your account.

2.3 Uploaded Files

You may upload evidence files including invoices, tracking screenshots, delivery proof, and customer communications. These files are stored in encrypted cloud storage (Supabase Storage) and are only accessible by your account. Files are not shared with third parties except as required for AI processing.

2.4 Payment Information

Subscription payments are processed by Stripe. We do not store your credit card details. Stripe may collect and process your payment information per their own privacy policy at stripe.com/privacy.

2.5 Usage Data

We collect usage data such as pages visited, features used, and session duration to improve our service. This is processed in aggregate and does not identify individual users.

3. AI Processing & Disclosures

To provide our dispute analysis, we use Google Gemini. We only send necessary, structured case data to the Google Gemini API. This data is not used for advertising or AI training purposes.

Specifically:

  • Data Transmitted: Only necessary structured case details are sent to the AI, including order information (e.g., order value, transaction date), dispute type, and shipping/tracking status.
  • Full Files Excluded: Full uploaded files are not sent to Google Gemini unless required for text extraction or parsing, and we minimize any data transmitted.
  • No Training or Advertising: Google does not use data sent via the Gemini API to train its foundation models, nor is it used for advertising profiles.
  • Google Privacy Policy: For more details on how Google processes developer API data, visit the Google’s privacy policy.

LEGAL DISCLAIMER: DisputeShield does not provide legal advice. All AI-generated outputs are for informational purposes only.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), our legal bases for processing personal data are:

  • Contract performance: Processing necessary to provide the service you signed up for.
  • Legitimate interests: To improve our service, prevent fraud, and maintain security.
  • Consent: For optional communications such as marketing emails (you may withdraw consent at any time).
  • Legal obligations: To comply with applicable laws and regulations.

5. Data Storage & Security

Your data is stored on secure cloud servers. We implement industry-standard encryption and security practices to protect your personal details and case records from unauthorized access.

6. Data Retention

We retain your account data and case information for as long as your account is active. Uploaded evidence files are retained for 12 months from the last case update. When you delete a case or your account, all associated files and data are permanently deleted within 30 days, following the gradual deletion process described in Section 8.

7. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data.
  • Rectification: Request correction of inaccurate data.
  • Erasure ("Right to be forgotten"): Request deletion of your account and all associated data.
  • Portability: Request your data in a machine-readable format.
  • Restriction: Request we limit how we process your data.
  • Objection: Object to processing based on legitimate interests.

To exercise any of these rights, email us at privacy@disputeshield.net. We will respond within 30 days.

8. Account and Data Deletion

You can request the deletion of your account and all associated case records at any time through your dashboard settings or by emailing our privacy team at privacy@disputeshield.net.

To ensure system integrity, our deletion process is gradual:

  • Immediate Revocation: Access to your account and records is revoked immediately (soft-deletion). Your data will no longer be visible or accessible on the platform.
  • Gradual Hard-Deletion: Complete, permanent removal of your data from active production databases and filesystems occurs within 30 days of your request.
  • Backups: System backups are not modified immediately but are overwritten on a rolling schedule. All data in backups will be permanently purged and overwritten, with a final deletion timeframe of 30 days across all systems and backups.

9. Third-Party Services

We use the following third-party services:

  • Supabase — Database and file storage (supabase.com/privacy)
  • Google Gemini (Google AI Studio) — AI case analysis processing (policies.google.com/privacy)
  • Stripe — Payment processing (stripe.com/privacy)
  • Vercel — Application hosting (vercel.com/legal/privacy-policy)
  • Microsoft Clarity — User behavior analytics and session tracking (privacy.microsoft.com/privacystatement)

10. Cookies and Tracking

We use essential cookies for authentication and session management. These are necessary to log into your account and run the application.

Additionally, on our public marketing homepage, we use Microsoft Clarity to analyze user interaction and optimize website experience. This tracking captures interaction metrics (such as clicks, scrolls, and mouse movements) and device/browser details. No tracking technologies are deployed within the authenticated user dashboard or on dispute evidence pages.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email and update the "Last updated" date above. Continued use of DisputeShield after changes constitutes your acceptance of the updated policy.

12. Contact Us

For privacy questions or to exercise your rights:

DisputeShield

Email: privacy@disputeshield.net

Support: support@disputeshield.net