Privacy Policy

The Personal Data we collect directly from you may include:

• Basic identification information, such as your name, username, job title, and company role;
• Business contact details, such as your email address, telephone number, mailing address, and billing address;
• Account information, such as login details, account preferences, user permissions, and information associated with your use of the Services;
• Company information, such as company name, website, business type, payment operations information, and other details about your organization;
• Commercial and onboarding information, such as how you heard about us, the problems you are trying to solve, your current dispute or chargeback workflows, and information you provide during sales, onboarding, support, or account setup;
• Payment and billing information, such as billing address, invoice details, subscription details, and payment status. Where card payments are used, payment card information may be processed by a third-party payment processor. We do not intentionally store full payment card numbers on our own systems;
• Any other information you choose to provide to us, including information submitted through forms, emails, calls, chats, surveys, support requests, or other communications.

This may include:

• Your name, email address, telephone number, job title, and other business contact details;
• Your company name, company website, business address, and other business identification information;
• Information about how you learned about our Services;
• Contact details of individuals responsible for chargebacks, disputes, fraud prevention, payment operations, finance, or related business functions within your organization;
• Information about your chargeback, dispute, fraud prevention, Ethoca, RDR, CDRN, alert, refund, representment, or similar workflows;
• Estimated or actual volumes of disputes, chargebacks, Ethoca alerts, RDR alerts, CDRN alerts, or similar cases;
• Information about your current or estimated costs relating to Ethoca, RDR, CDRN, dispute management, chargebacks, alerts, refunds, or similar services;
• Monthly revenue ranges, transaction volume ranges, payment processing information, and other business metrics that you choose to provide to us;
• Any additional information you provide during the sales, onboarding, account setup, support, or service configuration process.

When you access or use our website or Services, we may automatically collect certain information, including:

• Usage Information: information about how you use our website and Services, including pages viewed, features used, actions taken, time spent, clickstream data, and interactions with our platform;
• Device Information: information about the device and software you use to access our website or Services, including browser type, operating system, device identifiers, language, time zone, and network information;
• Log Information: server logs and technical information, including access times, referring URLs, IP address, browser type, Internet Service Provider, and error logs;
• Cookie and Tracking Information: information collected through cookies, pixels, web beacons, local storage, and similar technologies, including information used to remember preferences, understand website usage, improve performance, measure campaign effectiveness, and support security;
• Approximate Location Information: information inferred from your IP address or device settings, such as country, region, or city. We do not collect precise GPS location unless we specifically ask for permission and you choose to provide it.

This may include information from:

• Customers, merchants, business partners, payment processors, dispute management providers, fraud prevention providers, or other service providers involved in chargeback, dispute, alert, or payment operations;
• Ethoca, RDR, CDRN, card networks, acquirers, payment processors, payment gateways, fraud prevention providers, dispute management providers, and similar alert or payment-related systems, where our customer has authorised us to access or process that information;
• CRM, analytics, advertising, marketing, enrichment, or lead generation providers, where permitted by applicable law;
• Publicly available sources, such as company websites, business directories, professional profiles, or public company information;
• Other users or representatives of your organization who invite you to use the Services or provide your contact details to us.

Customer Data may include:

• Alert, dispute, chargeback, refund, representment, fraud alert, Ethoca, RDR, CDRN, or similar case information;
• Alert identifiers, case identifiers, transaction identifiers, order identifiers, merchant identifiers, and other reference numbers;
• Source provider information, such as whether an alert or case was received through Ethoca, RDR, CDRN, a payment processor, an acquirer, a gateway, a card network, or another dispute or alert provider;
• Alert and case status information, such as whether an alert or case is pending, resolved, declined, accepted, refunded, represented, or otherwise actioned;
• Alert type and dispute category information, including whether a case relates to fraud, a dispute, a chargeback, an alert, or another payment-related event;
• Transaction information, such as transaction amount, currency, transaction date, alert creation date, descriptor, authorization code, acquirer reference number (ARN), and related payment metadata;
• Limited payment method information, such as card brand, masked card number, bank identification number (BIN/IIN), last four digits, and other non-full payment card metadata where relevant to the Services;
• Limited customer, cardholder, or purchaser information where such information is provided by the customer or relevant provider and is necessary for dispute, alert, refund, fraud prevention, or case management purposes;
• Notes, files, communications, audit logs, timestamps, user actions, and other metadata submitted or generated in connection with the use of the Services.

We may use Personal Data for the following purposes:

• To provide, operate, maintain, secure, and improve our website, platform, and Services;
• To create, manage, verify, and administer user accounts;
• To evaluate, configure, and provide chargeback, dispute, alert, refund, Ethoca, RDR, CDRN, fraud prevention, and related services;
• To communicate with you about your account, enquiries, demos, onboarding, support requests, contracts, billing, and service updates;
• To provide customer support and troubleshoot technical or operational issues;
• To analyse usage, monitor performance, improve user experience, develop new features, and enhance our Services;
• To send marketing, product, and promotional communications where permitted by law. You may opt out of marketing communications at any time;
• To protect the security, integrity, and availability of our Services, systems, users, customers, and business;
• To detect, prevent, investigate, and respond to fraud, abuse, security incidents, unauthorized activity, or unlawful conduct;
• To comply with legal, regulatory, tax, accounting, reporting, and contractual obligations;
• To enforce our agreements, policies, and terms, and to protect our rights, property, and interests.

Depending on the context, our lawful bases may include:

• Performance of a contract: where processing is necessary to provide the Services, create and manage accounts, communicate with you about the Services, provide support, or take steps at your request before entering into a contract;
• Legitimate interests: where processing is necessary for our legitimate business interests or those of a third party, including operating and improving our Services, managing customer relationships, securing our systems, preventing fraud, analysing business performance, and developing our products, provided those interests are not overridden by your rights and interests;
• Legal obligation: where processing is necessary to comply with applicable laws, regulations, tax, accounting, reporting, sanctions, law enforcement, or legal process requirements;
• Consent: where we ask for and receive your consent, such as for certain optional marketing communications, non-essential cookies, or other processing where consent is required by law. You may withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

We may share Personal Data with:

• Service providers and subprocessors that help us provide hosting, infrastructure, analytics, payment processing, communications, CRM, customer support, security, monitoring, data storage, and other business services;
• Payment, dispute, fraud prevention, alert, chargeback, Ethoca, RDR, CDRN, processor, gateway, acquirer, card network, and similar service providers where necessary to provide the Services or where authorised by our customer;
• Customers and account administrators where information relates to an account, organization, case, workflow, or use of the Services;
• Professional advisers such as lawyers, accountants, auditors, insurers, and financial advisers;
• Authorities, courts, regulators, law enforcement, or other third parties where we believe disclosure is necessary to comply with applicable law, legal process, or regulatory obligations;
• Parties involved in a business transaction such as a merger, acquisition, financing, reorganization, sale of assets, liquidation, bankruptcy, or similar transaction;
• Other parties with your consent or where you direct us to share information.

These rights may include the right to:

• Request access to the Personal Data we hold about you;
• Request correction of inaccurate or incomplete Personal Data;
• Request deletion of your Personal Data;
• Request restriction of processing;
• Object to processing based on legitimate interests or direct marketing;
• Request portability of Personal Data you provided to us;
• Withdraw consent where processing is based on consent;
• Lodge a complaint with a data protection authority.

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or believe we have not handled your Personal Data properly, please contact us by:

• Email: [email protected]
• Post: DeflectDispute Ltd, 128 City Road, London, England, EC1V 2NX