Privacy Policy

Last updated: March 1, 2026

1. Introduction

ChargeX Disputes, Inc. (“ChargeX,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal and business information. This Privacy Policy explains how we collect, use, store, share, and protect information when you use the ChargeX Disputes platform, website located at chargexdisputes.com, and all related services (collectively, the “Services”).

By accessing or using the Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please discontinue your use of the Services. This policy applies to all merchants, visitors, and users of the ChargeX platform.

ChargeX operates as both a data controller (for merchant account data) and a data processor (for customer transaction data you share with us). We take both roles seriously and apply the same high standards of care to all data we handle.

2. Information We Collect

We collect several categories of information to provide and improve the Services:

  • Account Information: Name, business name, email address, phone number, billing address, and password when you register for an account.
  • Business Verification Data: Tax identification number, business registration documents, and payment processor credentials required to connect your accounts.
  • Transaction Data: Order details, customer names, billing and shipping addresses, purchase amounts, IP addresses, device fingerprints, and other transaction metadata you or your processor share with us.
  • Dispute Data: Chargeback reason codes, card network case IDs, issuing bank communications, evidence documents, and dispute outcomes.
  • Usage Data: Log files, IP addresses, browser type, operating system, pages visited, features used, session duration, and clickstream data from your use of the platform.
  • Communication Data: Emails, support tickets, chat transcripts, and other communications you send to us.
  • Payment Information: Billing details for paying ChargeX invoices. Full payment card data is processed by our PCI-compliant payment processor and is never stored on ChargeX servers.
  • Integration Data: API keys, webhook configurations, and processor authentication tokens needed to connect your payment systems.

3. How We Use Your Information

ChargeX uses collected information for the following purposes:

  • Service Delivery: Processing disputes, generating evidence packages, submitting representments to card networks, and managing alert responses on your behalf.
  • Account Management: Creating and maintaining your account, authenticating logins, and providing access to the platform.
  • Billing: Calculating performance fees, generating invoices, and processing payments for Services rendered.
  • Platform Improvement: Analyzing usage patterns, testing new features, and training our AI models on aggregated, anonymized dispute data to improve win rates across all accounts.
  • Communications: Sending transactional emails (dispute updates, invoice notifications), product announcements, and service alerts relevant to your account.
  • Compliance: Meeting legal obligations, responding to lawful requests from government authorities, and enforcing our Terms of Service.
  • Fraud Prevention: Detecting suspicious activity, preventing unauthorized access, and protecting the integrity of the platform.
  • Customer Support: Responding to your inquiries and resolving issues with your account or disputes.

4. Data Security

Security is foundational to everything we build at ChargeX. We implement the following technical and organizational measures to protect your data:

  • AES-256 Encryption: All data at rest is encrypted using AES-256, the same standard used by financial institutions and government agencies worldwide.
  • TLS 1.3 in Transit: All data in transit between your browser, our APIs, and our infrastructure is encrypted using TLS 1.3 with perfect forward secrecy.
  • PCI DSS Level 1 Compliance: Our platform undergoes annual PCI DSS Level 1 audits — the highest level of payment card industry compliance — conducted by an approved Qualified Security Assessor (QSA).
  • SOC 2 Type II: Our security controls, availability, and confidentiality practices are audited annually under the SOC 2 Type II framework.
  • Access Controls: Role-based access control (RBAC) limits internal access to sensitive data on a strict need-to-know basis. All access is logged and audited.
  • Penetration Testing: We conduct quarterly penetration tests by independent third-party security firms and remediate all critical and high findings within 30 days.
  • Incident Response: We maintain a documented incident response plan. In the event of a data breach affecting your information, we will notify you within 72 hours of confirmation in compliance with applicable law.

5. Information Sharing

ChargeX does not sell your personal or business information to third parties. We share information only in the following limited circumstances:

  • Card Networks and Issuers: Transaction evidence and dispute data is shared with Visa, Mastercard, American Express, Discover, and issuing banks as required to represent your disputes.
  • Alert Networks: Relevant transaction data is shared with Ethoca (Mastercard) and Verifi (Visa) to process pre-dispute alerts on your behalf.
  • Service Providers: We share data with vetted sub-processors — including cloud hosting, email delivery, and analytics providers — under strict data processing agreements that prohibit use beyond the specified purpose.
  • Legal Requirements: We may disclose information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect the rights, property, or safety of ChargeX, our users, or others.
  • Business Transfers: In connection with a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred to the acquiring entity, subject to the same privacy protections described here.
  • With Your Consent: We may share information with third parties when you have given explicit written consent.

6. Data Retention

We retain different categories of data for different periods based on legal requirements and operational necessity:

  • Account Data: Retained for the duration of your account and for 7 years after account closure to comply with financial recordkeeping requirements.
  • Transaction and Dispute Data: Retained for 7 years from the date of the original transaction, consistent with card network chargeback representment requirements and applicable financial regulations.
  • Usage Logs: Retained for 90 days for security and debugging purposes, then deleted.
  • Support Communications: Retained for 3 years from the date of the communication.
  • Billing Records: Retained for 7 years in accordance with tax and accounting requirements.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data, subject to our legal retention obligations.
  • Right to Restriction: Request that we limit the processing of your data in certain circumstances.
  • Right to Portability: Request a machine-readable export of your account and transaction data.
  • Right to Object: Object to processing of your data for direct marketing or other purposes based on legitimate interests.
  • Right to Opt Out of Sale: California residents may exercise CCPA rights to opt out of the sale of personal information (note: ChargeX does not sell personal data).

To exercise any of these rights, contact us at info@chargexdisputes.com. We will respond to all verified requests within 30 days.

8. Cookies and Tracking

We use cookies and similar tracking technologies to operate and improve the Services. Specifically:

  • Essential Cookies: Required for the platform to function, including session management, authentication tokens, and security features. These cannot be disabled.
  • Analytics Cookies: Used to understand how users interact with the platform, identify performance bottlenecks, and measure feature adoption. We use privacy-focused analytics and do not share this data with advertising networks.
  • Preference Cookies: Store your platform settings and preferences, such as dashboard layout and notification preferences.

You can control non-essential cookies through your browser settings or our cookie preference center. We do not use cookies for behavioral advertising or sell cookie data to ad networks.

9. International Data Transfers

ChargeX is headquartered in the United States. If you are located outside the United States, your data will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for international data transfers. A copy of our SCCs is available upon request at info@chargexdisputes.com.

10. Children's Privacy

The ChargeX Disputes Services are intended solely for use by businesses and adult individuals acting in a commercial capacity. We do not knowingly collect personal information from anyone under the age of 18. If you believe we have inadvertently collected information from a minor, please contact us immediately at info@chargexdisputes.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Post the updated policy on this page with a revised “Last updated” date.
  • Send an email notification to the address associated with your account at least 30 days before material changes take effect.
  • Display a prominent banner in the platform dashboard when significant changes are in effect.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out:

We are committed to resolving any privacy concerns promptly and transparently. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.