Mon–Fri · 8am–7pm EST support@claimshielded.com +1 (628) 555-0193
SOC 2 · PCI DSS L1 · GDPR Ready
Start Recovery
Home Privacy Policy
Legal

Privacy Policy

How we collect, use, share, secure and let you control your personal and merchant data when you use ClaimShielded.

Effective date: January 4, 2026 · Version 4.2 · Maintained by the ClaimShielded Privacy Office

1. Scope of this policy

This policy applies to information ClaimShielded Inc. ("ClaimShielded", "we", "our") receives when you interact with our public website, request a recovery audit, communicate with our team, or use the ClaimShielded platform under a signed Order Form. It does not extend to third-party products you use independently of us, even when linked from our site.

2. Information we collect

We collect a narrow set of categories and we collect them for a specific purpose:

From you, directly

  • Business contact data — full name, work email, phone, company, role and the message you send through forms.
  • Account credentials — limited to scoped OAuth tokens granted to us by your processor for read-only API access.
  • Communications — emails, support tickets and meeting notes shared with our solutions or success teams.

From systems you connect

  • Dispute and transaction metadata — order ID, amount, currency, processor, reason code, timestamps, AVS, CVV and IP-level signals — pulled exclusively under your OAuth grant.
  • Order enrichment — shipping carrier confirmation, tracking, customer-service tickets and CRM context where you authorize the relevant connector.

From the web environment

  • Site analytics — anonymized page views, referrer, device class, and aggregated engagement metrics collected through a first-party analytics layer.

3. How we use your data

Data we hold is used only to deliver, secure and improve the platform you signed up for:

  • To classify, defend, refund or report on chargebacks you experience.
  • To provide compelling evidence to issuers under written merchant authorization.
  • To investigate fraud and protect both you and the broader merchant network.
  • To meet legal, regulatory and accounting obligations.
  • To improve product features through aggregated, de-identified analysis. We do not train external models on personally identifiable cardholder data.

4. Sharing and subprocessors

We share information only in the following circumstances:

  • With payment networks, acquirers and issuers, strictly where required to submit your representment.
  • With subprocessors we engage to host, secure or operate the platform. Our current list is published at /trust and updated 30 days before any change.
  • With professional advisers and auditors under contractual confidentiality, where required for SOC 2, PCI DSS or contractual obligations.
  • To respond to lawful requests from government authorities — narrowly, only with valid process, and where permitted we will inform the affected customer first.

We do not sell personal information, and we do not allow our subprocessors to use it for their own purposes.

5. Retention

We retain dispute and transaction data for the duration of your contract plus a defined tail period (typically twelve months) required for representment evidence and audit obligations. Marketing and form-submission data is retained for up to 24 months unless you ask us to delete it earlier.

6. Security

We operate under SOC 2 Type II controls audited annually, and our platform sits in PCI DSS Level 1 scope. Data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted with AES-256 keys rotated on a defined schedule and stored in a dedicated key management service. Access is granted only on the principle of least privilege, logged, and reviewed every quarter.

7. Your rights

Subject to applicable law (including GDPR, UK-GDPR and the CCPA), you can request access, correction, deletion, portability, and restriction of processing of personal data we hold about you. To exercise any of these rights, email support@claimshielded.com. We respond inside 30 days, or sooner where required by law.

8. International transfers

ClaimShielded operates regional environments in the United States and the European Union. EU customer data stays inside EU regions unless you direct us otherwise in writing. Where we move personal data between jurisdictions, we rely on Standard Contractual Clauses, applicable UK addenda and supplementary measures.

9. Changes to this policy

When we materially change this policy, we will email the primary account contact at least 30 days in advance and post the prior version under /trust/archive. Continued use of the platform after the effective date constitutes acceptance.

10. Contact

Questions, requests and complaints go to:
ClaimShielded Privacy Office
240 East 27th Street, Suite 1110
New York, NY 10016
support@claimshielded.com