Legal

Privacy policy

Counterproof, chargeback dispute evidence automation for Shopify merchants.

What we collect

Counterproof processes only the data needed to build and submit chargeback evidence for the disputes it handles. From your Shopify store, via these four OAuth scopes:

  • read_orders — Read order, fulfillment, and tracking data — the raw material of a dispute packet.
  • read_shopify_payments_disputes — Read the chargeback/dispute records the app responds to.
  • read_shopify_payments_dispute_evidences — Read the dispute evidence already on file for a case.
  • write_shopify_payments_dispute_evidences — Save the assembled evidence packet back to Shopify so Shopify's auto-submit sends our packet.

If you connect Stripe, we read dispute and evidence data from your Stripe account using a restricted key you provide (Disputes read/write and Files write only). The key is stored encrypted and is never displayed again in full.

We do not currently operate a device-fingerprint or IP-capture pixel. When enabled in a future release, device-ID and IP capture at checkout will be documented here before it collects anything, and disclosed at the point of capture.

How long we keep it

Dispute and order data is retained while your account is active and for the period we may need it to defend a submitted dispute or meet a legal obligation. When a shop uninstalls, its stored dispute data and credentials are purged after the Shopify shop/redact window (below).

GDPR / privacy webhooks we honor

Shopify sends three mandatory compliance webhooks; every request is HMAC-verified before it is trusted, recorded in our audit trail, and acknowledged:

  • customers/data_request — We log the request in our audit trail and acknowledge it. Counterproof stores dispute evidence keyed by order, not by customer profile, so there is no separate customer profile to export.
  • customers/redact — We log and acknowledge the erasure request. Any order-scoped dispute data tied to the customer is removed in line with our retention schedule.
  • shop/redact — Sent 48 hours after a shop uninstalls. We log and acknowledge it, then purge the shop’s stored dispute data and credentials.

We do not sell your data

We do not sell, rent, or share your data for advertising or any purpose beyond operating the service. Data is used only to build, review, and submit your dispute evidence.

Subprocessors

We rely on these processors to run the service:

  • Cloudflare — Application hosting, database, and file storage (Workers, D1, R2).
  • AI text-generation infrastructure — The language model that writes rebuttal-letter prose within a fixed evidence skeleton. It never selects evidence or asserts facts (spec §2.3).
  • Stripe — Read dispute and evidence data from your connected Stripe account, via a restricted key you provide.

Contact

Questions about this policy or your data: support@counterproof.app.