Privacy Policy

Last updated: May 2026

DisputeDesk is operated by Dominion Lux Holdings Limited. This policy explains how we handle your data.

What data we collect

When you create an account, we collect your email address and a hashed password. It is stored by Supabase. We never see the plaintext password.

When you save a case, we store the case content you provide: customer name, order number, scenario type, generated reply, and evidence pack. This is associated with your user ID.

We track usage events such as when a case is generated or exported. These are used to manage plan limits and improve the product.

Shopify app: data accessed and stored

If you install the DisputeDesk Shopify app, we access Shopify data only when you take an action inside the embedded app. We do not access your store data in bulk or in the background.

Data accessed on merchant request:

  • Order details (order number, line items, totals, dates) -- accessed when you enter an order number in the Order Lookup tool
  • Fulfillment and tracking information -- accessed as part of the same order lookup
  • Customer name and shipping address -- accessed to prefill the chargeback response form

Data received via webhook (requires Protected Customer Data approval):

  • Shopify Payments dispute details -- reason code, disputed amount, evidence deadline, associated order ID -- received when Shopify sends a dispute notification to our servers

What we store from the Shopify app:

  • Your shop domain and access token (in shopify_connections) -- stored to authenticate future order lookups
  • Raw dispute webhook payloads (in shopify_dispute_events) -- audit log of disputes received
  • Normalised dispute metadata (in shopify_dispute_drafts) -- used to prefill your chargeback response form

What we do not store from the Shopify app:

  • Order data is not persisted from the order lookup -- it is passed through to the response form only
  • Full customer PII is not stored in dispute drafts -- customer name only, for your reference
  • Payment card data is never accessed or stored

All data generated by the Shopify app is used solely to help you prepare your own dispute response. DisputeDesk does not submit evidence to Shopify Payments, your bank, or any payment processor on your behalf. No Shopify data is sold to third parties or used for marketing.

When you uninstall the app or request data deletion, all stored Shopify data (shop connection, dispute events, and dispute drafts) is deleted from our servers.

What data we do not collect

  • We do not access your email inbox
  • We do not access your Shopify store data without a merchant-initiated action
  • We do not access Shopify store data in bulk
  • We do not sell your data to third parties
  • We do not use your dispute content to train AI models
  • We do not collect payment card details (Paddle handles payments)

How we use your data

  • To provide the DisputeDesk case generator and evidence pack builder
  • To save and retrieve your cases across devices
  • To manage your plan entitlement and case limits
  • To respond to support requests
  • To send essential product communications (no marketing without consent)

Data storage and security

Your data is stored in Supabase (PostgreSQL), with Row Level Security enabled. Each user can only access their own data. Authentication is managed by Supabase Auth.

Local-mode data (when not logged in) is stored only in your browser's localStorage and never sent to our servers.

Third-party services

  • Supabase: database and authentication (EU servers available)
  • Paddle (where payment is processed through Paddle): Paddle.com Market Limited or its applicable affiliate may act as Merchant of Record and may collect and process payment-related information such as your name, email address, billing address, payment method details, tax information, transaction records, and fraud-prevention information. Paddle processes this information according to its own Privacy Policy. DisputeDesk does not store full card details on its own servers.
  • Other payment providers (where applicable): if payment is processed through another provider, such as Shopify Payments or another checkout provider, that provider may process payment-related information according to its own privacy terms.
  • Vercel: hosting and edge delivery

Your rights

You can request deletion of your account and all associated data at any time. Email support@getdisputedesk.com.

You can export your cases at any time using the export functions on the Saved Cases page.

Cookies

We use session cookies required for authentication. We do not use tracking or advertising cookies.

Contact

Questions about privacy: support@getdisputedesk.com