ShieldPay

Privacy Policy

Last updated: April 3, 2026

1. Data We Collect

ShieldPay collects only the data necessary to defend your chargeback disputes. This includes:

  • Shop domain — to identify your Shopify store and authenticate API requests.
  • Order IDs and order details — including shipping address, line items, fulfillment status, and timestamps, used solely for building dispute evidence.
  • Dispute data — reason codes, amounts, timelines, and outcomes provided by Shopify.
  • Merchant email — for notifications about new disputes and outcomes.

We do not collect or store payment card data. All payment processing for success fees is handled by Stripe, which is PCI-DSS compliant.

2. How We Use Your Data

Your data is used exclusively for the following purposes:

  • Automatically detecting and managing chargeback disputes on your behalf.
  • Collecting and compiling evidence to submit responses via the Shopify Disputes API.
  • Generating AI-assisted summaries of evidence using the Anthropic Claude API.
  • Sending you email notifications about dispute status changes.
  • Calculating and processing success fees when disputes are won.

Your data is never sold, rented, or shared with third parties for marketing purposes.

3. Data Retention

We retain your data for as long as your store is connected to ShieldPay. If you uninstall the app, your data is retained for 90 days to allow for any pending dispute resolutions or billing queries. After this period, all your data is permanently deleted from our systems.

Dispute records and associated evidence may be retained for up to 18 months where required by applicable financial regulations or active legal proceedings.

4. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access — request a copy of the data we hold about you.
  • Right to rectification — request correction of inaccurate data.
  • Right to erasure — request deletion of your personal data.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing of your personal data.

To exercise any of these rights, contact us at hello@getshieldpay.com. We will respond within 30 days.

5. Contact

For any privacy-related questions or requests, please contact us at:

hello@getshieldpay.com

6. Data Controller

The data controller responsible for your personal data is:

Navas Medisafe S.L.U.
Spain
hello@getshieldpay.com