Privacy Policy |

Privacy Policy

Last updated:

December 2023

1. Introduction

This Privacy Policy describes ChargebackHit’s policies and procedures on the collection, use and disclosure of Your Personal Data when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. BY USING THE SERVICE, YOU PROMISE US THAT (I) YOU HAVE READ, UNDERSTAND AND AGREE TO THIS PRIVACY POLICY, AND (II) YOU ARE OVER 18 YEARS OF AGE. If you do not agree, or are unable to make this promise, you must not use the Service. In such case, you must contact ChargebackHit to request deletion of your data.

The words of which the initial letter is capitalized have meanings defined under the following conditions.

The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

2. Definitions

For the purposes of this Privacy Policy:

  • Affiliate means an entity that controls, is controlled by or is under common control with the Company, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
  • Chargebackhit (referred to as either “ChargebackHit”, “CBH”, “Company”, “We”, “Us” or “Our” in this Agreement) refers to ChargebackHit affiliates.
  • Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. 
  • Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
  • Country refers to: Republic of Cyprus.
  • Customer means a person who makes a payment for Merchant’s online goods and/or services and initiate chargeback prevention procedure.
  • EEA includes all current member states to the European Union and the European Economic Area.
  • GDPR means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
  • Merchant means a business that sells online goods and/or services to customers and uses CBH’s chargeback prevention services.
  • Personal Data is any information that relates to an identified or identifiable individual, such as a name, email, a telephone number, IP address, etc.
  • Process, in respect of personal data, includes to collect, store, use, restrict, erase, destruct and disclose to others.
  • Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Service refers to the services provided by CBH, such as chargeback prevention services, and other related technical services, as well as the Website infrastructure, where applicable.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
  • Third-Party Service Providers refer to third-party companies that offer services designed to minimise the occurrence and impact of chargebacks. These providers use various technologies to analyse transactional data, and may collaborate with Merchants, financial institutions, and Customers to resolve disputes and prevent fraudulent activities. 
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Website refers to ChargebackHit, accessible from or
  • You means a person whose personal data is processed by ChargebackHit, including, inter alia, Customer who initiate chargeback prevention procedure, and the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

3.Data we collect

a. Personal Data provided by you through the Website

While registering an account or using Our Website, We may ask You to provide Us with certain Personal Data that can be used to contact or identify You, as well as to reply to your inquiries. Personal Data may include, but is not limited to:

  • Full name
  • Email address
  • Your company’s website
  • Other data You provide when using Our Website, such as the messages you sent to our support team

b. Personal Data of Customers

When a Customer initiates chargeback procedure against Merchant, CBH process the Personal Data which is necessary to provide chargeback prevention services to the Merchant. We receive these data partly from Merchant and partly from Third-Party Service Providers. Personal Data may include, but is not limited to the Customers’:

  • Name, username;
  • Email address;
  • Telephone number;
  • IP address;
  • Postal and billing address (state, zip code, city);
  • Date of birth;
  • Order description;
  • Date and amount of transaction;
  • Transaction data;
  • Mask card;
  • Device (e.g., operating system and browser);
  • Length of customer relationship.

c. Usage Data

Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Website that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data, Your interactions with the Website (e.g., mouse movements, clicks, scrolls, and inputs).

d. Cookies

We use Cookies to track the activity on Our Website and store certain information.

Cookies can be “Persistent” or  “Session”. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close your web browser.

We use both session and persistent Cookies for the purposes set out below:

(i) Advertising Cookies

Type: Persistent Cookies

Administered by: Google, Facebook, Getsitecontrol

Purpose: These cookies collect information about Your online activities and interests to help advertisers deliver more relevant advertisements. They are also used to limit the number of times You see an advertisement and measure the effectiveness of advertising campaigns.

(ii) Functionality Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies allow Us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

(iii) Analytical Cookies

Type: Persistent

Administered by: Us, Google

Purpose: These Cookies are used to understand how visitors interact with the Website. These Cookies help provide information on different metrics, such as the number of visitors, bounce rate, traffic source, etc.

(iv) Security Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These cookies are crucial for the secure operation of CBH’s website. They authenticate users, protect user data, and help Us to prevent fraudulent use of login credentials. They are essential to maintain the integrity of user accounts and user data.

You can find more information about the individual cookies We use and the purposes for which We use them in the table below:


This Cookie, installed by Google, is used to ensure that user authentication remains secure across third-party websites.

1 year

This Cookie, installed by Google, provides additional layers of HTTPS-based security for authentication tokens within Google domains.

1 year

This Cookie, installed by Google, is used to protect user data from unauthorized access in services like Gmail.

1 year

This Cookie, installed by Google, is used to securely authenticate the user across different Google domains.

1 year

This Cookie, installed by Google, provides additional layers of HTTPS-based security for authentication tokens within Google domains.

1 year

This Cookie, installed by Google, is used for user authentication and session management in Google services.

1 year

This Cookie, installed by Google, is used to manage anti-forgery efforts and secure sign-ins across Google services.

1 year

This Cookie, installed by Google, is used to collect user behavior information and ad targeting within the Google ecosystem.

1 year

This Cookie, installed by Google, is used to verify the Google account user and protect against fraudulent use of login credentials and user data.

1 year

This Cookie, installed by Google, is used to maintain session-specific settings like language preferences in Google services.

1 year

This Cookie, installed by Google, is used when the website uses HTTPS to ensure secure data transmission; it’s a secure version of APISID.

1 year

This Cookie, installed by Google, is used in third-party websites using Google services for secure data transmission; it’s another secure variant of APISID.

1 year

This Cookie, installed by Google, is used to store user preferences and targeted ad settings.

6 months

This Cookie, installed by Google, is used for website analytics and ad revenue tracking; it compiles site usage statistics and tracks conversion rates.

1 month

This Cookie, installed by Google, is used to gather aggregated user behavior for Google Analytics.

24 hours

This Cookie, installed by Google, is used for tracking user interactions within the website, often for the purpose of analytics or customization.

6 months

This local storage, installed by Google, is used to provide spam protection.

6 months

This Cookie, installed by Facebook, is used to enhance advertising experiences through real-time bidding from third-party advertisers.

30 days

This Cookie, installed by Facebook, is used to save browser details and securely identify the browser during server-client interaction.

1 year

This Cookie, installed by Facebook, identifies the web browser being used to connect to Facebook independent of the logged-in user.

1 year

This Cookie is used to distinguish between human and bot traffic, improving website security.

24 hours

This Cookie is used for identifying new and returning users, often for the purpose of marketing or web analytics.


This Cookie calculates visitor, session, and campaign data for the website’s analytics report.

2 years

This Cookie is used to throttle the request rate, reducing the load on servers during high-traffic periods.

10 minutes

This Cookie is used to collect user data to distinguish between different users visiting the website for analytics purposes.

24 hours

This Cookie is used to separate users and collect analytics data.

1 year

This Cookie calculates visitor, session, and campaign data for the website’s analytics report.

2 years

This Cookie is used to confirm that the user has agreed to the website’s cookie usage policy.

no longer than 6 months 

This Cookie is used to facilitate ad targeting and optimization by storing data on user interactions with ads across various platforms.

3 months

This local storage is used for tracking user behaviour over the long term, often for marketing analysis and customer segmentation.

2 years

This Cookie calculates visitor, session, and campaign data for the website’s analytics

2 years

This Cookie, installed be DoubleClick, is used for collecting users’ behaviour and interactions with ads, making it possible for advertisers to serve more relevant content to the target audience.

24 hours

This Cookie installed be DoubleClick, is used for serving targeted ads and evaluating the effectiveness of advertising campaigns. 

1 month

This Cookie installed be DoubleClick, is used for analytics and tracking. It helps in measuring the performance and effectiveness of various types of advertising campaigns.

2 weeks

This Cookie installed be DoubleClick, is used for debugging and analytic purposes on the DoubleClick platform. It helps in troubleshooting and performance optimization of advertising scripts and modules.

1 month

This local storage file, installed by Getsitecontrol, contains analytical information about the number of visits to our Website.

This local storage file will expire when you delete it in your browser

This local storage file, installed by Getsitecontrol for creating an analytics report of the Website’s performance. It contains information about geolocation, device, the number of viewed pages, the source you come to our Website from, how many sessions you had on our Website, the date and time of the last visit.

This local storage file will expire when you delete it in your browser

This local storage file, installed by Getsitecontrol, collects analytical information about our widgets used on the Website: the statistics of view, submit, closing actions, and start and stop conditions.

This local storage file will expire when you delete it in your browser

This Cookie, installed by Optinmonster, is used for identifying new and returning users, often for the purpose of marketing or web analytics.


This local storage, installed by Optinmonster, is used to hold page, referrer and timestamp data for when a specific visitor first visited your site.



This Cookie, installed by Optinmonster, is used to provide functions across pages.



This local storage, installed by Leadfeeder, is used to store and track audience reach.

2 years









* This service may also collect information regarding the use of other sites, apps and online resources. You can learn about Google’s practices on the Google website.

** Local storage is a client-side storage solution with a larger capacity than Cookies and is not sent to the server with HTTP requests. 

*** DoubleClick is a subsidiary of Google, a digital advertising platform.

**** Getsitecontrol is using local storage instead of cookies. The information about the way Getsitecontrol stores and processes data can also be found on the Getsitecontrol website.

***** Optimonster is a lead generation tool that helps businesses capture visitor information through various types of forms and pop-ups. You can learn about Optimonster’s practices on the Optimonster website.

****** Leadfeeder is a B2B analytics tool that identifies website visitors to help businesses generate leads and enhance sales efforts. You can learn about Leadfeeder’s practices on the Leadfeeder website.

Your Choice Regarding Cookies

If You prefer to avoid the use of Cookies on the Website, first You can tick the respective button of our Cookie banner. This will let You set up Your Cookie preferences. In addition, You may disable the use of Cookies in your browser and then delete the Cookies saved in your browser associated with this website. You may use this option for preventing the use of Cookies at any time.

If You do not accept Our Cookies, You may experience some inconvenience in your use of the Website and some features may not function properly.

If You’d like to delete Cookies or instruct your web browser to delete or refuse Cookies, please visit the help pages of your web browser.

For any other web browser, please visit your web browser’s official web pages.

4. How do we use Your Personal Data

a. When You request us to contact You

Via our website, You can request Us to contact You regarding questions, queries, comments or complaints. You can also contact Us by e-mailing Us using for example the contact details listed in this Privacy Policy or the button “Get in touch” on our Website. When You do so, We will collect the information that You fill out, including Your name, email address, your company’s website and your message to attend and manage Your requests. Therefore, We use this data for our legitimate interest of conducting business with You or to establish our future contract with You.

b. Data we process for marketing purposes

If you shared Your contact details with Us at some event or in any other way, We may use this information (for example, Your business card) to follow-up with You regarding Our services and Your questions. We rely upon Our legitimate interest of conducting business with You to process such Personal Data.

c. Data we collect automatically when You use this Website

When You access the Website, We may collect certain information automatically, including, the Usage Data, Cookies, and similar tracking technologies.

This information is collected for CBH’s legitimate interest to improve and to administer Our Service, including data analysis, troubleshooting, statistical and survey purposes.

You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some features of our Website. 

d. Data we collect as a chargeback prevention services provider

As a chargeback prevention services provider, We process some Personal Data of Customers, such as transaction data necessary to provide chargeback prevention services. We make these data available to Merchant through the Website so that it can prevent potential chargeback and for its customer support. 

Please note, that as a Controller, Merchant shall bear primary responsibility for the processing of Your Personal Data, including:

  • Ensuring the protection of Personal Data in accordance with applicable data protection regulations (e.g., the GDPR);
  • providing You with necessary information about the processing and the recipients of their Personal Data, such as CBH;
  • supporting the exercise of the rights of Customers under the applicable legislation, etc.

To the extent that We are acting as a Processor, We will process Your  Personal Data in accordance with the terms of Our agreement with Merchant and Merchant’s instructions.

5. Personal Data recipients 

a. Service Providers.

If necessary, we may share Your Personal Data with Service Providers to monitor and analyze the use of our Service, to store the Personal Data, to show advertisements to You, to help support and maintain Our Service, to contact You, etc. Our Service Providers include, but are not limited to, Google, Amazon, Getsitecontrol, and Third-Party Service Providers.We have concluded agreements with our Service Providers to protect Your Personal Data.

b. Business transfers.

If the Company is involved in a merger, acquisition, reorganization, assignment, transfer, change of control, or asset sale, Your Personal Data may be transferred to third parties in connection with such transaction. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

c. Affiliates.

We may share Your Personal Data with Our Affiliates, in which case we will require those Affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.

d. Business partners.

We may share Your information with Our business partners to offer You certain products, services or promotions.

e. Law enforcement.

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

f. Other legal requirements.

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to comply with a legal obligation, to protect and defend the rights or property of the Company, to prevent or investigate possible wrongdoing in connection with the Service, to protect the personal safety of Users of the Service or the public, to protect against legal liability.

6. Data retention

We will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. For example, We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

We will retain the Your Personal Data (e.g., transaction data) only to the extent and for such period as required by applicable laws and our legal agreement concluded with Merchant.

7. Data transfers

We will take all steps reasonably necessary to ensure that Your Personal Data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your Personal Data and other information.

Your Personal Data may be shared with other companies outside of the European Economic Area (“EEA”), when this is necessary for the purposes of providing Our Service. It may include the countries in which some of Our Affiliates and/or Service Providers are located, such as the United States. In case of such transfer we comply with applicable laws to provide an adequate level of data protection for the transfer of your Personal Data to third countries. We rely on Data Privacy Framework (for EU-US transfers) or Standard Contractual Clauses as approved by the European Commission in order to offer sufficient safeguards on data protection for the data to be transferred internationally.

8. Data Security

We put security at the forefront of business operations. The Company has implemented a range of technical and organizational measures appropriate to secure Your Personal Data in a manner that takes account of the potential risks for Your interests and rights:

  • Perimeter isolation between production, data and testing environments; 
  • Limited number of publicly accessible entry points;
  • Regular vulnerability scanning;
  • Production network perimeter scanning; 
  • Administrative access is allowed only through bastion sites; 
  • Personal data and card data is stored and processed only encrypted; 
  • Access to systems is differentiated by the roles 
  • Use of WAF to prevent threads from Top 10 OWASP; 
  • 24×7 anomalies monitoring; 
  • Regular revision of security rules.

Even though We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

9. Your rights

You may have the following rights with regard to Your Personal Data:

  • to obtain confirmation as to whether or not We process Your Personal Data, and, where that is the case, the information about such processing;
  • to request rectification of inaccurate Personal Data;
  • to request erasure of Your Personal Data in certain circumstances provided by law;
  • to restrict the processing, for example when the processing is unlawful;
  • to object to processing of Your Personal Data which is based on a legitimate interest;
  • to receive Your Personal Data We process in a structured, commonly used and machine-readable format and to transmit those data to another controller;
  • to withdraw any consent that was given at any time.

If you wish to exercise any of the rights set out above, please contact Us by email:

You also have the right to lodge a complaint with a supervisory authority of the country in which You live or work or the country in which We are located (Cyprus).

10. Children

Our Service does not address anyone under the age of 13, and we request that they not provide Personal Data through the Service. We do not knowingly collect Personal Data from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

11. California residents

a. Information on Our privacy practices.

You may find in this Privacy Policy and in Our Cookies Policy the information on Our privacy practices and access information as required by the California Consumer Privacy Act (“CCPA”), in particular the information about:

the categories of Personal Data to be collected;
the purposes for which the categories of Personal Data shall be used;
the categories of sources from which the Personal Data are being collected;
the categories of third parties with whom We may share Personal Data.

b. Access to Your Personal Data.

We may also provide You with specific pieces of Personal Data We has collected about You but no more than twice in a year. To obtain this information from Us, please send an email to which includes “Request for California Privacy Information” on the subject line and Your state of residence and email address in the body of your message. If You are a California resident, We will provide the requested information to You at your email address in response.

c. We do not sell Your Personal Data.

d. Your right to deletion.

You can request that We delete any Personal Data about You which We have collected from You, except for the cases explicitly provided for by the CCPA (e.g., when We need such data to detect security incidents, protect against illegal activity, comply with a legal obligation, etc).

e. Non-discrimination.

CHBH does not discriminate against You in case You exercise any of the consumer’s rights under this Privacy Policy and/or the CCPA in any way.

If you wish to exercise any of the rights set out above, please contact Us by email:

12. Links to third-party websites

Our Service may contain links to other websites that are not operated by Us. For example, social media buttons. If You click on a third-party link, You will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

13. Updates

We may update our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

14. Contact Us

If you have any comments or questions about this Privacy Policy or our data protection practices, You can contact us by email: