Legal

Privacy Policy

Effective Date: May 9, 2026 · Last updated: May 9, 2026

Plain English summary: ChargeGuard processes minimal data strictly for fraud detection. We do not sell your data, share it with advertisers, or use it for any purpose beyond protecting your store. Your customers' emails are never stored in plain text.

01 Who We Are

ChargeGuard ("we", "us", "our") provides a fraud detection API for WooCommerce stores. When you install our plugin, your store sends us checkout signals to assess fraud risk in real time.

For privacy questions: support@chargeguard.io

02 Data We Process

ChargeGuard processes two categories of data:

A. Store Owner Data (you)

Data	Purpose	Sold?
Email address	Account registration & communication	Never
Store URL	API key validation	Never
API usage logs	Service operation & abuse prevention	Never

B. Your Customers' Checkout Signals (processed, not stored in plain text)

Signal	How It's Handled	Sold?
IP address	Used for risk scoring, not linked to identity	Never
Email address	Hashed (SHA-256) before processing — original never stored	Never
Order total	Used as a fraud signal (unusually low amounts = bot indicator)	Never
Device fingerprint	Randomly generated per-session identifier, not tied to real identity	Never
BIN (first 6 digits of card)	Used to check card country vs. customer location — no full card data ever processed	Never

03 What We Never Collect

Full payment card numbers or CVV codes
Passwords or authentication credentials
Personal identity documents
Browsing history outside of checkout signals
Any data not listed in Section 02

04 How We Use This Data

We use collected data exclusively to:

Assess real-time fraud risk for checkout requests
Maintain and improve detection accuracy
Communicate with you about your account and the Service
Prevent abuse of the ChargeGuard API itself

We do not use your data or your customers' data for advertising, profiling, or any purpose unrelated to fraud detection.

05 Data Retention

Data Type	Retention Period
Checkout risk signals (IP, hashed email, device ID)	90 days, then permanently deleted
Store owner email & account data	Duration of account + 30 days after deletion request
API access logs	30 days for security monitoring

06 Third-Party Services

ChargeGuard uses the following third-party services to operate:

Cloudflare Turnstile — bot protection on our registration form. Cloudflare may process your IP and browser signals per Cloudflare's Privacy Policy.
Render.com — cloud hosting for our API. Data is processed on Render's infrastructure per Render's Privacy Policy.
Neon (PostgreSQL) — database hosting. Data is stored encrypted at rest.

No data is shared with these providers beyond what is necessary to operate the Service.

07 Your Rights

You have the following rights regarding your data:

👁

Access

Request a copy of data we hold about you

✏️

Correction

Request correction of inaccurate data

🗑

Deletion

Request deletion of your account and associated data

📦

Portability

Request your data in a machine-readable format

To exercise any of these rights, email support@chargeguard.io. We will respond within 30 days.

08 Security

We implement industry-standard security measures including:

TLS encryption for all data in transit
SHA-256 hashing for customer email addresses
Encrypted database storage
API key authentication for all plugin communications
HMAC request signing to prevent replay attacks

09 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered store owners by email at least 14 days before material changes take effect. The "Last updated" date at the top of this page will always reflect the most recent version.

10 Contact

For privacy questions or to exercise your rights:
support@chargeguard.io

← Back to ChargeGuard