Legal

Privacy Policy

Effective Date: May 9, 2026 · Last updated: May 9, 2026

What this means for you — in plain English

We do not sell, share, or advertise with your data or your customers' data — ever. The only reason any data enters our system is to assess whether a checkout request is a bot. That is the beginning and end of what we do with it.

Your customers' email addresses are never stored in plain text. We hash them with SHA-256 before processing — the original address cannot be recovered from what we store, by us or anyone else.

Checkout signal data is deleted after 90 days. IP addresses, device identifiers, and hashed emails are purged on a rolling 90-day cycle. We retain only what we need, for as long as we need it.

01 Who We Are

ChargeGuard ("we", "us", "our") provides a fraud detection API for WooCommerce stores. When you install our plugin, your store sends us checkout signals to assess fraud risk in real time.

For privacy questions: support@chargeguard.io

02 What We Never Collect

Here is exactly what we do process, and why.

03 Data We Process

ChargeGuard processes two categories of data:

A. Store Owner Data (you)

DataPurposeSold?
Email addressAccount registration & communicationNever
Store URLAPI key validationNever
API usage logsService operation & abuse preventionNever

B. Your Customers' Checkout Signals (processed, not stored in plain text)

SignalHow It's HandledSold?
IP addressUsed for risk scoring, not linked to identityNever
Email addressHashed (SHA-256) before processing — original never storedNever
Order totalUsed as a fraud signal (unusually low amounts = bot indicator)Never
Device fingerprintRandomly generated per-session identifier, not tied to real identityNever
BIN (first 6 digits of card)Used to check card country vs. customer location — no full card data ever processedNever

04 How We Use This Data

We use collected data exclusively to:

We do not use your data or your customers' data for advertising, profiling, or any purpose unrelated to fraud detection.

05 Data Retention

Data TypeRetention Period
Checkout risk signals (IP, hashed email, device ID)90 days, then permanently deleted
Store owner email & account dataDuration of account + 30 days after deletion request
API access logs30 days for security monitoring

06 Third-Party Services

ChargeGuard uses three infrastructure providers to operate. The table below specifies exactly what data each one receives — nothing reaches any provider beyond what is listed here.

ProviderRoleData They ReceiveTheir Policy
Cloudflare Turnstile Bot protection on the registration form Your IP address and browser signals at the moment of registration. Not linked to your store or ongoing account activity. Cloudflare Privacy Policy
Render.com Cloud hosting for the ChargeGuard API All API request data passes through Render's infrastructure — this includes checkout signals sent by the plugin. Render processes this data on our behalf and is bound by data processing terms; they do not have independent rights to use it. Render Privacy Policy
Neon (PostgreSQL) Database hosting Store owner account data (email, store URL, API key) and hashed checkout signals. All data is encrypted at rest. Neon does not have access to the content of stored data. Neon Privacy Policy

07 Your Rights

You have the following rights regarding your data:

Access
Request a copy of data we hold about you
Correction
Request correction of inaccurate data
Deletion
Request deletion of your account and associated data
Portability
Request your data in a machine-readable format

To exercise any of these rights, email support@chargeguard.io. We will respond within 30 days.

08 Security

We implement industry-standard security measures including:

09 Service Continuity & Data in the Event of Shutdown or Acquisition

If ChargeGuard ceases operation or is acquired by another company, we will notify all registered store owners by email at least 30 days in advance.

If ChargeGuard is acquired, all store owner account data and checkout signal data will be permanently and irreversibly deleted before any transfer is finalized. The acquirer will receive no user data. If the service shuts down without an acquirer, the same applies: all data will be permanently deleted within 30 days of service termination. You will not need to take any action — deletion will happen automatically.

If you would prefer not to wait, you can request deletion of your data at any time by emailing support@chargeguard.io.

10 Do You Need to Update Your Own Privacy Policy?

When you install ChargeGuard, checkout signals from your customers pass through our API for fraud risk assessment. Depending on where your customers are located, this may affect your own privacy policy obligations.

If your store serves customers in the European Economic Area (GDPR): ChargeGuard acts as a data processor on your behalf under Article 28 of the GDPR. We offer a standard Data Processing Agreement (DPA) under Article 28 of the GDPR — email support@chargeguard.io to request one. You should disclose the use of third-party fraud detection tools in your store's privacy policy. We can provide suggested language on request.

If your store serves customers in California (CCPA): ChargeGuard does not sell or share customer data, which means our use does not trigger CCPA disclosure obligations under the "sale" definition. However, we recommend disclosing the use of fraud detection tools in your privacy policy as a matter of transparency.

If you're unsure: Email us at support@chargeguard.io. We'll give you a straight answer about what applies to your store, not a referral to a lawyer you didn't ask for.

11 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered store owners by email at least 14 days before material changes take effect. The "Last updated" date at the top of this page will always reflect the most recent version.

12 Contact

For privacy questions or to exercise your rights, email us at support@chargeguard.io — we read and respond to every message ourselves. If you want a faster answer, message us directly on Telegram at @ChargeGuardd.

— Amr, founder · support@chargeguard.io

← Back to ChargeGuard