Privacy Policy

Last updated: April 2026 · Fincoro Limited

1. Who we are

ChargeMate is operated by Fincoro Limited, a company registered in England and Wales, with its registered office at 61 Bridge Street, Kington, HR5 3DJ.

We provide an AI-powered chargeback response generation service. When you use ChargeMate, Fincoro Limited acts as the data controller for your personal data.

If you have any questions about this policy, contact us at disputes@chargemate.tech.

2. Data we collect

Account data

  • Email address — used to create and manage your account.
  • Business name and description — optionally provided in your profile, used to personalise AI responses.
  • Website URL and business type — optional profile fields.

Dispute data

  • Chargeback details you enter: reason code, transaction amount, payment processor, dispute description.
  • Uploaded evidence files: screenshots, invoices, receipts, PDFs, and other documents you attach to a case.
  • AI-generated draft responses and evidence text.

Usage data

  • Number of AI generations used per month (for billing purposes).
  • Timestamps of key actions (e.g. last active, case created).

Payment data

Subscription payments are processed by Stripe. We do not store your card number or full payment details — only subscription status and plan information.

3. How we use your data

  • To provide the service — we pass your dispute details and uploaded files to our AI provider (Anthropic) to generate chargeback responses.
  • To manage your subscription — track usage, enforce plan limits, and process payments via Stripe.
  • To improve the service — aggregate, anonymised usage statistics help us understand how ChargeMate is used. We do not use your dispute content for AI training.
  • To communicate with you — transactional emails (e.g. account confirmation, billing notices). We will not send marketing emails without your consent.

4. Legal basis for processing (GDPR)

We process your data under the following legal bases:

  • Contract performance — processing necessary to deliver the service you signed up for.
  • Legitimate interests — improving service quality, preventing fraud and abuse.
  • Legal obligation — where required by applicable law.
  • Consent — for any optional communications or features where we ask for your permission.

5. Third-party services

We share data with the following sub-processors:

ProviderPurposeLocation
SupabaseDatabase, authentication, file storageEU / US
AnthropicAI response generation (Claude)US
StripeSubscription billing and paymentsUS
VercelApplication hosting and CDNUS / EU

Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses).

6. Data retention and storage

  • Your account data is retained for as long as your account is active.
  • Uploaded evidence files are stored in Supabase Storage and remain accessible to you until you delete them or close your account.
  • AI-generated drafts are stored per case and can be deleted by you at any time.
  • Usage logs are retained for up to 12 months for billing verification.
  • On account deletion, all personal data and files are permanently deleted within 30 days.

7. Your rights (GDPR)

As a data subject, you have the following rights:

  • Right of access — request a copy of the data we hold about you.
  • Right to rectification — correct inaccurate or incomplete data.
  • Right to erasure — request deletion of your account and all associated data.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to restrict processing — ask us to pause processing your data in certain circumstances.
  • Right to object — object to processing based on legitimate interests.

To exercise any of these rights, email disputes@chargemate.tech. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

8. Cookies

We use only essential cookies required for authentication (Supabase session cookies). We do not use advertising or tracking cookies.

9. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256 via Supabase). Access to your data is protected by row-level security — no other user can access your cases or files. We conduct regular security reviews.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or a notice in the app. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

Fincoro Limited
61 Bridge Street, Kington, HR5 3DJ
England, United Kingdom
disputes@chargemate.tech