Legal & Compliance

The Service intercepts dispute-related webhooks emitted by Stripe for the Merchant's connected Stripe account, aggregates evidence (including transaction metadata and, if authorized by Merchant, data from connected logistics or customer-relationship sources), assembles a structured rebuttal package, and submits the rebuttal through the Stripe Disputes API. The Service is software. We do not act as legal counsel, financial advisor, debt collector, or consumer reporting agency.

The Service connects to Merchant's Stripe account via Stripe OAuth. Merchant authorizes the Service, for the duration of the OAuth grant, to (a) read charge and dispute objects, (b) read shipping and customer metadata necessary to assemble rebuttals, and (c) write dispute evidence and rebuttal submissions through the Stripe Disputes API. The Service does not request, and Merchant does not grant, authority to issue refunds, transfer funds out of Merchant's Stripe balance other than the application fees described in Section 3, or otherwise move Merchant's funds. Merchant may revoke OAuth authorization at any time from Merchant's Stripe dashboard, which immediately terminates the Service's authority to act on Merchant's account.

Fees vary by tier as follows:

• Tier 1 (Essential): 25% success fee on the gross amount recovered on each dispute won by the Service. No monthly retainer.
• Tier 2 (Professional): 15% success fee plus a monthly retainer of US $1,497 (or US $1,272.45 per month equivalent if Merchant elects annual prepay, reflecting a 15% prepay discount).
• Tier 3 (Enterprise): 12.5% success fee plus a monthly retainer of US $4,997 (or US $4,247.45 per month equivalent under annual prepay). Tier 3 capabilities and any usage-based add-ons are set out in the separately executed Tier 3 Service Addendum.

Success fees are invoiced via Stripe Billing on each successfully resolved dispute. Retainers are invoiced monthly in advance, or annually in advance if Merchant elects prepay. Merchant acknowledges that Stripe Billing governs collection mechanics and that Merchant retains all rights to dispute charges with Stripe in accordance with Stripe's rules. We will not attempt to collect a success fee on a dispute we did not win.

Dispute outcomes are determined by issuing banks, card networks, and Stripe under network operating rules. We do not control these decisions. We make no representation, warranty, or guarantee regarding any specific dispute outcome, win rate, or recovery amount. Any projections generated by the Service's calculator or audit tools are mathematical models based on Merchant-supplied inputs and do not constitute a forecast, audit opinion, or financial guarantee.

The Service generates and submits dispute rebuttal materials based on Merchant data. This activity is not the practice of law. We are not a law firm. No attorney-client relationship is created by use of the Service. Merchant is solely responsible for determining whether the Service's output is appropriate for any specific dispute and for compliance with all laws applicable to Merchant's business.

To the maximum extent permitted by law, our aggregate liability arising out of or related to this Agreement will not exceed the greater of (a) the total fees paid by Merchant to us in the twelve months preceding the event giving rise to the claim, or (b) one thousand US dollars ($1,000). We will not be liable for indirect, incidental, consequential, or punitive damages, including lost revenue or lost profits, even if advised of the possibility of such damages. Nothing in this section limits liability that cannot be limited under applicable law (including liability for fraud or willful misconduct).

This Agreement begins when Merchant connects a Stripe account and continues until terminated. Either party may terminate for any reason on thirty (30) days' written notice; we may terminate immediately for breach of the Acceptable Use Policy. Termination does not relieve Merchant of obligation to pay success fees on disputes already won at the time of termination. Sections 4, 5, 6, and 8 survive termination.

This Agreement is governed by the laws of the State of Utah, without regard to conflict-of-laws principles. Any dispute arising out of or related to this Agreement will be resolved by binding arbitration administered by JAMS in Salt Lake City, Utah, except that either party may seek injunctive relief in court for intellectual property claims. Class arbitration is not permitted.

For Personal Data of Merchant's end customers, Merchant is the Controller and we are a Processor (under GDPR) or a Service Provider (under CCPA/CPRA). We process end-customer Personal Data only on documented instructions from Merchant, including those instructions implicit in Merchant's use of the Service.

For each dispute, we may process: cardholder name, email, IP address, billing address, shipping address, order contents, transaction amount, device fingerprint data provided by Stripe, communications between Merchant and cardholder if Merchant connects an email or CRM source, and shipping/delivery confirmation data if Merchant connects a logistics source. We do not store full primary account numbers (PAN). PAN data is handled exclusively by Stripe.

We use the following sub-processors: Stripe, Inc. (payments and dispute API), DigitalOcean (compute and object storage), Cloudflare (network edge), and, for Merchants on Tier 3, Lob, Inc. (physical mail) and any third-party recovery vendor named in the Tier 3 Service Addendum. We will notify Merchant of any new sub-processor at least thirty days before onboarding, and Merchant may object on reasonable data-protection grounds.

Evidence files associated with a dispute are retained for up to 120 days following final adjudication of the dispute, after which they are deleted from our object storage. Aggregate, non-identifying performance metrics may be retained for service-improvement purposes. Merchant may request earlier deletion at any time by contacting privacy@disputepredator.com.

End customers (data subjects) have the rights granted by applicable law, including, where applicable, rights of access, rectification, erasure, restriction of processing, data portability, objection, and the right not to be subject to solely automated decision-making with legal or similarly significant effects. End customers should direct rights requests to the Merchant, who is the Controller. We will support Merchant in responding to such requests. End customers may also contact privacy@disputepredator.com directly; we will route the request to the appropriate Merchant.

Personal Data processed by us may be transferred to and stored in the United States. For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) and supplementary measures as required. The applicable SCCs are incorporated by reference and available on request.

We maintain technical and organizational measures appropriate to the risk, including encryption of Personal Data in transit using TLS 1.3 and at rest using AES-256-GCM (for credentials and tokens) and provider-side server-side encryption (for evidence files in object storage), least-privilege access controls with scoped object-storage credentials, comprehensive audit logging, and rotatable master keys for all Merchant credentials. We will notify Merchant without undue delay of any Personal Data breach affecting Merchant's data, and in any event within 72 hours of confirmation, with the information required by Article 33 GDPR (where applicable).

When a merchant's end customer initiates a chargeback or dispute on a transaction, our service receives data about that transaction from Stripe. We use that data solely to assemble and submit a rebuttal on behalf of the merchant. We do not sell, lease, or share end-customer Personal Data with third parties for marketing purposes and we do not use it to build commercial profiles for resale.

Notice for merchants integrating the service: You are the Controller of your end-customer data. You are responsible for disclosing in your own privacy policy that you use a third-party dispute defense service and that end-customer transaction data may be processed for fraud prevention and dispute resolution. Template language is available on request from privacy@disputepredator.com.

On Tier 2 and Tier 3 deployments, the service may cross-reference transaction data points (such as IP address, email, and shipping address) against fraud-signal feeds provided by recognized fraud-data vendors and against publicly available business records. The service does not scrape private social-media accounts, does not bypass platform terms of service to acquire data, and does not generate consumer credit reports as defined under the Fair Credit Reporting Act. Outputs of fraud-signal lookups are used solely as evidence in the rebuttal package and are not stored beyond the dispute's 120-day retention window.

For users who sign up as merchants, we process account identifiers, contact information, billing details, Stripe account identifiers, and usage telemetry. We use this data to operate the service, communicate about it, and meet our legal obligations.

The Dispute Predator website uses Vercel Analytics for aggregate, privacy-friendly traffic measurement. We do not use third-party advertising cookies.

Depending on your location, you may have rights to access, correct, delete, or port Personal Data we hold about you, and to object to or restrict certain processing. To exercise these rights, contact privacy@disputepredator.com. Merchants are reminded that, for end-customer data, the merchant is the primary point of contact under the Controller-Processor model in the DPA.

The service may not be used to:

• File rebuttals on transactions where the merchant has not actually shipped the goods or performed the services billed.
• File rebuttals containing fabricated evidence, altered delivery confirmations, or false business records.
• Defend transactions that violate Stripe's Restricted Business list or any applicable consumer protection law.
• Bulk-target consumers in a manner intended to harass or retaliate, rather than to assert legitimate rights to payment.

We reserve the right to suspend or terminate the service immediately if we have a reasonable, good-faith basis to believe Merchant is engaged in any prohibited activity. Where Stripe's Connect Platform Agreement requires us to report risk signals, we will do so. Termination for cause does not entitle Merchant to a refund of fees already paid for services already rendered.

The Tier 2 Professional Addendum is executed alongside the MSA upon application approval. It sets the success fee at 15% of recovered amounts and the monthly retainer at US $1,497 (or US $1,272.45 per month equivalent under annual prepay). It also includes (a) a dedicated integration engineer during onboarding, (b) priority webhook routing, and (c) access to fraud-signal and identity-verification capabilities as described in the Privacy Notice, Section 2.

Tier 3 is application-gated and requires a separately executed Service Addendum reviewed by both parties' counsel. Specific Tier 3 capabilities, applicable add-on fees, and associated obligations are disclosed under non-disclosure agreement during the Tier 3 onboarding scoping process. Capabilities are not active on any Merchant account without a countersigned Tier 3 Service Addendum on file. Tier 3 customers commit, at minimum, to a 12.5% success fee plus a US $4,997 monthly retainer (or US $4,247.45 per month equivalent under annual prepay), with usage-based add-ons set out in the executed Addendum.

Tier 3 indemnification, third-party-vendor selection responsibilities, and any operational details applicable to specific Tier 3 features are governed exclusively by the executed Service Addendum and are not summarized on this public page.