Privacy Policy

Last updated: April 20, 2026

This Privacy Policy describes how JB Technology LLC ("WinBack," "we," "us," or "our") collects, uses, and shares information when you install and use the WinBack Stripe App (the "App") and the related website at winbackpay.com(together, the "Service").

WinBack is designed with a simple privacy posture: we process the minimum amount of information needed to help merchants win chargeback disputes. In particular, we do not store the evidence files that merchants submit to Stripe.

1. Information we collect

Information we receive from Stripe

When you install the App in your Stripe Dashboard, Stripe authenticates you and grants WinBack access to a defined set of API scopes. Using those scopes, we receive:

  • Your Stripe account identifier and the email address Stripe associates with your account
  • Dispute records, including reason codes, amounts, deadlines, and status
  • Charge, customer, and payment intent metadata associated with those disputes (for example, amount, currency, timestamps, and customer identifiers that Stripe returns to us)
  • Identifiers for evidence files you upload through the App (see below)

Information you provide directly

  • Dispute narrative text that you type, edit, or accept from the AI-generated draft
  • Checklist notes, feedback on AI output, and any other input you provide within the App
  • Support correspondence you send to support@winbackpay.com or through any other channel
  • Waitlist sign-ups and contact forms submitted through winbackpay.com

Information collected automatically

  • Usage telemetry (which pages you view, which actions you take, how long operations take) so we can improve the product
  • Error and performance events captured by our monitoring provider (Sentry), which may include IP address, browser type, and technical diagnostic data
  • Standard server logs (request paths, timestamps, response codes)

2. What we do not collect or store

We want to be explicit about the data that WinBack deliberately avoids touching:

  • We do not store your evidence files. When you upload a receipt, shipping document, screenshot, or other file to support a dispute, the file travels directly from your browser to the Stripe Files API. WinBack receives only the Stripe-issued file identifier, the file name, size, and MIME type. The actual file contents never reach WinBack servers.
  • We do not collect cardholder or PCI-scoped data. Card numbers, CVVs, and other payment-account data remain inside Stripe. WinBack is not a payment processor and does not touch card data.
  • We do not sell personal information.We do not rent, sell, or trade your data or your customers' data to third parties.

3. How we use information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Generate AI-drafted dispute narratives, which are produced by Anthropic's Claude models based on the dispute facts and evidence metadata you provide
  • Show you dispute guidance, win-rate statistics, and account-specific dashboards
  • Send you operational notices, billing receipts, and account alerts
  • Respond to support requests and feedback
  • Detect, investigate, and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

4. Subprocessors we use

We rely on a small set of vendors to operate the Service. Each is bound by its own data processing commitments and handles only the data needed for its role:

  • Stripe. Authentication, dispute management, file storage, and billing
  • Anthropic. AI narrative generation via the Claude API. Anthropic does not use your prompts or outputs to train its models
  • Supabase. Managed PostgreSQL database hosting for dispute metadata and account records
  • Vercel. Web hosting and edge compute for our website and API
  • Sentry. Error monitoring and performance tracing

If we add or replace a subprocessor that materially changes how your data is processed, we will update this policy and, where required, notify you in advance.

5. How we share information

We share information only in limited circumstances:

  • With the subprocessors listed above, solely to operate the Service
  • With Stripe, when you ask us to submit a dispute response on your behalf (your narrative and evidence file identifiers are transmitted to Stripe so the response can be filed)
  • With your consent, or at your direction, such as when you ask us to share dispute records with your accountant or counsel
  • To comply with a valid legal process, such as a subpoena or court order, or to protect our rights, property, or safety
  • In connection with a merger, acquisition, or sale of assets, in which case we will provide notice before your information is transferred and becomes subject to a different privacy policy

6. Data retention

We retain dispute metadata for as long as your account is active, and for a reasonable period afterward so that you can access historical records if you reinstall the App. We retain billing records and support correspondence for the period required by applicable tax, audit, and legal obligations.

Because we do not store evidence file contents, there is no evidence retention period on our side. Files you upload are held by Stripe according to Stripe's own policies.

7. Your rights and choices

Depending on where you live, you may have rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA") or other applicable privacy laws. These may include the right to:

  • Know what personal information we have collected about you and how we use it
  • Access or receive a copy of your personal information
  • Request deletion of your personal information
  • Request correction of inaccurate personal information
  • Opt out of the sale or sharing of your personal information (we do not sell or share personal information as those terms are defined under the CCPA/CPRA)
  • Not receive discriminatory treatment for exercising your privacy rights

To exercise any of these rights, email support@winbackpay.com. We may need to verify your identity before acting on a request. You may also authorize an agent to make a request on your behalf in accordance with applicable law.

8. Security

We protect the Service with industry-standard measures, including transport encryption (TLS), encryption at rest, least-privilege access controls, and authenticated API routes. We verify every request from the App using Stripe App signature verification, so untrusted traffic cannot reach merchant data.

No system is perfectly secure. If we become aware of a breach that affects your personal information, we will notify you and any required authorities in accordance with applicable law.

9. International users

WinBack is operated from the United States. If you use the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States. By using the Service, you acknowledge this transfer.

10. Children's privacy

The Service is intended for business use and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of the page. For material changes, we will provide additional notice, such as emailing you or displaying a notice inside the App. Your continued use of the Service after an update means you accept the revised policy.

12. Contact us

If you have questions about this Privacy Policy or how we handle your information, contact us at: