Privacy Policy

Last updated: 10/20/2025

Introduction

At ProofReturn, we take your privacy seriously. This policy describes how we collect, use, and protect your information when you use our dispute packet generation service.

Effective Date: October 15, 2025
Last Modified: 10/20/2025

Information We Collect

Information You Provide

• Account information: Email address, Firebase authentication credentials
• Transaction details: Order IDs, dates, amounts, payment processor information
• Customer information: Names, addresses, IP addresses related to disputed transactions
• Evidence files: Delivery confirmations, screenshots, transaction logs, and other supporting documents
• Payment information: Billing details processed by Stripe (we do not store full credit card numbers)

Automatically Collected Information

• Authentication data: Firebase Auth user ID and login timestamps
• Session cookies: Essential cookies for maintaining your login session
• Usage data: Pages visited, features used, and service interactions
• Technical data: Browser type, device information, IP address, and operating system
• Analytics: Anonymized usage patterns and performance metrics (via PostHog or similar)

How We Use Your Information

We use your information solely to:

• Generate your dispute response packets
• Process payments and manage your credits
• Send optional email notifications
• Improve our service through anonymized analytics

Data Storage and Security

• All files are stored in Firebase Storage with encryption at rest
• Your dispute packets are securely stored and accessible from your dashboard
• You can delete individual packets at any time from your dashboard
• We never share your data with third parties
• We never use your data to train AI models
• Payment processing is handled securely by Stripe

Data Retention

We retain your data for the following periods:

• Account data: Until you request account deletion
• Generated packets: Indefinitely or until you delete them from your dashboard
• Payment records: 7 years for tax and accounting compliance
• Evidence files: Until you delete the associated packet
• Analytics data: Up to 24 months in anonymized form

Your Privacy Rights

Depending on your location, you may have the following rights:

All Users

• Access: Request a copy of your personal data
• Deletion: Request deletion of your account and data via your account settings
• Export: Download your generated packets at any time
• Correction: Update your account information

GDPR Rights (EU/EEA/UK Users)

• Portability: Receive your data in a machine-readable format
• Restriction: Request restriction of processing
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time (does not affect prior processing)
• Lodge a Complaint: File a complaint with your local data protection authority

CCPA Rights (California Residents)

• Know: Know what personal information we collect and how it's used
• Delete: Request deletion of your personal information
• Opt-Out: Opt out of the "sale" of personal information (we do not sell your data)
• Non-Discrimination: Not be discriminated against for exercising your rights

To exercise your rights, email us at privacy@infinitegrowventures.com or use the account deletion feature in your account settings.

Cookies and Tracking

Essential Cookies

We use essential cookies to maintain your session, authentication state, and link you to your purchases. These cookies are necessary for the service to function.

Analytics Cookies

We use analytics tools (PostHog) to understand how users interact with our service. You can opt out of analytics tracking in your browser settings or by using Do Not Track signals.

Third-Party Services

We use the following third-party services that may collect or process your data:

• Stripe: Payment processing (Privacy Policy)
• Firebase/Google Cloud: Authentication, database, and file storage (Privacy Policy)
• SendGrid: Transactional email delivery (Privacy Policy)
• PostHog: Product analytics (Privacy Policy)

International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses approved by the European Commission.

Data Security

We implement industry-standard security measures including:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for stored files
• Access controls and authentication
• Regular security audits
• Secure payment processing via PCI-DSS compliant providers

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of discovery.

Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

California Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

Do Not Track

We respect Do Not Track (DNT) browser signals. When DNT is enabled, we will not collect analytics data from your browser.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated "Last Modified" date. For significant changes, we may provide additional notice (such as an email notification).

Contact Us

If you have questions about this privacy policy, please contact us at support@infinitegrowventures.com