Founding cohort open — lock in 10% (half off) for your first 12 monthsApply →
Victava
Install on Stripe
Menu ↓

Privacy Policy

Last updated: 2026-06-28

1. Controller Identity

Victava operates this service and acts as the data controller for personal information processed through the platform. For any privacy-related questions or requests, contact us at privacy@victava.com.

2. Information We Collect

Victava collects information necessary to provide chargeback defense services. The categories of information we collect include:

  • Account information: Name, email address, and business details provided during registration.
  • Payment processor data: Dispute details, transaction records, and customer information accessed from Stripe and Shopify through OAuth-authorized integrations.
  • Evidence materials: Text, PDFs, and images uploaded or provided for use in dispute responses, stored in encrypted cloud storage and uploaded to Stripe at submission time.
  • Transaction history: For fraud disputes on Visa cards, we may analyze up to 300 prior transactions to find non-fraudulent purchase history that supports your case (Visa Compelling Evidence 3.0).
  • Usage data: Pages visited, features used, and interaction patterns within the platform.

3. How We Use Your Information

We use collected information to:

  • Process and respond to chargebacks on your behalf.
  • Gather and organize evidence from connected integrations for dispute responses.
  • Provide analytics and insights about dispute outcomes.
  • Communicate important updates about your disputes and account.
  • Improve the service, including refining evidence evaluation and rebuttal quality.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process personal data under the following legal bases:

  • Contract performance: Processing necessary to deliver the chargeback defense service you have signed up for.
  • Legitimate interest: Service improvement, security monitoring, and fraud prevention, balanced against your privacy rights.
  • Consent: OAuth authorization you grant when connecting third-party integrations such as Stripe and Shopify.

5. Sub-Processors

We use the following sub-processors to deliver and operate our service. Each sub-processor accesses only the data necessary for its stated purpose:

Sub-ProcessorPurpose
Cloud database & authentication providerSecurely stores your account data and signs you in
StripePayment data access and dispute evidence submission
ShopifyOrder and fulfillment data access
AI evaluation providerAI-powered evidence evaluation and rebuttal drafting
Application hosting providerRuns and serves the application
Background processing providerRuns background dispute-processing jobs
Rate-limiting providerProtects the service from abuse

6. Data Retention

We retain your data according to the following schedule:

  • Dispute data: Retained for 6 months after last activity on the dispute, then permanently deleted.
  • Account data: Deleted within 30 days of a deletion request.
  • API credentials: Purged immediately when you disconnect an integration.

7. Your Rights

GDPR Rights (EEA Residents)

If you are located in the European Economic Area, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Delete your personal data.
  • Port your data to another service in a machine-readable format.
  • Restrict processing of your data in certain circumstances.
  • Object to processing based on legitimate interest.
  • Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

CCPA Rights (California Residents)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose.
  • Delete personal information we hold about you.
  • Non-discrimination for exercising your privacy rights.

To exercise any of these rights, contact us at privacy@victava.com.

8. Cookies

Victava uses session cookies for authentication purposes only. We do not use tracking cookies, analytics cookies, or any third-party advertising cookies.

9. International Data Transfers

Your data is processed in the United States. If you are located in the European Union or other regions with data transfer restrictions, we rely on Standard Contractual Clauses approved by the European Commission to ensure adequate protection for your personal data.

10. Security Measures

We implement the following measures to protect your data:

  • TLS encryption for all data in transit.
  • Encrypted vault storage for API credentials and access tokens.
  • Strict data isolation ensuring your data is locked to your own account and never reachable by another customer.
  • Scoped, least-privilege access to connected services, using read-only permissions where possible.

11. Changes to This Policy

We may update this privacy policy from time to time. For material changes, we will notify you via email at the address associated with your account before the changes take effect.

12. Contact

For privacy-related inquiries, data subject requests, or concerns about our data practices, contact us at privacy@victava.com.