ChargeWipe Privacy Policy

1. INTRODUCTION

This Privacy Policy (hereinafter, the "Policy") sets forth the formal data protection and privacy practices of ChargeWipe (hereinafter, "ChargeWipe," "we," "us," or "our"). ChargeWipe provides Software-as-a-Service (SaaS) solutions via a secure cloud-based portal, engineered to assist merchants in mitigating payment risk and safeguarding processing channels. Our proprietary services encompass fraud detection, chargeback prevention utilizing early-warning alerts (including RDR, CDRN, and Ethoca), and friendly-fraud prevention mechanisms that yield risk scores and actionable recommendations (collectively, the "Services").

We hereby affirm our institutional commitment to safeguarding the privacy and security of the Personal Data entrusted to us. This Policy governs the collection, processing, transfer, and retention of Personal Data across our global operations, ensuring strict adherence to applicable statutory frameworks. Should you require clarification regarding the stipulations contained herein, you shall direct your inquiries to our designated privacy contact at support@chargewipe.com. This Policy applies to all users, merchants, and visitors accessing the ChargeWipe platform and website.

We are committed to fully complying with all applicable legal and regulatory requirements regarding personal data. If mandatory laws or regulations require processing beyond the scope of this Privacy Policy, we will adjust our practices accordingly to meet those obligations

2. WHAT WE COLLECT & WHY

The Company is the data controller in respect of the Personal Data.

ChargeWipe shall collect and process specific categories of Personal Data to effectuate the delivery of our Services. The collection of such data is categorized by the method of acquisition and the corresponding legal basis for processing.

2.1. Information Provided Directly by You

In the course of establishing an account and utilizing the Services, you shall be required to furnish specific information. This includes your name, email address, account preferences, and payment information. We require this data to provision your account, process financial transactions, and deliver the contracted risk-mitigation alerts.

• Legal Basis: Processing is necessary for the performance of a contract to which you are a party, and in certain instances, based upon your explicit consent.

2.2. Information Collected Automatically

Upon your access to and utilization of the ChargeWipe platform, we systematically record specific data points. This encompasses usage analytics, cookies and tracking data, device information, and technical logs. The automated collection of this data is imperative for monitoring system performance, ensuring platform security, and optimizing the user experience.

• Legal Basis: Processing is necessary for the purposes of our legitimate interests in maintaining a secure, functional, and efficient SaaS infrastructure.

2.3. Information Acquired from Third Parties

To facilitate comprehensive fraud detection and payment processing, ChargeWipe integrates with third-party financial entities, such as VISA, Mastercard. We may receive transaction statuses, payment verification data, and dispute notifications from these entities.

• Legal Basis: Processing is necessary for the performance of a contract and furthers our legitimate interests in executing chargeback prevention protocols.

3. HOW WE USE YOUR INFORMATION

ChargeWipe shall process your Personal Data strictly for defined, explicit, and legitimate purposes. We hereby declare that your information shall be utilized in the following manner:

• Core Service Delivery: To administer our SaaS solutions, process financial transactions, and deliver RDR, CDRN, and Ethoca alerts. (Legal Basis: Contract)

• Service Improvement and Personalization: To analyze usage analytics and technical logs for the purpose of refining our risk scoring algorithms and enhancing platform functionality. (Legal Basis: Legitimate Interest)

• Communication: To transmit administrative notices, service updates, and account-related alerts. (Legal Basis: Contract and Consent)

• Security and Fraud Prevention: To monitor access controls, authenticate users, and protect our processing channels against unauthorized or malicious activities. (Legal Basis: Legitimate Interest)

• Legal Compliance: To satisfy regulatory obligations, respond to lawful subpoenas, and maintain legally mandated financial records. (Legal Basis: Legal Obligation)

• Marketing: To disseminate promotional materials and marketing communications, provided you have not opted out of such distributions. (Legal Basis: Consent)

4. WHEN WE SHARE YOUR INFORMATION

ChargeWipe maintains a strict policy of data minimization regarding third-party disclosures. We shall only disclose your Personal Data under the following circumscribed conditions:

• Essential Service Providers: We engage specialized third-party vendors to facilitate our operations. Your data shall be shared with our cloud hosting provider (AWS) and our payment processors (VISA, Mastercard) strictly for the purpose of rendering the Services.

• Legal Requirements: We shall disclose Personal Data to law enforcement, regulatory authorities, or judicial bodies when formally compelled by a valid legal mandate, subpoena, or court order.

• Business Transitions: In the event of a merger, acquisition, reorganization, or sale of all or a portion of our assets, user data shall constitute a transferred asset, subject to the surviving entity's adherence to this Policy.

• With Your Consent: We may share your data with other third parties upon obtaining your prior, explicit, and informed consent.

Notwithstanding the foregoing, ChargeWipe hereby expressly warrants that we never sell your personal data to third parties for monetary or other valuable consideration.

5. YOUR PRIVACY RIGHTS

Subject to applicable jurisdictional frameworks—including the EU General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act 2018, the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), the Personal Information Protection and Electronic Documents Act (PIPEDA), and all applicable US State Privacy Laws (including VCDPA, CPA, and CTDPA)—you are vested with comprehensive rights regarding your Personal Data.

• Right to Access: You may request a formal disclosure of the Personal Data we process concerning you. We shall fulfill such requests within the statutorily mandated timeframes.

• Right to Rectification: You possess the right to mandate the correction or updating of any inaccurate or incomplete Personal Data maintained within our systems.

• Right to Erasure (Deletion): You may request the deletion of your account and associated Personal Data, subject to our retention obligations for legal and financial compliance.

• Right to Data Portability: You may request a copy of your Personal Data in a structured, commonly used, and machine-readable format for transmission to another controller.

• Right to Opt-Out: You may at any time opt out of receiving marketing communications by utilizing the unsubscribe mechanism provided in such correspondence.

• Right to Withdraw Consent: Where processing is predicated upon consent, you may withdraw such consent at any time; however, such withdrawal shall not affect the lawfulness of processing executed prior to the withdrawal.

• Right to Lodge a Complaint: You maintain the right to file a formal grievance with the competent data protection supervisory authority within your respective global jurisdiction.

To exercise any of the aforementioned rights, you shall submit a formal request to support@chargewipe.com.

6. DATA SECURITY

Given the enhanced data risk level inherent in processing financial and fraud-prevention data, ChargeWipe has implemented a rigorous, balanced-tolerance security architecture. Our security protocols are designed in alignment with SOC 2 and ISO 27001 standards.

We employ robust technical and organizational measures to safeguard your data, including SSL/TLS Encryption for data in transit, Data Encryption at Rest, mandatory Two-Factor Authentication (2FA) for system access, and strict internal Access Controls. Notwithstanding these comprehensive measures, ChargeWipe acknowledges that no method of electronic transmission or cloud storage is unequivocally secure. We do not warrant absolute security.

Users are hereby instructed to maintain the confidentiality of their credentials and utilize secure devices when accessing the platform. In the event of a confirmed data breach compromising your Personal Data, ChargeWipe shall execute breach notification procedures in strict accordance with applicable statutory timelines and regulatory requirements.

7. DATA RETENTION

ChargeWipe shall retain your Personal Data only for the duration necessary to fulfill the purposes articulated in this Policy. Our retention schedules are governed by the following principles:

• Active Account Data: As a general operational standard, we retain your Personal Data, device information, and account preferences until account deletion. Upon the execution of an account deletion request, active processing shall cease.

• Financial Records: Notwithstanding an account deletion request, payment information and transaction histories shall be retained for a period of up to five (5) years to satisfy mandatory tax, accounting, and anti-money laundering (AML) legal obligations.

• Marketing Preferences: Data utilized for marketing purposes shall be retained until such time as you withdraw your consent or opt out.

• Technical Logs: System and security logs are retained for a rolling period of twelve (12) months to facilitate security audits, investigate anomalies, and ensure platform integrity.

8. COOKIES & TRACKING

The ChargeWipe platform utilizes cookies, web beacons, and analogous tracking technologies to ensure the proper functioning of our SaaS portal, authenticate user sessions, and aggregate usage analytics.

We deploy essential cookies, which are strictly necessary for the operation of the platform, as well as analytical cookies to evaluate system performance. You maintain the authority to manage or disable non-essential cookies through your browser settings; however, you are hereby advised that disabling essential cookies shall materially impair your ability to access and utilize the Services. Where third-party integrations (such as Stripe) deploy cookies for fraud prevention during the checkout process, such deployment is governed by the respective third party's privacy documentation.

9. CHILDREN'S PRIVACY

The ChargeWipe Services are exclusively designed for and directed toward adult professionals and commercial merchants. We do not intentionally or knowingly collect Personal Data from individuals who have not reached the legal age of majority in their jurisdiction of residence. Should we become aware that a minor has transmitted Personal Data to our platform without verified parental or guardian consent, we shall take immediate and unilateral action to expunge such data from our systems.

10. INTERNATIONAL TRANSFERS

Personal Data about You may be transferred to a third country (i.e., jurisdictions other than the one in which You reside) or to international organizations. In such circumstances, ChargeWipe shall implement appropriate safeguards to ensure the protection of Personal Data about You and to provide that enforceable data subject rights and effective legal remedies are available.

If You are an EEA resident, please note that these safeguards and protections will apply if any of the following conditions are met:

10.1. The transfer is to a third country or an international organization that the EU Commission has determined provides an adequate level of protection for Personal Data pursuant to Article 45(3) of Regulation (EU) 2016/679 (“GDPR”).

10.2. The transfer is carried out under a legally binding and enforceable instrument between public authorities or bodies pursuant to Article 46(2)(a) of the GDPR.

10.3. The transfer is made in accordance with standard data protection clauses adopted by the EU Commission pursuant to Article 46(2)(c) of the GDPR. The clauses adopted by the EU Commission can be viewed at: EU Commission Model Clauses.

10.4. ChargeWipe applies appropriate technical and organizational safeguards to maintain a level of security proportionate to the risks associated with processing Personal Data. These measures are designed to protect against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Personal Data that is transmitted, stored, or otherwise processed. While we strive to uphold strong protections, no system can be guaranteed free from security incidents.

In certain circumstances, we may be legally required or otherwise compelled to disclose Personal Data to third parties, including public authorities. Where such disclosures occur, ChargeWipe has limited influence over the protections applied by those recipients.

Please note that any transfer of Personal Data over the internet carries inherent risks. As such, ChargeWipe cannot provide an absolute assurance of security for data transmitted electronically to our systems.

You may request that ChargeWipe provide You with details concerning the safeguards employed to protect Personal Data transferred to a third country or an international organization by sending an email to: support@chargewipe.com.

11. CHANGES TO THIS POLICY

ChargeWipe reserves the right to amend, modify, or update this Policy at our sole discretion to reflect changes in our operational practices or statutory obligations.

In the event of a material modification to this Policy, we shall provide formal notice to active users via the email address associated with their account or through a prominent administrative alert within the SaaS portal prior to the effective date of the changes. Continued utilization of the Services following the effective date of any such amendment shall constitute your acknowledgment and acceptance of the revised Policy. The most current iteration of this Policy shall always be accessible via our website.

12. CONTACT US

Should you have any formal inquiries, legal notices, or requests pertaining to this Privacy Policy or our data processing activities, you are instructed to contact us through the following official channels:

• Privacy Inquiries: support@chargewipe.com

• Website: https://www.chargewipe.com

ChargeWipe is committed to acknowledging and responding to all legitimate privacy inquiries within the timeframes mandated by applicable data protection laws.

Effective Date: 2026/06/17

Revised Date: 2026/06/17