1. Who We Are
RefundPro ("we", "us", "our") is an automated refund management platform. Our data controller contact is available via support@refundpro.com.
2. Data We Collect
We collect: (a) Account data — name, email, phone number, job title. (b) Refund data — order references, transaction amounts, supporting attachments. (c) Technical data — IP address, browser type, session tokens, login timestamps. (d) Communication data — portal messages and support tickets.
3. How We Use Your Data
We process your data to provide the service, verify identity, process refund requests, send status notifications, improve the platform through aggregated analytics, and comply with legal obligations.
4. Legal Basis
Processing is based on: contract performance (to provide the service), legitimate interests (fraud prevention, security), legal obligation (audit records), and consent (marketing emails — withdrawable at any time).
5. Data Sharing
We do not sell your data. We share it only with: payment processors (refund disbursement), cloud hosting providers, email service providers (notifications), and law enforcement when legally required.
6. Data Retention
Account data is retained for 7 years after deletion for legal/audit obligations. Uploaded attachments are deleted 2 years after the associated refund request completes.
7. Your GDPR Rights
You have the right to access, rectify, erase, restrict, and port your data. Exercise these rights via Settings → Privacy or by emailing privacy@refundpro.com. You may also lodge a complaint with your supervisory authority.
8. Cookies
We use strictly necessary session cookies and optional analytics cookies. See our Cookie Policy for full details.
9. Security
We use bcrypt password hashing, CSRF protection, TLS encryption, and role-based access controls. Annual penetration testing is conducted.
10. Changes
Material changes are notified by email and in-app notification at least 30 days before they take effect.