Legal

Privacy Policy

Last Updated: 06/01/2025

1. Introduction

Refundit (“we,” “us,” or “our”) is a product of ProxyGist, LLC, a Missouri limited liability company. This Privacy Policy explains how ProxyGist, LLC collects, uses, and protects your data when you use the Refundit platform.

2. Information We Collect

We collect the following types of personal data, depending on how you interact with Refundit:

  • Information You Provide
    • Full name, email address
    • Refund-related details (e.g., company name, payment method, refund reason)
    • Complaint history or tone preferences (e.g., firm, aggressive)
    • Submitted form data (Tally forms, follow-up forms, complaint data)
  • Automatically Collected Data
    • Device type, browser, operating system
    • IP address and geolocation (approximate)
    • Site usage behavior (via tools like Plausible Analytics or similar)
    • Referral URLs and session timestamps
    • We do not collect biometric data, voice recordings, or detailed behavioral profiling beyond standard website analytics.
  • Payment Information
    • We use Stripe to process payments. Refundit does not store full payment card details. Stripe’s privacy policy governs their collection and use of payment data.

3. How We Use Your Information

We use your information to:

  • Deliver refund message templates and strategy outputs
  • Provide access to tools like the Refund Contact Finder and Complaint Kit
  • Track token usage and enforce fair usage limits
  • Fulfill purchase transactions and send service-related emails
  • Monitor abuse patterns and protect system integrity
  • Improve our services and develop future features

While we do not use your personal information to train or improve our AI models, we do process your submitted case details through AI systems to generate personalized refund messages. This processing occurs in real-time and inputs are not retained for model training purposes.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using personal data includes:

  • Consent: When you provide data voluntarily (e.g. submitting a form)
  • Contract: To deliver services you request (e.g. a purchased refund template)
  • Legal Obligation: To comply with regulatory requirements
  • Legitimate Interest: To monitor platform security and performance

5. Data Sharing and Third Parties

We do not sell your personal information.

We share data only with trusted processors to operate our service:

PartnerPurpose
SupabaseSecure data storage
StripePayment processing
ResendEmail delivery
Tally.soForm intake and submission
Cloudflare / CarrdHosting, performance, firewall services
OpenAI/AnthropicAI content generation (no data retention per their enterprise agreements)

All third-party services are bound by data processing agreements and are required to comply with industry-standard security practices.

Our AI providers operate under strict data processing agreements that prohibit them from using your inputs for training or other purposes.

6. Data Retention

We retain your personal information:

  • For as long as necessary to provide you services
  • As required to comply with our legal, regulatory, and security obligations
  • For a limited period thereafter to prevent fraud, abuse, or duplicate usage

We retain case submission data for 12 months after service delivery, payment records for 7 years as required by law, and account information until deletion is requested or the account is inactive for 24 months.

You may request deletion of your personal data at any time (see Section 9).

7. Cookies and Analytics

Refundit uses privacy-respecting analytics platforms (such as Plausible Analytics) that do not use cookies or store personal identifiers.

We do not use third-party advertising cookies.

Session-based tokens or browser-local data may be used for gating access to features like RCF.

8. Data Security

We take reasonable administrative, technical, and physical precautions to protect your data:

  • End-to-end encryption between client and server
  • Role-based access controls
  • API token protection and rate-limiting
  • Routine monitoring for suspicious access patterns

Despite our efforts, no transmission or storage system is completely secure.

9. Your Rights (GDPR / CCPA / CPRA)

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Request correction or deletion
  • Restrict or object to certain types of processing
  • Request a copy of your data in portable format
  • Opt out of the sale or sharing of personal data (we do not sell data)

California residents have additional rights under CCPA/CPRA, including the right to know what personal information is sold or shared, and the right to limit use of sensitive personal information. As we do not sell personal information, these rights primarily relate to access and deletion requests.

To exercise your rights, email us at [email protected]. We will respond within the timeframes required by law.

10. Children’s Privacy

Refundit is not intended for users under 18. We do not knowingly collect data from minors. If we discover that a minor has submitted personal data, we will delete it promptly.

11. International Use

Refundit is operated from the United States. By using our services, you consent to your data being transferred to and processed in the U.S., even if you reside outside of it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted with a revised date. Continued use of our service constitutes your acceptance of any changes.

13. Data Minimization

We collect only the minimum personal information necessary to provide our services. We do not collect sensitive personal information such as Social Security numbers, financial account details (beyond what Stripe requires for payment), or health information unless specifically relevant to your refund case.

14. Data Breach Notification

In the event of a data breach that may affect your personal information, we will notify affected users within 72 hours of discovery and provide details about what information was involved and steps being taken to address the breach.

15. Contact Us

If you have any questions about this Privacy Policy or your data rights, contact us at: [email protected]

Response Time: We respond to privacy requests within 30 days

© Refundit 2025. All rights reserved.

Back to Top