Privacy and AI at Recharge
At Recharge, we are committed to handling our merchant's data with care and integrity. Our merchants and partners across the globe can trust that we have taken steps to comply with relevant privacy and AI laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the European Union AI Act. Read more about our practices and principles in the sections below.
- GDPR and CCPA Compliance
- EU AI Act Compliance
- Recharge - Data Processing Agreements (DPAs)
- Privacy and Data Protection FAQs
GDPR and CCPA Compliance
The European Union’s General Data Protection Regulation (“GDPR”) framework requires compliance from companies that sell to (and therefore process data of) EU customers. California's consumer privacy framework (e.g. CCPA and CPRA) requires compliance from companies that sell to (and therefore process data of) California customers. In these cases, as a service provider to companies that potentially sell to customers in the EU and California, Recharge activities help our merchants maintain compliance with these legal requirements.
To help our merchants maintain privacy compliance, Recharge has:
- Engaged external data privacy experts to assess Recharge’s compliance with privacy regulations.
- Incorporated required disclosures and concepts in Recharge’s Terms of Service, Privacy Policy, and Merchant Data Processing Agreement.
- Reviewed contractual agreements with vendors and processors with which Recharge does business to assess their compliance.
- Developed assessment processes to catch, evaluate, and mitigate security and privacy risks as they evolve.
- Evaluated Recharge’s data processing activities on behalf of its merchants.
EU AI Act Compliance
The European Union’s Artificial Intelligence Act (“EU AI Act”) requires compliance from entities outside the EU that use their own AI technologies in the EU.
Recharge now proudly offers the following services that employ the use of AI;
(Note: each feature's availability depends on the merchant’s Pricing Plan).
- Cancellation Prevention AI Insights (See Product Roadmap and Merchant Support Page)
- Failed Payment Recovery Powered by AI (See Product Roadmap and Merchant Support Page)
We have evaluated each feature for EU AI Compliance and are committed to continuing to watch for changes in this quickly developing area. The data used for these features is aggregated, anonymized, and does not contain personal data.
Recharge - Data Processing Agreements (DPAs)
Merchant DPAs
Recharge incorporates a DPA into its Terms of Service, in fulfillment of the requirement of Article 28(3) of the GDPR. Merchants agree to it by continuing to use Recharge’s services. Recharge’s DPA incorporates the latest Standard Contractual Clauses (SCCs), which permit the transfer of Merchant’s customer data outside the EU.
Vendor DPAs
Recharge performs a data and security assessment of all relevant vendor engagements. Where personal data is involved, Recharge confirms that an appropriate DPA is implemented as a part of the agreement. This fulfills the requirement of Article 28(3) of the GDPR.
Privacy and Data Protection FAQs
- What personal data does Recharge collect from merchants and why?
- What personal data does Recharge collect from merchant’s customers and why?
- Does Recharge handle payment processing directly?
- Where does Recharge store/save data?
- How does Recharge process data subject requests (for deletion or data access)?
- Does Recharge’s data processing activities involve automated decision-making?
- How does Recharge ensure personal information is transmitted and stored securely?
- Does Recharge currently “sell” data as defined by the CCPA?
- Have more questions?
What personal data does Recharge collect from merchants and why?
We collect your name, email, business address, phone number, and time zone. We require this information to provide you with our services, for example, to be able to contact you, properly show dates on your checkout, and correctly format invoice information.
We collect information about the Recharge hosted websites you visit, including how and when you visit and your network information (such as the IP address), in order to give you access to and improve our services.
We collect Personal Information on your customers that you share with us or that customers provide to us while shopping or during checkout. We use this information to provide you with our services and so that you can process orders.
What personal data does Recharge collect from merchant’s customers and why?
We collect each customer’s name, email address, shipping address, and billing address. We require this information in order to provide you and your customer with our services.
We collect each customer’s credit card or payment information. We require this information in order to bill your customer and fund your business.
When customers browse your checkout and create orders, we collect information about their computer and network traffic. We use this information for security purposes and to provide you and your customer with our services.
Does Recharge handle payment processing directly?
No. Payment processing is handled directly by a payment processor (e.g. Stripe, Braintree) and we do not process payment information.
Where does Recharge store/save data?
All servers are in the US. Specifically, our data is hosted in Google Cloud Platform (GCP) with production data being in the U.S.-East region and backup facilities in the U.S.-West region.
How does Recharge process data subject requests (for deletion or data access)?
Recharge receives and processes data subject requests (DSR) that merchants forward to Recharge. If you are a merchant, please direct any requests to honor your customer’s DSR requests to privacy@rechargeapps.com. If you are a merchant’s customer, please direct your data subject request directly to the relevant merchant.
Does Recharge’s data processing activities involve automated decision-making?
Yes. It is important to note that the data used for automated decisions is aggregated, anonymized, and does not contain personal data.
How does Recharge ensure personal information is transmitted and stored securely?
Please see our Recharge Trust Center to read about our security and compliance activities.
Does Recharge currently “sell” data as defined by the CCPA?
No.
Have more questions?
Many more details of how we handle personal information can be found in the following policies and agreements: