At Recharge, we value privacy and handle personal information accordingly. Our merchants and partners across the globe can trust that we have taken steps to comply with relevant privacy standards and laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Read more about our practices and principles in the sections below.
GDPR and CCPA Compliance
The European Union’s General Data Protection Regulation (“GDPR”) framework requires compliance from companies that sell to (and therefore process data of) EU customers. California's consumer privacy framework (e.g. CCPA and CPRA) requires compliance from companies that sell to (and therefore process data of) California customers. In these cases, as a service provider to companies that potentially sell to customers in the EU and California, Recharge undertakes certain activities in order to help our merchants maintain compliance with these legal requirements.
Activities Undertaken for Privacy Compliance
To maintain privacy compliance, Recharge has;
- engaged external data privacy experts to assess Recharge’s compliance with privacy regulations,
- incorporated legal privacy language and concepts in Recharge’s Terms of Service, privacy policies, and Merchant Data Processing Agreement.
- reviewed contractual agreements with vendors and processors with which Recharge does business to assess their compliance,
- created and documented new procedures for our workflows,
- developed an assessment process to evaluate and mitigate security and privacy risks as they evolve, and
- evaluated Recharge’s data processing activities on behalf of its merchants.
Data Processing Agreements
Recharge incorporates a DPA into its Terms of Service, in fulfillment of the requirement of Article 28(3) of the GDPR. Merchants agree to it by continuing to use Recharge’s services. Recharge’s DPA incorporates the latest Standard Contractual Clauses (SCCs), which permit the transfer of Merchant’s customer data outside the EU.
Recharge performs a data and security assessment of all relevant vendor engagements. Where personal data is involved, Recharge confirms that an appropriate DPA is implemented as a part of the agreement. This fulfills the requirement of Article 28(3) of the GDPR.
Privacy and Data Protection FAQs
- What personal data does Recharge collect from merchants and why?
- What personal data does Recharge collect from merchant’s customers and why?
- Does Recharge handle payment processing directly?
- Where does Recharge store/save data?
- How does Recharge process data subject requests (for deletion or data access)?
- Does Recharge’s data processing activities involve automated decision-making?
- How does Recharge ensure personal information is transmitted and stored securely?
- Does Recharge currently “sell” data as defined by the CCPA?
- Have more questions?
What personal data does Recharge collect from merchants and why?
We collect your name, email, business address, phone number, and time zone. We require this information to provide you with our services, for example, to be able to contact you, properly show dates on your checkout, and correctly format invoice information.
We collect information about the Recharge hosted websites you visit, including how and when you visit and your network information (such as the IP address), in order to give you access to and improve our services.
We collect Personal Information on your customers that you share with us or that customers provide to us while shopping or during checkout. We use this information to provide you with our services and so that you can process orders.
What personal data does Recharge collect from merchant’s customers and why?
We collect each customer’s name, email address, shipping address, and billing address. We require this information in order to provide you and your customer with our services.
We collect each customer’s credit card or payment information. We require this information in order to bill your customer and fund your business.
When customers browse your checkout and create orders, we collect information about their computer and network traffic. We use this information for security purposes and to provide you and your customer with our services.
Does Recharge handle payment processing directly?
No. Payment processing is handled directly by a payment processor (e.g. Stripe) and we do not process payment information.
Where does Recharge store/save data?
All servers are in the US. Specifically, our data is hosted in Google Cloud Platform (GCP) with production data being in the U.S.-East region and backup facilities in the U.S.-West region.
How does Recharge process data subject requests (for deletion or data access)?
Recharge receives and processes data subject requests (DSR) that merchants forward to Recharge. If you are a merchant, please direct any requests to honor your customer’s DSR requests to firstname.lastname@example.org. If you are a merchant’s customer, please direct your data subject request directly to the relevant merchant.
Does Recharge’s data processing activities involve automated decision-making?
No, Recharge does not use data for automated decision-making.
How does Recharge ensure personal information is transmitted and stored securely?
Please see our Recharge Trust Center to read about our security and compliance activities.
Does Recharge currently “sell” data as defined by the CCPA?
Have more questions?
Many more details of how we handle personal information can be found in the following policies and agreements: