DoozyOrder Protection

Privacy Policy

Last updated: April 11, 2026

1. Introduction

This Privacy Policy explains how Doozy Order Protection ("Doozy," "we," "us," or "our") collects, uses, shares, and protects personal information in connection with our order-protection services, website (www.doozyorderprotection.com), WordPress plugin, merchant portal, and related tools (collectively, the "Service").

By accessing or using the Service in any capacity — whether as a merchant integrating our plugin or as an end user interacting with a protected order — you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described here, please do not use the Service.

2. Key Definitions

Throughout this Privacy Policy:

  • "Merchant" means a business or individual that installs and uses the Doozy plugin or merchant portal to offer order protection on their e-commerce store.
  • "End User" (also referred to as "Customer" or "Claimant") means a consumer who purchases goods from a Merchant's store and may interact with Doozy — for example, by opting in to order protection at checkout or filing a claim.
  • "Personal Data" means any information that identifies or could reasonably be used to identify a natural person, directly or in combination with other information.

3. Information We Collect

3.1 Merchant Data

When a Merchant registers for and uses the Service, we may collect:

  • Account and profile information — name, email address, phone number, postal address, and login credentials.
  • Business and store information — store name, store URL, business address, currency, timezone, and related e-commerce configuration.
  • Billing and payment information — billing contact details, payment-method identifiers (such as card brand and last four digits), and invoicing records. Full payment credentials are processed and stored by our third-party payment processor; Doozy does not store full card numbers.
  • Integration and technical data — API keys, webhook configuration, and plugin connection status necessary to operate the Service on the Merchant's store.
  • Team member information — if a Merchant invites additional users to their account, we collect names, email addresses, and roles of those individuals.

3.2 End User / Customer Data

When an End User interacts with the Service — whether opting in to protection at a Merchant's checkout, filing a claim, or tracking a claim — we may collect:

  • Contact information — name, email address, and phone number.
  • Shipping and billing address — as provided on the order.
  • Order and transaction information — order number, items purchased, quantities, prices, totals, currency, shipping details, protection fee, and order status.
  • Claims information — claim reason (for example, lost, damaged, or stolen), preferred resolution, free-text description, supporting evidence (photographs, documents, or other files uploaded by the End User), claim status, and related correspondence.
  • Technical and request metadata — IP address, browser user-agent string, and timestamps associated with claims submissions or website visits.

3.3 Website and Usage Data

When you visit our website, we may automatically collect standard usage data such as pages viewed, referring URLs, browser type, device information, and approximate location derived from your IP address.

4. Sources of Data

We receive personal data from the following sources:

  • Directly from you — when you register as a Merchant, configure your account, file or track a claim, contact us, or otherwise submit information through the Service.
  • From Merchant stores — order and customer data is transmitted to Doozy through the Merchant's e-commerce platform (for example, WooCommerce) when an order involving Doozy Order Protection is placed.
  • From third-party service providers — such as payment processors, email delivery providers, or hosting and infrastructure services, in the course of operating the Service.
  • Automatically — through cookies, server logs, or similar technologies when you use our website or interact with our Service.

5. How We Use Your Information

We process personal data for the following purposes:

  • Providing the Service — registering Merchant accounts, processing protection opt-ins, calculating protection fees, syncing order data, managing and resolving claims, processing refunds or reorders, and operating the merchant portal and claims portal.
  • Communication — sending transactional notifications related to orders, claims, account activity, and billing (for example, claim-status updates, invoice notifications, and password-reset emails).
  • Billing and payments — generating invoices, processing payments, managing revenue-share distributions, and maintaining financial records.
  • Service improvement — analysing usage patterns, monitoring performance, and developing new features to improve the Service.
  • Security and fraud prevention — detecting, investigating, and preventing fraudulent claims, unauthorised access, and other harmful activity.
  • Legal and compliance — complying with applicable laws, regulations, legal processes, or enforceable governmental requests, and enforcing our Terms of Service.

6. Lawful Bases for Processing (GDPR)

Where the General Data Protection Regulation (GDPR) or similar legislation applies, our processing of personal data relies on one or more of the following lawful bases:

  • Performance of a contract — processing that is necessary to deliver the Service to Merchants under our Terms of Service, or to process claims for End Users under the protection terms.
  • Legitimate interests — processing that supports our reasonable business interests, such as fraud prevention, service improvement, security, and internal administration, provided that those interests are not overridden by the rights and freedoms of the data subject.
  • Legal obligation — processing that is necessary to comply with a legal obligation to which we are subject.
  • Consent — where we rely on consent, you may withdraw it at any time by contacting us. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

7. How We Share Your Information

We do not sell personal data. We may share personal data in the following circumstances:

  • With Merchants — we share relevant order and claim information with the Merchant from whose store the order originated, to the extent necessary for claim investigation, resolution, and order fulfilment.
  • With service providers — we engage trusted third-party providers who assist us in operating the Service, including payment processing, email delivery, cloud hosting, and data storage. These providers process data on our behalf and under our instructions, subject to appropriate contractual safeguards.
  • For legal reasons — we may disclose personal data if required to do so by law, regulation, legal process, or a binding governmental request, or where disclosure is reasonably necessary to protect the rights, property, or safety of Doozy, our users, or the public.
  • Business transfers — in the event of a merger, acquisition, reorganisation, or sale of assets, personal data may be transferred as part of that transaction. We will provide notice before personal data becomes subject to a different privacy policy.

8. Doozy's Role in Data Processing

Doozy's role in relation to personal data depends on the context. In general, Doozy acts as a data controller for personal data that we collect and use for our own purposes — such as Merchant account information, claims management, and billing. Where Doozy processes End User personal data received from a Merchant's store in order to provide the protection service, the specific data-protection relationship between Doozy and the Merchant may depend on the nature of the processing and applicable law. Merchants who require a formal data-processing agreement should contact us at the address below.

9. International Data Transfers

Doozy operates globally and may transfer, store, and process personal data in countries other than the country in which the data was originally collected. Where personal data is transferred outside the European Economic Area, the United Kingdom, or another jurisdiction with data-transfer restrictions, we take steps to ensure that appropriate safeguards are in place — such as standard contractual clauses approved by relevant authorities, or reliance on an adequacy decision — to protect your data in accordance with applicable law.

10. Data Retention

We retain personal data only for as long as reasonably necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. In determining retention periods, we consider:

  • The nature and sensitivity of the data.
  • The purposes for which it was collected.
  • Applicable legal, accounting, tax, or regulatory requirements.
  • Whether an ongoing contractual or business relationship exists.

For example, claim-related records and supporting evidence are typically retained for a reasonable period following claim resolution (generally up to three years) to support audit, dispute resolution, and legal-compliance needs. Merchant account data is retained for the duration of the account relationship and for a reasonable period thereafter. When personal data is no longer needed, we will securely delete or anonymise it.

11. Data Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or destruction. These measures include encryption of data in transit, access controls, secure authentication, and regular review of our security practices. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. If you believe your account or data has been compromised, please contact us immediately.

12. Your Privacy Rights

Depending on your jurisdiction, you may have certain rights in relation to your personal data. These may include the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your personal data, subject to legal or contractual retention requirements.
  • Restriction — request that we restrict certain processing of your data.
  • Data portability — request a machine-readable copy of your personal data.
  • Objection — object to processing based on legitimate interests or for direct-marketing purposes.
  • Withdraw consent — where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, please contact us using the details in the "Contact" section below. We may need to verify your identity before processing your request. We will respond within the timeframes required by applicable law. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data-protection authority.

13. Cookies and Similar Technologies

Our website may use cookies and similar technologies to enhance your browsing experience, analyse site traffic, and understand how visitors interact with our content. The types of cookies we may use include:

  • Strictly necessary cookies — required for the website to function (for example, session management).
  • Analytics cookies — help us understand usage patterns and improve the website.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the website. The Doozy WordPress plugin does not set its own cookies on Merchant stores; it uses standard WooCommerce session handling to record the End User's protection opt-in choice during checkout.

14. Children's Privacy

The Service is not directed at individuals under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal data from children. If you believe that we have inadvertently collected data from a child, please contact us so that we can take appropriate steps to delete it.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, provide additional notice (for example, by email or through the Service). We encourage you to review this Privacy Policy periodically.

16. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a concern, please contact us:

Doozy Order Protection

Email: privacy@doozyprotection.com

We aim to respond to all privacy-related inquiries within 30 days.