RefundDesk is built for licensed customs brokers handling sensitive commercial entry data on behalf of importers. This policy explains exactly what we collect, how we use it, and what rights you have.
Last updated: May 30, 2026 · Questions: privacy@refunddesk.app
Account information: When you create an account we collect your name, business email address, and company EIN. Your EIN is optional but recommended — it is used to identify your brokerage in generated protest filings.
Entry data: You upload CSV files containing customs entry data including entry numbers, entry dates, liquidation status, HTS codes, and duty amounts paid. This data belongs to your clients and is processed solely to generate protest filings on their behalf.
Generated documents: RefundDesk generates protest packets and entry schedule CSVs on your behalf. These are stored on secure servers and available for download during your active account period.
Attestation records: When you attest to a filing batch, your email address, IP address, timestamp, user agent, and the verbatim attestation statement are captured as a compliance record alongside a complete calculation snapshot of every entry in the batch. This record is immutable once created. The attestation record also maintains a tamper-evident field-level change log via database-level versioning (Logidze), retained for regulatory compliance under 19 CFR §111.23.
Usage data: We collect standard web analytics data including pages visited, time on site, device type, and referral source. We use Google Analytics on our public marketing pages and PostHog within the authenticated application.
To provide the service: Account information, entry data, and attestation records are used to generate CBP-compliant protest filings on your behalf.
To communicate with you: Your business email is used to send account-related communications including password resets and filing confirmations. We use Resend to deliver these emails.
To understand how the product is used: We use Google Analytics to measure traffic on our public marketing pages, and PostHog to understand product usage within the authenticated application. Neither service receives client entry data, IOR numbers, or duty amounts.
To maintain compliance records: Attestation records are retained as immutable compliance documentation tied to each filing batch.
Account information: Retained for the lifetime of your account and deleted within 30 days of account closure upon request.
Uploaded CSV files and generated documents: Retained for the duration of your active account. Upon closure, deleted within 30 days upon written request to privacy@refunddesk.app.
Attestation records: Retained for 5 years from attestation date per 19 CFR §111.23 and cannot be deleted during that period. Records include the complete calculation snapshot frozen at attestation and a tamper-evident version log. After the 5-year regulatory minimum, records are retained for the duration of the account.
Usage data: Google Analytics data is retained for 14 months per Google's default retention settings. PostHog data is retained per PostHog's standard retention policy.
Amazon Web Services (AWS): Our application and database run on AWS infrastructure. All account data, entry data, generated documents, and attestation records are stored on servers located in the United States.
Resend: We use Resend to deliver transactional emails. Resend receives your business email address solely for the purpose of delivering these messages.
Google Analytics: We use Google Analytics to measure traffic on our public marketing pages. You can opt out at tools.google.com/dlpage/gaoptout.
PostHog: We use PostHog for product analytics within the authenticated application. Learn more at posthog.com/privacy.
We do not use advertising networks, data brokers, or marketing platforms. We do not sell or share your data with any third party beyond those listed above.
If you are a California resident, the CCPA gives you the following rights:
We will respond to verifiable requests within 45 days and will not discriminate against you for exercising your privacy rights.
RefundDesk is operated from the United States. If you are accessing from outside the United States — including Canada, Mexico, the European Union, Japan, or Australia — your data will be transferred to and processed in the United States.
We respect applicable privacy frameworks including GDPR, CCPA, PIPEDA, and LFPDPPP. Regardless of your location, you may exercise the following rights by contacting privacy@refunddesk.app:
Essential cookies: Required for the application to function, including your session cookie. These cannot be disabled without breaking the application.
Analytics cookies: Google Analytics sets cookies to measure traffic on our public marketing pages. PostHog sets cookies within the authenticated application to measure product usage. You can opt out of Google Analytics at tools.google.com/dlpage/gaoptout or by declining cookies when prompted.
We do not use advertising cookies, retargeting cookies, or any tracking technology beyond those listed above.
For privacy-related requests, questions, or concerns:
We will respond to all inquiries within 45 days.
For technical details on infrastructure, encryption, and data access controls, see our Security page →