Verify it yourself

Trust Center

You should not have to take our word for it. Dispute Predator is a Stripe-native service — which means the most important facts about us are things you can confirm inside your own Stripe account, on Stripe's own domain, without ever trusting a claim on this page. Below is exactly how, plus our security, data, and company details.

Operating entity: Zero-Fine Protocol, LLC. Last updated: June 2, 2026.

0
Fund-movement permissions requested
1-click
Revocation from your Stripe Dashboard
120-day
Automatic evidence destruction
4
Named subprocessors

Verify our Stripe integration yourself

We connect to your Stripe account through Stripe OAuth — the same authorization mechanism Stripe uses for every app on its platform. You can confirm every step of this without trusting us. Here is the exact sequence:

  1. 1

    The consent screen is on Stripe’s domain — not ours

    When you click Connect Stripe, you are redirected to Stripe's own authorization page at connect.stripe.com. Check your browser's address bar: the permission prompt is served and secured by Stripe, not by disputepredator.com. We never see your Stripe password, and you authenticate directly with Stripe.

  2. 2

    Read the exact permissions before you approve

    Stripe's consent screen lists precisely what an app is asking for. Read it. You will see access scoped to disputes and the evidence needed to contest them — and you will not see any permission to create payouts, issue refunds, or move money out of your balance. If a screen ever shows broader access than that, stop.

  3. 3

    Confirm — and revoke — in your Stripe Dashboard

    After connecting, open Stripe Dashboard → Settings → Connected applications (also called Authorized applications). Dispute Predator (Zero-Fine Protocol, LLC) will be listed there with the access you granted. You can revoke that access in one click, at any time, directly from Stripe — and the engine immediately stops acting on your account.

  4. 4

    See every rebuttal we file, in your own account

    When we contest a dispute, we submit the evidence through the Stripe Disputes API on your behalf. Open that dispute in yourStripe Dashboard and you will see the evidence and the submission in the dispute's own timeline — rendered by Stripe, in your account, attributable to the connected app. Nothing we do is hidden from you.

The takeaway: every claim that matters is checkable in Stripe's interface, under your control. A service that can be revoked from your own dashboard in one click, that never touches your password, and that cannot move your money, is structurally incapable of the things a scam needs to do.

What we can and cannot do on your Stripe account

Our authority is bounded by the OAuth scope you grant and nothing else. Below is what that authorization is for — and, just as importantly, what it deliberately excludes. The authoritative wording lives in Section 2 of our Master Services Agreement.

What we are authorized to do

  • Read your charge and dispute objects
  • Read the shipping and customer metadata needed to assemble a rebuttal
  • Write dispute evidence and submit rebuttals through the Stripe Disputes API

What we cannot do

  • Move, transfer, or withdraw funds from your Stripe balance
  • Issue refunds to customers
  • Create or redirect payouts
  • See or store full card numbers (PAN) — that data stays with Stripe

The single exception to "no fund movement" is the success fee itself: on disputes we win, our fee is collected through Stripe Billing as a normal, itemized charge you can see and dispute like any other. We never collect a fee on a dispute we did not win. Full fee terms are in the MSA, Section 3.

What we will never do

These are commitments you can hold us to — and a checklist for spotting impersonation. If something claiming to be Dispute Predator ever does one of these, it is not us.

  • Ask for your Stripe password or login code. We use OAuth; you authenticate with Stripe directly, never through us.
  • Request permission to move, refund, or pay out your money.
  • Send you an email or text asking you to "verify your account" through a login link. We will never ask for credentials by email. When in doubt, navigate to disputepredator.com directly.
  • Charge a Tier 1 (Essential) merchant anything before we win a dispute. Tier 1 is pure success fee, $0 retainer.
  • Lock you in. Disconnect from your Stripe Dashboard at any time and we immediately stop.
  • Sell or share your customers' data for marketing. See the Privacy Notice.

Security & data protection

The controls below are the operative commitments in our Data Processing Agreement.

Encryption in transit

TLS 1.3 for all data moving between your systems, Stripe, and our infrastructure.

Encryption at rest

AES-256-GCM for credentials and tokens; provider-side server-side encryption for evidence files in object storage.

Credential protection

Stripe access tokens are encrypted with rotatable master keys. Object storage uses scoped, least-privilege access keys.

Access controls & logging

Least-privilege access with comprehensive audit logging across infrastructure.

Data minimization

We store only what a rebuttal requires. We never store full card numbers — PAN data is handled exclusively by Stripe.

Retention & destruction

Evidence files are retained up to 120 days after a dispute is finally resolved, then automatically deleted. You can request earlier deletion any time.

Breach notification

We notify affected merchants without undue delay, and within 72 hours of confirmation, consistent with GDPR Article 33 where applicable.

Revocation = stop

Revoking Stripe OAuth immediately ends our authority; stored data is purged on the destruction cycle.

Subprocessors

These are the third parties that may process data in the course of delivering the service. We notify merchants at least 30 days before onboarding a new subprocessor, and you may object on reasonable data-protection grounds (DPA, Section 3).

SubprocessorPurposeApplies to
Stripe, Inc.Payments, OAuth, and the Disputes APIAll merchants
DigitalOceanCompute and object storageAll merchants
CloudflareNetwork edge / DDoS protectionAll merchants
Lob, Inc.Physical mail (when applicable)Tier 3 only

Tier 3 engagements may name an additional recovery vendor in the separately executed Service Addendum.

Company & legal

Dispute Predator is operated by Zero-Fine Protocol, LLC, a Utah limited liability company. Our governing agreements are published in full — not summarized behind a sales call:

Master Services AgreementData Processing AgreementPrivacy Notice

Our mailing address and entity registration details are available on request to legal@disputepredator.com. Dispute Predator is software: we are not a law firm, a debt collector, or a consumer reporting agency, and using the service does not create an attorney-client relationship.

Compliance posture

We hold ourselves to the practices described in our DPA and align our security program to recognized data-protection obligations (GDPR, UK GDPR, and CCPA/CPRA, where applicable). PAN data never touches our systems — card data is handled entirely within Stripe's PCI-DSS environment.

We will only ever claim a certification or audit on this page when we can hand you the report to verify it. We would rather show you a revocable OAuth grant you can test today than a badge you cannot check.

Contact our security team

Security questions, vulnerability reports, or a security questionnaire for your vendor-review process:

Security & disclosuressecurity@disputepredator.comData / privacy (DSAR)privacy@disputepredator.comLegal & entity detailslegal@disputepredator.com

A human responds. If you are completing a vendor-security review, email security@disputepredator.com and we will work through your questionnaire.

This page describes our practices and how to verify them. It is not a warranty of any specific dispute outcome and is not legal advice. The binding terms between you and Zero-Fine Protocol, LLC are the agreements published at /legal.