Privacy Policy

Last updated: March 22, 2026

RecoverStripe ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment recovery service.

1. Information We Collect

We collect the minimum information necessary to provide our service:

• Account Information: Your email address, name, and company name provided during registration.
• Stripe Account ID: Your Stripe Connect account identifier, used to link your Stripe account to our service.
• Payment Metadata: Failed payment event data received via Stripe webhooks, including payment amounts, decline codes, and timestamps. We do not receive or store credit card numbers, bank account numbers, or other sensitive financial data.
• Recovery Metrics: Aggregated data about retry attempts, recovery rates, and recovered amounts.
• Usage Data: Log data such as IP address, browser type, and pages visited on our dashboard.

2. How We Use Your Information

We use the information we collect to:

• Provide and operate the payment recovery service, including processing retries and sending dunning emails.
• Display recovery metrics and activity on your dashboard.
• Send you notifications about recovered payments and account activity.
• Calculate and process billing for our service.
• Improve our retry algorithms and dunning email effectiveness.
• Respond to your support requests.

3. Information Sharing

We do not sell, trade, or rent your personal information. We may share information with:

• Stripe: To process payment retries on your behalf using the Stripe API.
• Amazon Web Services (AWS): Our infrastructure provider. Data is processed and stored on AWS servers in the United States.
• Legal Requirements: We may disclose information if required by law or in response to valid legal process.

4. Data Security

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
• Stripe API keys are stored in AWS Secrets Manager, never in code or environment variables.
• We use least-privilege IAM policies for all service components.
• We never store credit card numbers or sensitive payment credentials. All payment data remains in Stripe.

5. Data Retention

We retain your data as follows:

• Account data: Retained while your account is active and for 30 days after disconnection.
• Recovery logs: Retained for 12 months for reporting purposes, then automatically deleted.
• Aggregated metrics: May be retained indefinitely in anonymized form for service improvement.

You may request immediate deletion of all your data by contacting us.

6. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your personal data.
• Portability: Request your data in a machine-readable format.
• Restriction: Request that we limit processing of your data.
• Objection: Object to processing based on legitimate interests.

To exercise these rights, contact us at privacy@recoverstripe.com. We will respond within 30 days.

7. Cookies

Our dashboard uses localStorage to store your session token and customer ID. We do not use tracking cookies or third-party analytics on the dashboard. The landing page does not use cookies.

8. Children's Privacy

RecoverStripe is a business-to-business service and is not directed at individuals under 18. We do not knowingly collect data from minors.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Your continued use of the service after changes constitutes acceptance.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

• Email: privacy@recoverstripe.com