Skip to main content

Privacy Policy

Last updated: 7/26/2025

🔒 Our Security Commitment

We're a startup, but we take your data security seriously from day one:

  • Stripe handles all payments: We never see or store credit card data
  • HTTPS everywhere: All connections are encrypted
  • Minimal data access: We only access what's needed for recovery
  • Regular backups: Your data is backed up daily

1. Information We Collect

Account Information

  • Email address and company name
  • Billing information (processed by Stripe)
  • Usage statistics and recovery metrics

Customer Data

  • Failed payment information from your Stripe account
  • Customer email addresses for recovery attempts
  • Payment history and recovery status

2. How We Use Your Information

We use your information solely to:

  • Process failed payment recoveries
  • Send recovery emails to your customers
  • Generate analytics and reports
  • Improve our recovery algorithms
  • Communicate service updates

3. Data Protection Measures

Current measures:

  • SSL/TLS encryption for all data transfers
  • Secure password hashing with bcrypt
  • Environment variables for sensitive data
  • Regular security updates
  • Database access restricted to application only

Coming soon:

  • Two-factor authentication
  • Advanced audit logging
  • Third-party security audit

4. Data Retention

We retain recovery data for 24 months to provide historical analytics. You can request data deletion at any time. Upon account cancellation, all data is permanently deleted within 30 days.

5. Third-Party Services

We work with trusted partners:

  • Stripe: Payment processing (they handle all the compliance)
  • Vercel: Hosting platform (automatic SSL, DDoS protection)
  • Turso: Database hosting (encrypted backups)
  • Resend: Email delivery (for recovery emails)

6. Your Rights

Under GDPR and CCPA, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request data deletion
  • Export your data
  • Opt-out of marketing communications

7. Data Breach Response

In the unlikely event of a data breach, we will notify affected users within 72 hours and provide detailed information about the impact and our response measures.

8. Contact Our Privacy Team

Data Protection Officer
Email: privacy@retentioncheck.com
Response time: Within 48 hours

For immediate security concerns:
Email: security@retentioncheck.com

9. Our Growing Security Standards

As a startup, we're working towards formal certifications. Currently:

  • Following GDPR principles for data protection
  • Using Stripe's PCI-compliant infrastructure
  • Implementing security best practices
  • Planning for SOC 2 certification as we grow

We're transparent about our journey. As we grow, so will our formal certifications.