rechurnBack to home

Privacy Policy

Last updated: March 10, 2026

1. Introduction

Rechurn ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment recovery service.

2. Information We Collect

2.1 Account Information

  • Email address and name (provided during registration)
  • Organization name and settings
  • Authentication data (managed via Supabase Auth)

2.2 Payment Processor Data

  • Failed payment details (amounts, decline codes, timestamps)
  • Customer information from your Stripe account (names, emails, subscription details)
  • Stripe OAuth tokens (encrypted with AES-256-GCM at rest)

2.3 Usage Data

  • Recovery email send/open/click events
  • Feature usage and interaction data
  • Analytics data via Vercel Analytics and Google Analytics

3. How We Use Your Information

  • To provide and operate the payment recovery service
  • To send recovery emails on your behalf to your customers
  • To generate AI-enhanced email content for recovery campaigns
  • To display analytics and KPIs in your dashboard
  • To process billing and manage your subscription
  • To communicate service updates and important notices

4. Legal Basis for Processing (GDPR)

  • Contract performance: Processing necessary to provide the Service you subscribed to.
  • Legitimate interest: Analytics and service improvement.
  • Consent: Marketing communications (where applicable).
  • Legal obligation: Compliance with applicable laws.

5. Data Sharing

We share data only with:

  • Supabase: Database hosting and authentication.
  • Stripe: Payment processing and billing portal.
  • Resend: Transactional email delivery.
  • Vercel: Application hosting and analytics.
  • Groq: AI model inference for email enhancement.

We do not sell, rent, or trade your personal information to third parties.

6. Data Retention

We retain your data for as long as your account is active. Upon account deletion, all your data is permanently removed within 30 days. Recovery email delivery logs may be retained for up to 90 days for compliance purposes.

7. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data (available via Settings > Export My Data).
  • Rectification: Update inaccurate personal data via your account settings.
  • Erasure: Delete your account and all associated data (available via Settings > Delete Account).
  • Portability: Export your data in a machine-readable format (JSON).
  • Restriction: Request restriction of processing under certain circumstances.
  • Objection: Object to processing based on legitimate interests.

To exercise these rights, use the in-app tools in Settings or contact us at support@rechurn.io.

8. Data Security

  • All data is transmitted over HTTPS/TLS.
  • Stripe OAuth tokens are encrypted with AES-256-GCM before storage.
  • Database access is controlled by Row Level Security (RLS) policies.
  • We use Supabase's managed infrastructure with regular backups.

9. International Data Transfers

Your data may be processed in countries outside the EEA. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs), for any such transfers.

10. Cookies

We use essential cookies for authentication and session management. Analytics cookies (Vercel Analytics, Google Analytics) are used to understand how the Service is used. You can control cookie preferences in your browser settings.

11. Children's Privacy

The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service.

13. Contact

For privacy-related inquiries, contact our Data Protection team at support@rechurn.io.