Privacy Policy

Last updated: April 19, 2026

StripeRescue keeps the data we collect minimal and use it only for the purposes below. Questions or requests: support@striperescue.app.

What we collect about merchants (you)

  • Email address (to sign you in via magic link).
  • Company name (read from your Stripe business profile, or set by you).
  • An OAuth access token from Stripe, scoped to read failed invoices and manage webhook endpoints on your connected account. Stored encrypted at rest (AES-GCM).
  • Optional: a GitHub OAuth token if you connect GitHub for the Auto-Fix feature. Same encryption.

What we collect about your customers

  • For each failed invoice we process: customer email, invoice amount, currency, failure reason, Stripe invoice ID, and the Stripe-hosted invoice URL we link to from the recovery email.
  • We do not receive or store any payment card numbers, CVC codes, or bank details. Those stay with Stripe.
  • Resend (our email provider) stores delivery metadata (opens, bounces) per their retention policy.

Why we collect it

Solely to deliver the recovery-email service you signed up for: reading the failed-payment event, composing a personalized email, sending it to the affected cardholder, tracking whether it was delivered, and showing you recovery results in your dashboard. We don't use this data for advertising, share it with third parties except the subprocessors listed below, or train AI models on it.

Subprocessors

  • Supabase — database and auth (US region).
  • Vercel — application hosting and cron.
  • Stripe — OAuth, failed-payment webhook source, hosted invoice URLs.
  • Resend — transactional email sending (AWS SES-backed, us-east-1).
  • GitHub — only if you opt in to Auto-Fix PR generation.

Retention & deletion

We keep your data while your account is active and delete it within 30 days of account termination. You can request earlier deletion by emailing us. Bounce-and-delivery logs kept by Resend follow their retention policy.

Your rights

You can request a copy of the data we hold about you, ask us to correct or delete it, or export a list of failed invoices and recovery events. Email support@striperescue.app and we'll respond within 30 days.

Children

StripeRescue is a B2B service. We don't knowingly collect data from anyone under 16. If you believe we've received such data, email us and we'll delete it.

Changes to this policy

We may update this policy. Material changes will be posted at this URL with an updated date and emailed to the address on your account.