Privacy Policy

RecoverFlow (“we,” “us,” or “the Service”) is a Stripe-native dunning recovery tool. Our website is recoverflow.ai. Questions or requests: support@recoverflow.ai.

This policy describes the data we collect from you (the small-SaaS founder using RecoverFlow) and from your customers (the people whose payments we help you recover). We treat both with the same standard of care, but the legal basis and retention windows differ; both are described below.

• Email address you used at Stripe Checkout to subscribe to RecoverFlow.
• Stripe customer ID assigned when your subscription was created.
• Subscription state (plan tier, billing period, trial dates, cancellation date if applicable).
• If you authorize Stripe Connect: your connected Stripe account ID (acct_…), the country reported by Stripe, and the timestamps of authorization and any later revocation. We do not store any of your Stripe secret keys — authorization is OAuth-based and the access token Stripe issues us is rotated by Stripe.
• Optional metadata that Stripe sends to us in webhook payloads when your subscription changes state (e.g., status, period boundaries).

When a charge fails on your connected Stripe account, Stripe sends us an invoice.payment_failed event. From that event and a follow-up customers.retrieve call we record:

• Your end-customer's email address and (if present in Stripe) their name.
• The Stripe customer ID, invoice ID, payment-intent ID, and subscription ID associated with the failed payment.
• The amount, currency, and timestamp of the failed payment.
• The decline code or failure code Stripe reported (e.g., card_declined).
• The state of any recovery emails we send (delivered, opened, clicked, bounced).

We do not see, store, or process card numbers, CVCs, or any other cardholder authentication data. Stripe never discloses those to Stripe Connect applications.

• To send branded recovery emails on your behalf (subject, sender, cadence) to your end-customers when a payment fails.
• To populate the dashboard at /app showing failed payments tracked, recoveries, and recovered revenue.
• To bill you on the subscription tier you selected.
• To respond to support requests (e.g., debugging a delivery issue).
• To meet legal, tax, and accounting obligations and to detect abuse.

We do not sell your data, your end-customers' data, or any derived data to third parties. We do not use the data to train AI models. We do not share end-customer data with anyone other than the service providers listed below.

We use the following third-party services to deliver RecoverFlow:

• Stripe — payment processing for our own subscription billing, and Stripe Connect for receiving events from your account. Stripe's privacy policy: stripe.com/privacy.
• Resend — transactional email delivery for recovery emails and account emails (welcome, sign-in links). Resend's privacy policy: resend.com/legal/privacy-policy.
• Supabase — managed Postgres database hosting (US-East). Supabase's privacy policy: supabase.com/privacy.
• Vercel — application hosting and edge delivery for recoverflow.ai. Vercel's privacy policy: vercel.com/legal/privacy-policy.
• Cloudflare — DNS for recoverflow.ai (no proxy / no traffic processing).

Application data is stored in the United States (Supabase US-East, Vercel US edge). Email content passes through Resend infrastructure (US). We do not knowingly transfer data outside of these regions.

• Active customers: we retain your account data and your end-customers' failed-payment data for as long as your subscription is active, plus 12 months after cancellation for audit and dispute-resolution purposes.
• Canceled customers: after 12 months of inactivity, account data is deleted or fully anonymized; aggregated metrics (total recoveries, total $$ recovered) may be retained in a form that no longer identifies you or your customers.
• Email content: outgoing recovery email content is retained at Resend for 30 days for deliverability diagnostics.

You can request a copy of all data we hold about you, request that we delete it, or request that we stop processing it, by emailing support@recoverflow.ai. We respond within 30 days. If you are an end-customer and want your data removed from our system, we will honor the request after confirming with the merchant whose Stripe account the failed payment originated on.

All traffic to and from RecoverFlow is TLS-encrypted (HSTS preload). Data at rest in Supabase is encrypted. Stripe webhooks are signed with HMAC-SHA256 and verified before processing. Magic-link sign-in tokens are short-lived (15 minutes) JWTs signed with a 256-bit secret. Session cookies are httpOnly, Secure, SameSite=Lax.

We set one essential cookie, rf_session, to keep you signed in to /app. It is httpOnly, Secure, SameSite=Lax, and expires 30 days after issue. We do not use third-party tracking cookies. Vercel Analytics is enabled site-wide and is privacy-first (no cookies, no fingerprinting, details here).

If we materially change this policy, we will email registered customers at least 14 days before the change takes effect, and we will update the “last updated” date at the top of this page. Continued use of RecoverFlow after the change indicates acceptance.

For any privacy question, request, or concern: support@recoverflow.ai.