1. Introduction
RecoverFlow ('we', 'us', 'our') operates a payment recovery service for SaaS businesses. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service.
2. Information We Collect
When you sign up for RecoverFlow, we collect:
- Account information: email, company name, password (hashed)
- Stripe Connect data: account ID, OAuth tokens, plan information
- Payment data: card details for billing recovery fees (stored securely by Stripe, not by us)
- Usage data: failed payment events, recovery attempts, email logs
3. How We Use Your Data
We use your data to:
- Provide payment recovery services on your behalf
- Send dunning emails to your customers (under your brand)
- Charge recovery fees according to your plan
- Display analytics in your dashboard
- Communicate service updates and support responses
4. Data Sharing
We share data only with: Stripe (for payment processing and Connect integration), Resend (for sending transactional and dunning emails), Supabase (for hosting our database — EU-based), Vercel (for hosting our application). We do not sell or rent your personal information to third parties.
5. Data Security
We use industry-standard security measures including encryption in transit (TLS), encryption at rest, Row Level Security in our database, and OAuth for Stripe authentication. Card details are never stored on our servers.
6. Your Rights (GDPR)
If you are in the EU, you have the right to:
- Access your personal data
- Request correction or deletion
- Export your data
- Object to processing
- Lodge a complaint with your data protection authority
7. Contact
For privacy questions or to exercise your rights, contact us at onboarding@getrecoverflow.com.