Privacy Policy

1. Introduction

RecoverPay ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment recovery service.

By using RecoverPay, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies, please do not use our service.

2. Information We Collect

2.1 Information from Stripe

When you connect your Stripe account, we access the following data through Stripe's secure OAuth integration:

• Failed payment events: Invoice IDs, failure reasons, amounts, and timestamps
• Customer information: Email addresses and names associated with failed payments
• Subscription data: Subscription status and billing cycle information
• Payment recovery status: Whether payments were successfully recovered

We do not access or store full credit card numbers, bank account details, or other sensitive payment credentials. All payment processing is handled directly by Stripe.

2.2 Account Information

When you create an account, we collect:

• Email address
• Company name
• Stripe account identifier

2.3 Usage Data

We automatically collect certain information when you use our service:

• Log data (IP address, browser type, pages visited)
• Device information
• Analytics data to improve our service

2.4 Data Collected by Shield SDKs (Circuit™ Engine)

If you use our Shield Plan with the Circuit™ Engine, our SDKs collect the following data from your end users (your customers) for fraud prevention:

• Device fingerprint: Browser type, version, screen resolution, timezone, language, installed fonts, and other browser characteristics
• Behavioral signals: Mouse movement patterns, typing cadence, form interaction timing, scroll behavior
• Network data: IP address, VPN/proxy detection indicators, approximate geolocation
• Bot detection signals: Automation indicators, headless browser detection, WebDriver presence

This data is used solely for fraud prevention and risk scoring. We do not use this data for advertising, profiling, or any purpose other than protecting your business from fraudulent transactions.

Important: If you integrate our SDKs, you are responsible for disclosing this data collection in your own privacy policy and obtaining any necessary consent from your end users.

3. How We Use Your Information

We use the information we collect to:

• Provide our service: Monitor failed payments, execute recovery campaigns, and provide account health monitoring
• Send recovery emails: Contact your customers on your behalf to recover failed payments
• Fraud prevention: Analyze transaction risk using the Circuit™ Engine and Shield SDKs
• Generate reports: Provide you with analytics on recovery performance and account health
• Process subscriptions: Manage your subscription plan and billing
• Improve our service: Analyze usage patterns to enhance recovery rates and fraud detection accuracy
• Communicate with you: Send service updates, security alerts, and support messages

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share information only in the following circumstances:

• With Stripe: To process payments and access necessary billing data
• Email service providers: To send recovery emails on your behalf (e.g., Resend)
• Legal requirements: If required by law, court order, or governmental authority
• Business transfers: In connection with a merger, acquisition, or sale of assets

5. Data Retention

We retain your data for as long as your account is active or as needed to provide our services. Failed payment records are retained for 12 months after the payment is resolved (recovered or abandoned) for reporting purposes.

When you disconnect your Stripe account or delete your RecoverPay account, we will delete your data within 30 days, except where we are required to retain it for legal or compliance purposes.

6. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Secure OAuth 2.0 authentication with Stripe
• Regular security audits and vulnerability assessments
• Access controls and authentication for all team members
• Secure cloud infrastructure with SOC 2 compliant providers

For more details, see our Security page.

7. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data
• Portability: Request your data in a portable format
• Objection: Object to certain processing of your data

To exercise these rights, contact us at privacy@recoverpay.io.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to operate our service, remember your preferences, and analyze usage. You can manage your cookie preferences at any time using our cookie settings.

8.1 Types of Cookies We Use

8.2 Managing Cookies

You can manage your cookie preferences at any time by clicking the "Cookie Settings" link in our footer or by adjusting your browser settings. Note that disabling certain cookies may affect the functionality of our service.

9. Third-Party Services

Our service integrates with the following third-party services:

• Stripe: Payment processing and billing data (Stripe Privacy Policy)
• Google Analytics: Website analytics (Google Privacy Policy)
• Resend: Email delivery service
• Vercel: Hosting and infrastructure

10. Children's Privacy

RecoverPay is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

12.1 Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract: Processing necessary to perform our contract with you (providing the RecoverPay service)
• Legitimate Interest: Processing necessary for our legitimate business interests (improving our service, fraud prevention)
• Consent: Where you have given explicit consent (e.g., marketing communications, non-essential cookies)
• Legal Obligation: Processing necessary to comply with legal requirements

12.2 Your GDPR Rights

In addition to the rights listed in Section 7, you have the right to:

• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time
• Restrict Processing: Request that we limit how we use your data
• Lodge a Complaint: File a complaint with your local data protection authority

12.3 Data Protection Officer

For GDPR-related inquiries, contact us at privacy@recoverpay.io.

12.4 International Transfers

When we transfer data outside the EEA, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission to ensure your data receives adequate protection.

13. US State Privacy Rights

If you are a resident of certain US states, you have additional privacy rights under state law. This section applies to residents of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws.

13.1 California Privacy Rights (CCPA/CPRA)

California residents have the following rights:

• Right to Know: Request information about the categories and specific pieces of personal information we collect
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of the sale or sharing of personal information
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights
• Right to Limit Use: Limit the use of sensitive personal information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

13.2 Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information:

13.3 Virginia, Colorado, Connecticut, and Other State Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), and Montana (MCDPA) have similar rights including:

• Right to access and confirm whether we process your data
• Right to correct inaccuracies
• Right to delete your data
• Right to data portability
• Right to opt out of targeted advertising, sale of data, and profiling

13.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@recoverpay.io. We will respond within the timeframe required by applicable law (typically 45 days). You may also designate an authorized agent to make requests on your behalf.

We may need to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of RecoverPay after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@recoverpay.io
• General inquiries: hello@recoverpay.io