Security

Your data security is our top priority

RecoverPay is built with security-first principles. We use industry-standard practices to protect your data and maintain your trust.

Stripe OAuth Integration

We never see or store your Stripe API keys. Authentication is handled entirely through Stripe's secure OAuth 2.0 flow, giving you full control to revoke access at any time.

No Payment Credentials

We never access, process, or store credit card numbers, bank account details, or other sensitive payment credentials. All payment processing is handled directly by Stripe.

Encryption Everywhere

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your data is protected at every stage.

Minimal Data Access

We follow the principle of least privilege. We only request the specific Stripe permissions needed to recover failed payments—nothing more.

Secure Infrastructure

Our infrastructure is hosted on SOC 2 Type II compliant cloud providers with enterprise-grade security controls, monitoring, and incident response.

Instant Revocation

You can disconnect RecoverPay from your Stripe account at any time, immediately revoking all access. No waiting periods, no questions asked.

What We Access

Read invoices

Identify failed payments that need recovery

Read customers

Get customer email addresses for recovery emails

Read subscriptions

Understand subscription status and billing cycles

Create portal sessions

Generate secure payment update links for customers

What We Never Access

Credit card numbers or CVV codes

Bank account or routing numbers

Stripe API secret keys

Payout or transfer capabilities

Ability to create charges or subscriptions

Access to your Stripe balance

Safe by Design

RecoverPay is architected to be safe for your Stripe account. We respect Stripe's rate limits, follow their best practices, and never perform any actions that could put your account at risk. Our read-only approach means we observe and communicate—we never modify your Stripe data directly.

Read-only data access

Stripe rate limit compliant

No charge creation ability

Security FAQ

Can RecoverPay create charges on my Stripe account?

No. We only have read access to your billing data and the ability to create customer portal sessions. We cannot create charges, modify subscriptions, or access your Stripe balance.

What happens if I disconnect RecoverPay?

Access is revoked immediately. We stop all recovery campaigns, cease accessing your Stripe data, and delete your data within 30 days (except where required for legal compliance).

Is my customer data shared with third parties?

We only share data with email delivery providers (to send recovery emails on your behalf) and as required by law. We never sell or rent your data.

How do I report a security concern?

Please email security@recoverpay.io with any security concerns or vulnerability reports. We take all reports seriously and will respond promptly.

Have security questions?

security@recoverpay.io