Privacy Policy

Effective date: February 17, 2026

RecoverPing (“we”, “our”, or “us”) operates recoverping.com (the “Service”). This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data. By using the Service you agree to this policy.

1. Information We Collect

1.1 Account information

When you sign up we collect your email address via Supabase Auth (magic link).

1.2 Stripe credentials

To connect your Stripe account you provide a restricted Stripe API key and a webhook signing secret. These are stored encrypted at rest in our database and are never logged or exposed in plaintext outside of the authentication flow.

1.3 Customer data from Stripe

When a subscription payment fails, Stripe sends us a webhook event. From that event we extract and store:
  • Customer name
  • Customer email address
  • Invoice ID and amount
  • Customer phone number (fetched from Stripe for SMS delivery)

This data belongs to you and your customers. We process it solely to perform the recovery flow you configure.

1.4 Recovery event logs

We log the status and timestamps of each recovery attempt (e.g., SMS queued, sent, recovered, failed). These logs are visible in your dashboard and are retained for as long as your account is active, plus 90 days after cancellation.

1.5 Usage and analytics data

We collect aggregate usage data (SMS count, monthly limits) and page-level analytics (page views, CTA clicks) via Google Tag Manager. This data does not identify individual end customers.

2. How We Use Your Information

  • Delivering the Service — executing your configured recovery flows, sending SMS via Twilio and emails via your configured email infrastructure, generating Stripe Customer Portal links.
  • Account management — authenticating you, billing your subscription via Stripe, sending transactional emails about your account.
  • Improving the Service — analysing aggregate usage patterns to fix bugs and improve features. We never sell your data or your customers' data.
  • Legal compliance — retaining records as required by applicable law.

3. Third-Party Services

We share data with the following sub-processors only to the extent necessary to operate the Service:

ProviderPurposeData shared
StripePayment processing, subscription billingYour email, billing info
SupabaseDatabase and authenticationAll account and event data
TwilioSMS deliveryCustomer phone number and message body
Email delivery providerSending system emails related to your accountYour email address and message content
Google Tag ManagerAnalyticsPage URL, anonymised click events
Redis (Upstash / self-hosted)Job queueTenant ID, invoice ID, event ID (no personal data)

We do not sell, rent, or share personal data with any other third parties for their own marketing purposes.

4. Data Retention

We retain your account data and recovery logs for as long as your account is active. After cancellation or deletion, data is retained for 90 days and then permanently deleted, except where longer retention is required by law (e.g., billing records).

You may request deletion of your account at any time by emailing privacy@recoverping.com.

5. Data Security

We apply industry-standard security measures:

  • All data encrypted in transit via TLS 1.2+
  • Stripe API keys and webhook secrets encrypted at rest
  • Database access restricted by Row-Level Security (RLS) — each tenant can only access their own data
  • Service role credentials never exposed to client-side code

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we take reasonable precautions to protect your data.

6. Your Rights

Depending on your jurisdiction you may have the right to access, correct, export, or delete personal data we hold about you. To exercise any of these rights, email privacy@recoverping.com and we will respond within 30 days.

If you are in the EU/EEA, you have rights under the GDPR including the right to lodge a complaint with your local data protection authority.

7. Cookies

We use only essential session cookies required for authentication (set by Supabase Auth). We do not use tracking cookies or third-party advertising cookies. Google Tag Manager may set analytics cookies — you can opt out via your browser's cookie settings or a standard ad-blocker.

8. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have done so inadvertently, please contact us so we can delete it.

9. Changes to This Policy

We may update this policy from time to time. When we do, we will update the effective date at the top of this page. Material changes will be notified via the email address associated with your account. Continued use of the Service after the update constitutes acceptance of the revised policy.

10. Contact

Questions about this policy? Email us at privacy@recoverping.com.