Skip to main content

Effective July 14, 2026

Privacy Policy

This policy explains the minimum data churnplug needs to prevent subscription churn and how that data is handled.

What we process

churnplug processes tenant account details, subscription identifiers, cancellation responses, payment-failure status, delivery logs, and recovery amounts. We do not collect or store card numbers; card updates happen on Stripe-hosted pages.

Why and on whose behalf

We process subscriber data only to provide cancellation retention, transactional dunning, recovery attribution, and security. For subscriber data, the SaaS company using churnplug is the controller and churnplug acts as its processor.

Service providers

Vercel hosts the application, Supabase stores application data and secrets, Stripe performs subscription actions and hosted payment updates, and Resend delivers transactional email when enabled. Data is shared only as needed to provide those functions.

Retention and choices

Tenant data is retained while an account is active and for a limited period needed for audit, security, and legal obligations. Tenants may request access, correction, export, or deletion for their account and should handle requests from their own subscribers.

Security and contact

We use tenant isolation, signed short-lived tokens, restricted Stripe keys, encrypted secret storage, and webhook signature checks. To make a privacy request, contact the account owner who provided your churnplug integration or the project owner through the official support channel supplied during onboarding.