Privacy Policy

Last updated: April 2026

1. Data We Collect

Retriev collects and processes the following categories of data:

Payment Data

We process payment data through Stripe. This includes:

• Payment method information (card type, last four digits, expiration date)
• Transaction amounts and timestamps
• Payment failure codes and reasons
• Customer billing email addresses

Stripe is the data controller for payment card data. Retriev does not store full card numbers or CVV codes.

Account Data

• Name and email address
• Company name (if provided)
• Account preferences and settings
• Authentication tokens (session cookies)

Usage Analytics

• Dashboard interactions and feature usage
• Recovery attempt outcomes and timing
• API request patterns

2. How We Use Your Data

We use collected data to:

• Provide the payment recovery service
• Analyze payment failure patterns using AI
• Send payment recovery emails to your customers
• Generate analytics and reports
• Improve our service and AI models
• Communicate about your account

3. Data Storage and Processing

Data is stored and processed in:

• Cloudflare infrastructure (primary application hosting)
• Stripe infrastructure (payment processing)

All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

4. Third-Party Services

We use the following third-party services:

• Stripe — Payment processing. See Stripe Privacy Policy.
• Cloudflare — Application hosting and CDN. See Cloudflare Privacy Policy.

5. Your Rights

Under GDPR and similar regulations, you have the right to:

• Access — Request a copy of your personal data
• Rectification — Correct inaccurate data
• Erasure — Request deletion of your data
• Portability — Export your data in a machine-readable format
• Objection — Object to certain processing activities

To exercise these rights, contact us at [email protected].

6. Data Retention

We retain data for as long as your account is active. After account deletion:

• Account data is deleted within 30 days
• Aggregated analytics data may be retained for service improvement
• Payment records are retained as required by law (typically 7 years)

7. Cookies

We use minimal cookies:

• Session cookies — Authentication (essential)
• Preference cookies — User preferences (optional)

We do not use tracking cookies or third-party advertising cookies.

8. GDPR Compliance

For users in the European Economic Area:

• Our legal basis is contract performance and legitimate interest
• Data is processed in the US under Standard Contractual Clauses
• You may lodge a complaint with your supervisory authority

9. CCPA Compliance

For California residents:

• We do not sell personal information
• We do not share personal information for cross-context behavioral advertising
• You may request deletion of your information
• You may request disclosure of what information we collect

10. Contact

For privacy questions or requests:

Email: [email protected]