Security
Last updated: July 15, 2026
No card data, ever
Recoverly never collects or stores card numbers or CVCs. All payment input happens on Stripe-hosted pages, on Stripe's infrastructure.
What the free audit accesses
The audit reads invoices and subscriptions from the last 180 days to compute totals. It sends no emails, retries no payments, and changes no subscriptions.
We store nothing from the scan — results are computed and shown to you, and the audit connection is removed from your Stripe account right after (you can verify this in Stripe under Settings → Authorized applications).
What a connected account stores
When you connect Recoverly as a customer, we store your Stripe access token encrypted with AES-256-GCM, plus the invoice and subscription metadata needed to run audits and show your dashboard. Card data is never part of it.
Nothing runs without your approval
New accounts start in Monitor Mode: Recoverly shows what it would do — to whom, what, and when — and does nothing until you switch to Live.
Emergency stop
Every account has a one-click emergency stop in Settings. While it's on, Recoverly performs no payment retries and sends no emails, regardless of other settings.
Fail-safe by default
When the system can't be sure about a state, it does nothing: no retry, no email, no subscription change. Webhooks are signature-verified and processed idempotently; every Stripe write uses an idempotency key to prevent duplicates.
Data retention
Webhook event records are kept for 90 days for idempotency and debugging, then deleted automatically. Audit aggregates and case records are kept while your account is active.
Data deletion & disconnect
Disconnect Stripe from Settings at any time — your access token is destroyed immediately. To delete all stored data, contact support@payrecoverly.com and we'll remove your organization's records.
Who operates Recoverly
Recoverly is operated by the team listed on our legal notice page (特定商取引法に基づく表記). Questions: support@payrecoverly.com.
