Security

Last updated: July 15, 2026

No card data, ever

Recoverly never collects or stores card numbers or CVCs. All payment input happens on Stripe-hosted pages, on Stripe's infrastructure.

What the free audit accesses

The audit reads invoices and subscriptions from the last 180 days to compute totals. It sends no emails, retries no payments, and changes no subscriptions.

We store nothing from the scan — results are computed and shown to you, and the audit connection is removed from your Stripe account right after (you can verify this in Stripe under Settings → Authorized applications).

What a connected account stores

When you connect Recoverly as a customer, we store your Stripe access token encrypted with AES-256-GCM, plus the invoice and subscription metadata needed to run audits and show your dashboard. Card data is never part of it.

Nothing runs without your approval

New accounts start in Monitor Mode: Recoverly shows what it would do — to whom, what, and when — and does nothing until you switch to Live.

Emergency stop

Every account has a one-click emergency stop in Settings. While it's on, Recoverly performs no payment retries and sends no emails, regardless of other settings.

Fail-safe by default

When the system can't be sure about a state, it does nothing: no retry, no email, no subscription change. Webhooks are signature-verified and processed idempotently; every Stripe write uses an idempotency key to prevent duplicates.

Data retention

Webhook event records are kept for 90 days for idempotency and debugging, then deleted automatically. Audit aggregates and case records are kept while your account is active.

Data deletion & disconnect

Disconnect Stripe from Settings at any time — your access token is destroyed immediately. To delete all stored data, contact support@payrecoverly.com and we'll remove your organization's records.

Who operates Recoverly

Recoverly is operated by the team listed on our legal notice page (特定商取引法に基づく表記). Questions: support@payrecoverly.com.