Privacy Policy

2.1From visitors

• Standard request logs (IP address, user agent, referrer, timestamp, requested URL).
• Cookies and similar technologies used to operate the site and, where applicable, measure aggregate traffic. We do not run third-party advertising or cross-site tracking cookies.

2.2From Merchants

• Account data — name, work email, business name, role, and the credentials used to sign in.
• Billing data — billing email and the metadata Stripe returns to us (subscription state, invoice IDs, country, last-4 of the card). Card numbers are handled by Stripe; Unchurn does not see or store full card details.
• Product usage data — dashboard events, feature configuration, offers, copy, and Stripe-account metadata Unchurn reads to provide the Service.
• Support data — content of emails, screenshots, and any information you send to hello@unchurn.dev.

2.3From Subscribers, on the Merchant's behalf

When a Subscriber interacts with a cancellation flow, Unchurn processes information such as the Subscriber’s Stripe customer ID, subscription state, approximate geographic location (inferred from IP for routing purposes), the reason they selected, any free-text feedback they provided, and the outcome of the flow (cancel, pause, discount accepted, etc.). The Merchant determines what is collected and why; Unchurn processes this data only to provide the Service to that Merchant.

To keep this honest: Unchurn does not knowingly collect government identifiers, health information, financial-account numbers (other than the limited Stripe metadata described above), biometric identifiers, precise GPS location, or special categories of personal data under GDPR Article 9. If you choose to send any of this information to us (for example in a support email), please don’t — and we will delete it on request.

We use the information described above to:

• provide, operate, secure, and improve the Service for Merchants;
• execute actions on a Merchant’s Stripe account at the Merchant’s instruction (cancellations, pauses, applied coupons, plan changes, trial extensions);
• run product-usage analytics on de-identified or aggregated data to understand how the Service is performing;
• communicate with Merchants about the Service, including transactional emails (billing receipts, security notices, material changes to these documents) and occasional product updates Merchants can opt out of;
• respond to support and sales inquiries;
• detect, prevent, and respond to fraud, abuse, security incidents, and violations of our terms or applicable law;
• comply with legal obligations and respond to lawful requests.

We do not sell personal data. We do not share personal data for cross-context behavioural advertising. We do not use Merchant or Subscriber data to train general-purpose AI models, and we do not authorise any third party to do so. Where the Service routes content to third-party AI providers, we use modes or settings that, to our knowledge, are not used by the provider to train general-purpose models, where the provider exposes such a setting.

Unchurn relies on third-party providers (“sub-processors”) to deliver the Service. The categories include:

• Cloud hosting and database — to run the application and store data.
• Payments — Stripe, for billing the Merchant and for performing subscription actions on the Merchant’s own Stripe account.
• Email delivery — to send transactional and product emails.
• Observability and logging — to monitor errors and performance.
• Geolocation — to infer approximate location from IP for cancellation-flow routing.
• AI and model inference — to power features that use large language models. Where the provider exposes a setting, Unchurn uses modes that, to our knowledge, are not used by the provider to train general-purpose models. Unchurn does not warrant any third-party provider’s data-handling practices.

A current list of sub-processors is available on request by emailing hello@unchurn.dev. Each sub-processor processes data under its own published terms.

We may also share information when required by law, valid legal process, or to protect the rights, property, or safety of Unchurn, our Merchants, or others. In a corporate transaction (merger, acquisition, asset sale, financing), information may be transferred subject to the same protections as this policy.

Unchurn is operated from the United States. Data is stored and processed in the United States and in other regions where our sub-processors operate. If you access the Service from outside the United States, you understand that information about you will be transferred to and processed in the United States and other regions.

Unchurn does not currently publish a standard-form Data Processing Addendum or rely on a published set of cross-border transfer mechanisms (such as the EU Standard Contractual Clauses). Merchants whose use of the Service involves Personal Data of individuals located in the European Economic Area, the United Kingdom, Switzerland, or any other jurisdiction whose data-protection law requires a written processor agreement must contact hello@unchurn.dev to discuss a negotiated agreement before such use.

We retain information for as long as it is needed to provide the Service and for a reasonable period after:

• Merchant account data — kept for the life of the account and, after account closure, retained for a reasonable period to handle disputes, comply with legal obligations, and maintain billing records.
• End User Data (cancellation events, offers, outcomes) — retained during the Merchant’s subscription. After the Merchant’s account closes, Unchurn may delete this data from active systems following a reasonable wind-down period during which the Merchant can request an export.
• Aggregated or de-identified data — may be retained indefinitely.
• Operational logs — retained for security, debugging, and abuse prevention on the rolling schedules our hosting and observability providers use. Unchurn does not operate its own independent backup program.

The specific period we keep any item depends on the criteria above: the nature of the data, the purpose we collected it for, legal and accounting obligations, and the need to defend or resolve disputes. Unchurn does not commit to a specific retention or deletion timetable absent a written agreement that says otherwise.

8.1Email and access

To request access to information Unchurn holds about you, correction of inaccurate information, deletion, a copy of your information in a portable format, or to ask questions about this policy, email hello@unchurn.dev. We aim to respond within 30 days. We may need to verify your identity before acting on a request and may decline or limit requests where permitted by law (for example, where complying would interfere with a legal obligation or with another person’s rights).

8.2Subscribers should contact the Merchant first

If you are a Subscriber (an end user of a Merchant’s product) and want to exercise rights over data Unchurn processes on the Merchant’s behalf, please contact the Merchant directly. Unchurn will support the Merchant’s response, but the Merchant is the party responsible for the data.

8.3Marketing email

Every product or marketing email we send includes an unsubscribe link. Unsubscribing does not stop transactional emails (billing receipts, security notices, material legal changes).

8.4Cookies

You can control cookies through your browser settings. Blocking or deleting cookies may break parts of the Service.

8.5Do Not Track and Global Privacy Control

Because Unchurn does not run cross-site behavioural advertising, we do not respond differently to Do Not Track or Global Privacy Control signals at this time. If we add such advertising, this policy will be updated and the signals will be honoured.

Unchurn applies reasonable administrative, technical, and physical safeguards appropriate for an early-stage product to protect information against unauthorised access, use, disclosure, alteration, and loss. Unchurn does not hold, and does not represent itself as holding, SOC 2, ISO 27001, HIPAA, PCI-DSS, GDPR, CCPA, or any similar certification or attestation. Unchurn does not operate a formal, audited information security program; the safeguards in place are commensurate with our current stage and resources.

No security program is perfect, and no transmission or storage of information is guaranteed to be secure. If you believe you have discovered a vulnerability or that your account has been compromised, email hello@unchurn.dev.

The Service is for businesses, not consumers. Unchurn does not knowingly direct the Service to children or knowingly collect information from anyone under 16. If you believe a child has provided information to Unchurn, email hello@unchurn.dev and we will delete it.

We may update this Privacy Policy from time to time. The current version is always at unchurn.dev/legal/privacy with an “Effective” date at the top. For material changes that adversely affect Merchant rights, we will give at least 30 days’ prior notice by email or in-product before the change takes effect. Continued use of the Service after the effective date of a change constitutes acceptance.

For questions about this policy, to exercise a right, or to flag a privacy concern, email hello@unchurn.dev.