RevReclaim← Back to home

Privacy Policy

Last updated: March 5, 2026

1. What We Collect

When you use RevReclaim, we collect the following information:

  • Account information: Email address, name, and password (hashed) when you create an account.
  • Stripe API keys: Read-only restricted keys you provide for scanning. One-time scan keys are never stored. Auto-scan keys are encrypted with AES-256-GCM before storage.
  • Scan results: Revenue leak reports generated from your Stripe data, stored in your account for future reference.
  • Usage data: Basic analytics like page views and feature usage to improve the product.

2. How We Handle Your Stripe Data

Your Stripe security is our top priority:

  • Read-only access: We only request read-only Stripe API keys. We cannot modify your Stripe account, create charges, or change subscriptions.
  • One-time scans: API keys used for manual scans are processed in memory and never stored on any server or database.
  • Auto-scan keys: If you enable automated weekly scans, your API key is encrypted using AES-256-GCM with a derived key before storage. The encryption key is stored separately from the database.
  • Data minimization: We only fetch the Stripe data needed for leak detection (subscriptions, invoices, customers). We do not access payment method details, bank accounts, or personal identity documents.

3. How We Use Your Data

  • Generate revenue leak reports for your review
  • Store scan history in your dashboard
  • Run automated scans on your chosen schedule
  • Send scan completion notifications (if enabled)
  • Improve our leak detection algorithms

4. Data Storage & Security

  • Database: Data is stored in Supabase (PostgreSQL) with Row Level Security — each user can only access their own data.
  • Encryption: API keys are encrypted at rest using AES-256-GCM. All data in transit is encrypted via TLS 1.3.
  • Hosting: The application is hosted on Vercel with automatic HTTPS and DDoS protection.
  • Access control: Only you can access your reports and settings. Our team does not access customer Stripe data.

5. Data Sharing

We do not sell, rent, or share your personal data or Stripe data with third parties, except:

  • Infrastructure providers: Vercel (hosting), Supabase (database) — under strict data processing agreements.
  • Legal requirements: If required by law, court order, or government request.

6. Data Retention & Deletion

  • Scan reports are retained as long as your account is active.
  • You can delete individual reports from your dashboard at any time.
  • You can delete your auto-scan configuration (including the encrypted API key) at any time.
  • To delete your entire account and all associated data, contact us at the email below.
  • Upon account deletion, all data is permanently removed within 30 days.

7. Cookies

We use essential cookies only — for authentication sessions and security. We do not use advertising cookies or third-party tracking cookies.

8. Your Rights

You have the right to:

  • Access your stored data
  • Export your scan reports
  • Delete your data and account
  • Withdraw consent for automated scans at any time

9. Changes

We may update this policy from time to time. Material changes will be communicated via email to registered users. Continued use of the service after changes constitutes acceptance.

10. Contact

For privacy-related questions or data deletion requests, contact us at revreclaim@gmail.com