Privacy Policy
Last updated: June 2026
This page explains what data Karvox collects, how we use it, and the third-party services we rely on. If anything is unclear, email us.
Data we collect from you (the merchant)
- Account info: your email address (used as your login) and optionally your name.
- Company info you provide: your company name and logo URL, used to brand the recovery emails we send on your behalf.
- Stripe Connect account ID: stored so we can identify your account when Stripe sends us webhook events.
- Billing info: if you subscribe, Stripe stores your card. We never see card numbers. We do store your Stripe customer ID and subscription state.
- Optional integrations: a Slack incoming-webhook URL if you provide one.
Data we process about your customers
When Stripe notifies us of a failed subscription charge on your account, we receive and store:
- The customer’s email address and (if available) name.
- The failed amount, currency, failure reason, and invoice/subscription IDs.
- A record of the recovery emails we sent (subject, send time, status).
We never receive or store card numbers, expiration dates, or CVCs. That data stays entirely inside Stripe’s PCI-compliant environment.
How we use this data
- To send recovery emails to your customers, branded with your company name and logo.
- To show you a dashboard of failed payments and recovery outcomes.
- To bill you for your Karvox subscription via Stripe.
- To diagnose problems and improve the service.
We do not sell your data or your customers’ data, and we don’t use it to send marketing to anyone except you (and only about Karvox itself).
Third-party services we use
- Stripe — payment processing, Connect, webhook events. Card data never leaves Stripe.
- Resend — email delivery. They process recipient email addresses to send the message.
- Supabase — our PostgreSQL database, hosted in the EU region (Ireland).
- Vercel — application hosting.
- Google OAuth — optional sign-in method if you choose it.
Each of these services has its own privacy policy and is responsible for the data they handle. We only use them as processors.
Data retention
We keep account and failed-payment records as long as your account is active. If you delete your account, we remove your data within 30 days, except where we’re required to retain something for legal or tax reasons.
Your rights
You can ask to access, correct, export, or delete the data we hold about you by emailing us. Under GDPR (if you’re in the EU/EEA) you also have the right to object to processing or lodge a complaint with your data protection authority.
Cookies and tracking
We use a session cookie to keep you signed in. We don’t use third-party advertising trackers. If we add analytics in the future, it will be a privacy-respecting tool (e.g. Plausible) that doesn’t use cookies or track individuals.
Changes
If we update this policy materially we’ll email you. The “Last updated” date at the top reflects the most recent change.
Contact
Privacy questions or data requests: hi@karvox.app.