Privacy Policy

We collect the following categories of personal data:

• Account data: email address, name, and authentication credentials provided when you sign up via Clerk.
• Payment data: billing information processed through Stripe. We do not store card numbers directly.
• Stripe API credentials: your Stripe Secret Key, stored encrypted with AES-256-GCM and never accessible in plaintext.
• Customer data: failed payment records received via Stripe webhooks, including customer emails and payment amounts from your Stripe account.
• Usage data: log data, IP addresses, browser type, pages visited, and feature interactions.
• Cookie data: as described in our Cookies section below.

We use your personal data for the following purposes:

• Providing and operating the RecoverKit service
• Processing payments and managing your subscription
• Sending automated dunning emails to your end customers on your behalf
• Improving the platform through anonymised usage analytics
• Sending service-related communications (transactional emails only)
• Complying with legal obligations

Legal basis (GDPR Art. 6): Contract performance (Art. 6(1)(b)) for service delivery; Legitimate interests (Art. 6(1)(f)) for analytics and security; Legal obligation (Art. 6(1)(c)) where required by law; Consent (Art. 6(1)(a)) for marketing cookies.

We share data with the following trusted processors:

All processors are bound by Data Processing Agreements (DPAs) in accordance with GDPR Article 28. Data may be transferred outside the EU where adequate safeguards (Standard Contractual Clauses) are in place.

We use the following categories of cookies:

• Essential cookies: Required for authentication, session management, and core functionality. Always active.
• Analytics cookies: Used to understand traffic patterns and improve the service. Activated only with your consent.
• Marketing cookies: Used to deliver relevant content and measure campaign performance. Activated only with your consent.

You can manage your cookie preferences at any time via the cookie banner displayed on your first visit. Your preferences are stored locally under the key recoverkit_cookie_consent.

As a data subject under GDPR, you have the following rights:

• Right of access (Art. 15): Request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): Request correction of inaccurate data.
• Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten").
• Right to portability (Art. 20): Request your data in a structured, machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at help@dviewb.com. We will respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority.

We retain your personal data for as long as your account is active or as needed to provide the service. Upon account deletion, personal data is deleted within 30 days, except where retention is required by law (e.g., financial records for 7 years under EU accounting regulations).

Failed payment records from your Stripe account are retained for the duration of your subscription and deleted upon account termination.

For any privacy-related enquiries, to exercise your rights, or to reach our Data Protection Officer, please contact: