Privacy Policy

What we collect

When you connect your Stripe account, we retrieve subscription and payment data via Stripe's OAuth API with read-only access. We collect your email address for authentication and to send you revenue reports you explicitly request. We do not collect payment card data or store your Stripe secret keys.

How we use your data

• To scan your Stripe account for revenue leaks and generate reports
• To calculate MRR, churn, and recovery metrics shown in your dashboard
• To power the AI copilot with context from your revenue data
• To send you revenue digest emails (you can opt out at any time)

We do not sell your data. We do not share your data with third parties except as required to operate the service (Supabase for database, Vercel for hosting, Anthropic for AI processing).

Data security

Stripe access tokens are encrypted at rest using AES-256-GCM before being stored in our database. All data is transmitted over HTTPS. We use Supabase Row Level Security to ensure your data is only accessible to you.

Data retention

We retain your data for as long as your account is active. Free plan data is retained for 30 days of history. You can disconnect your Stripe account and delete all associated data at any time from your dashboard settings.

Your rights

You can request a copy of your data, ask us to delete your account, or disconnect Stripe at any time. To exercise these rights, email us at privacy@corvidet.com.

Cookies

We use session cookies managed by Supabase Auth for authentication only. We do not use advertising or tracking cookies.

Changes

We may update this policy from time to time. If we make material changes, we will notify you by email.

Contact

Questions about this policy? Email privacy@corvidet.com.