Privacy Policy

Last updated: 11 June 2026

1. What Data We Collect

When you sign in with Google, we receive a limited set of profile information from Google (see Section 2). When you connect your Stripe account, we access:

On first connection, we run a one-time historical scan to identify failed invoices from the previous 90 days (up to 200 invoices) so the Service can begin recovering them. From that point on, we receive new failed-payment events from Stripe in real time via webhooks.

2. Google User Data

“Sign in with Google” is an optional way to create and access your RetryFi account. Signing in with Google is the only way RetryFi interacts with Google services, and we request only the minimum non-sensitive scopes needed to identify you: openid, email, and profile.

What we access. When you choose to sign in with Google, Google shares a limited set of your Google account profile information with us: your email address, your name, and your profile picture URL. We do not request or receive access to Gmail, Google Drive, Contacts, Calendar, or any other Google product or data.

How we use it. We use this information solely to authenticate you, create and secure your RetryFi account, identify you within the app, and send you account- and service-related communications. We do not use Google user data for advertising, and we do not use it to develop, improve, or train generalized or artificial intelligence / machine-learning models.

How we store it. Your name, email address, and profile picture URL are stored in our Supabase-hosted PostgreSQL database (described in Section 4) for as long as your account exists. We do not request offline access to your Google account and do not retain long-lived Google access or refresh tokens; your Google credentials are used only at the moment of sign-in to verify your identity.

How we share it. We never sell your Google user data and never share it with third parties for their own purposes. It is processed only by the infrastructure sub-processors listed in Section 7 that are necessary to operate the Service.

Deletion.You can revoke RetryFi's access at any time from your Google Account permissions page. When you delete your RetryFi account (see Section 6), the Google profile information we hold is permanently deleted.

RetryFi's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3. What We Do Not Access

We never access, view, or store credit card numbers, bank account details, or sensitive financial credentials. All payment method updates happen directly on Stripe's PCI-compliant infrastructure.

4. How We Store Data

Your Stripe OAuth access tokens are encrypted using AES-256-GCM encryption at rest. Application data is stored in a PostgreSQL database hosted by Supabase with row-level security policies ensuring data isolation between accounts.

5. Emails We Send

RetryFi sends dunning emails to your customers on your behalf when their payments fail. These emails contain your company branding and a link to a Stripe-hosted Billing Portal session. We use Resend as our email provider; Resend hands the email off to the recipient's mail server and records delivery, bounce, and complaint events.

We process bounce and complaint events to maintain a per-merchant email suppression list, ensuring we never re-send to addresses that have hard-bounced or marked our emails as spam. Every dunning email includes a one-click unsubscribe link (signed with an HMAC token) and the standard List-Unsubscribe headers required by major mailbox providers.

6. Data Retention and Deletion

Your data is retained as long as your Stripe account is connected to RetryFi. When you disconnect — either from the RetryFi Settings page or by revoking RetryFi's access from your Stripe dashboard — all associated data (failed payments, recovery actions, customer email addresses, account metadata) is permanently deleted from our database immediately. There is no soft-delete or archival period.

7. Third-Party Services

We use the following third-party services:

8. Website Analytics

We use Umami, a privacy-focused analytics service, to understand how visitors use our website. Umami runs in cookieless mode and does not store cookies or other identifiers in your browser. It collects aggregated, anonymized information including a hashed version of your IP address, browser type, operating system, referring page, and pages you visit on this site. This data is not used to personally identify you, build a cross-site profile, or sell to third parties.

We rely on legitimate interests as our lawful basis for this processing under UK GDPR. You can object at any time by emailing support@retryfi.com.

9. Operator

RetryFi is operated by Bubble Boy Productions Ltd, a company registered in England and Wales at 13 Mill Building, 49 Royal Crest Avenue, London, United Kingdom, E16 2ZZ.

10. Governing Law

This Privacy Policy is governed by the laws of England and Wales.

11. Contact

For privacy inquiries, contact us at support@retryfi.com.