SaveMyChurn
Log In Start Free

Privacy Policy

Last Updated: April 4, 2026

1. Introduction

SaveMyChurn ("Company," "we," "us," or "our") operates the website located at savemychurn.com (the "Site") and provides subscription churn recovery services (the "Services"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our Site and use our Services. By accessing or using the Services, you consent to the practices described herein. If you do not agree with the terms of this Privacy Policy, please discontinue use of the Site and Services immediately.

This Privacy Policy applies to the Company, SaveMyChurn Ltd, a company registered in the United Kingdom. References to "we," "us," or "our" refer to SaveMyChurn Ltd.

2. Information We Collect

2.1 Information You Provide Directly

When you register for an account or use our Services, we may collect the following categories of personal information:

  • Company name and business contact information
  • Name and email address of account owners or authorized representatives, where provided
  • Stripe restricted API keys (encrypted at rest using AES-256)
  • Billing email address or other billing contact details, where provided
  • Any additional information you voluntarily provide through correspondence

2.2 Information Collected Automatically

When you access our Site, we may automatically collect limited technical information needed to operate, secure, and improve the service, including:

  • Internet Protocol (IP) address
  • Browser type, version, and language preferences
  • Operating system and device identifiers
  • Pages viewed, access times, and referring URL
  • Cookies and similar tracking technologies (see Section 6)

2.3 Third-Party Data

Through the Stripe restricted API keys you provide, we access read-only subscriber data from your Stripe account, including customer names, email addresses, subscription statuses, invoice history, and charge records. We do not access, collect, or store payment card numbers, bank account details, or any other sensitive payment instrument data. Our access is limited exclusively to read-only permissions as configured by you in your Stripe dashboard.

3. Legal Basis for Processing (GDPR / UK GDPR)

Where we process personal data of individuals in the European Economic Area (EEA) or the United Kingdom, we rely on the following legal bases under the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the UK General Data Protection Regulation ("UK GDPR"):

  • Contractual Necessity: Processing is necessary for the performance of our contract with you to provide the Services (e.g., account management, Stripe data analysis, retention offer delivery)
  • Legitimate Interests: Processing is necessary for our legitimate business interests in improving and securing our Services, detecting fraud, and maintaining platform performance, balanced against your rights
  • Legal Obligation: Processing is necessary to comply with applicable laws, tax obligations, and regulatory requirements
  • Consent: Where required, we will obtain your explicit consent for processing activities not covered by the above bases, such as marketing communications beyond service-related updates

For the processing of your end subscribers' data (accessed via your Stripe account), the legal basis is your instruction and contractual necessity as the data controller of that subscriber data. We act as your data processor in relation to subscriber data accessed through Stripe.

4. How We Use Your Information

We use the information collected for the following purposes:

  • To provide, operate, and maintain the Services, including churn prediction, subscriber analysis, and automated retention offer delivery
  • To process account registration and manage your account
  • To communicate with you regarding your account, service updates, and support inquiries
  • To calculate and invoice performance-based fees owed under our Terms of Service
  • To improve, personalize, and optimize the Services and user experience
  • To detect, prevent, and address fraud, security vulnerabilities, and technical issues
  • To comply with applicable legal obligations and enforce our terms

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share information in the following limited circumstances:

  • Service Providers: We engage third-party vendors to assist in providing the Services, including cloud hosting (infrastructure providers), email delivery services, and payment processors. These vendors are contractually obligated to use your data solely for the purposes of providing services to us and are bound by appropriate confidentiality and data protection obligations.
  • Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction, subject to the same privacy protections described herein. We will notify you via email or a prominent Site notice of any change in data ownership.
  • With Your Consent: We may share information with third parties when you have given explicit consent to do so.

6. Data Security

We implement industry-standard technical and organizational measures designed to protect the confidentiality, integrity, and availability of your information. These measures include, but are not limited to:

  • AES-256 encryption of all API keys and sensitive credentials at rest
  • TLS 1.2+ encryption for all data in transit
  • Access controls and authentication mechanisms to restrict data access to authorized personnel
  • Regular security assessments and vulnerability monitoring
  • Continuous operational security controls and periodic internal reviews

We align operations to common SaaS security best practices and publish formal compliance attestations when available.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and any applicable supervisory authority within seventy-two (72) hours of becoming aware of such breach, as required by GDPR and UK GDPR.

Notwithstanding the foregoing, no method of electronic transmission or storage is 100% secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee absolute security.

7. Cookies and Tracking Technologies

We may use cookies and similar technologies that are reasonably necessary to keep the Site working, maintain sessions, and understand basic product usage. Where we use non-essential cookies, we will obtain your consent where required by applicable law. You may configure your browser to refuse cookies or alert you when cookies are being sent; however, certain features of the Site may not function properly without cookies.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Services. Upon account deletion or a valid deletion request, we will delete or de-identify your personal data within thirty (30) days, subject to the following retention periods:

  • Account data: Deleted within 30 days of account closure or deletion request
  • Subscriber data accessed via Stripe: Deleted within 30 days of account closure; we do not retain copies independently of your Stripe account
  • Billing and invoicing records: Retained for six (6) years as required by UK tax and accounting regulations
  • Security and fraud-prevention logs: Retained for up to twelve (12) months
  • Legal dispute records: Retained for the duration of the dispute plus six (6) years

After the applicable retention period expires, data will be securely deleted or anonymized.

9. Your Rights and Choices

Depending on your jurisdiction, you may have rights with respect to your personal information. We aim to honor valid requests that we can verify and fulfill under applicable law, including:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, subject to legal obligations (also known as the "right to be forgotten")
  • Portability: Request a copy of your personal data in a structured, commonly used, and machine-readable format
  • Objection: Object to the processing of your personal data based on legitimate interests, or object to processing for direct marketing purposes at any time
  • Restriction: Request that we restrict the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data
  • Revocation of API Access: You may revoke our access to your Stripe data at any time by deleting the restricted API key from your Stripe dashboard
  • Withdrawal of Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal

To exercise any of these rights, please contact us at support@savemychurn.com. We will acknowledge verified requests within ten (10) business days and respond in full within thirty (30) days, or within the timeframe required by applicable law. Where we are unable to fulfill a request, we will explain the reason.

If you are in the EEA or UK and are unsatisfied with our response to your request, you have the right to lodge a complaint with your local supervisory authority (such as the Information Commissioner's Office in the UK at ico.org.uk).

10. International Data Transfers

Your information may be transferred to, stored, and processed in jurisdictions other than your country of residence. Where we transfer personal data from the EEA or UK to a country that has not been deemed to provide an adequate level of data protection, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses adopted by the European Commission, or equivalent transfer mechanisms as required by GDPR and UK GDPR.

11. Data Processing Agreement

Where you are a data controller of subscriber data accessed through your Stripe account, and we process that data on your behalf, the Terms of Service together with this Privacy Policy constitute the data processing agreement ("DPA") between us as required by GDPR Article 28 and UK GDPR. Our processing is limited to the purposes described in this Privacy Policy and we do not process your data for any other purpose without your prior written authorization.

12. Children's Privacy

The Services are not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information promptly.

13. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Material modifications will be communicated via email to the address associated with your account or by posting a prominent notice on the Site at least thirty (30) days prior to the effective date of the change. Your continued use of the Services after the effective date of any modification constitutes acceptance of the revised Privacy Policy. If you do not agree with the modified Privacy Policy, you must discontinue use of the Services prior to the effective date.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

SaveMyChurn Ltd

Email: support@savemychurn.com

Website: savemychurn.com