Privacy Policy
Last updated: February 28, 2026
1. Who we are
MRRescue ("we", "us", "our") is a payment recovery service that helps SaaS businesses recover failed Stripe payments through automated email sequences.
2. Information we collect
We collect the following information when you use MRRescue:
- Account information — your email address when you sign up.
- Stripe data — via read-only OAuth, we access failed invoice data, customer emails, and subscription details from your connected Stripe account. We never access payment methods, bank details, or full card numbers.
- Usage data — pages visited, feature usage, and dashboard interactions to improve the product.
- Cookies — session cookies for authentication. We do not use analytics cookies. See our Cookie Policy for details.
3. How we use your information
- To detect failed payments and send recovery emails on your behalf.
- To display recovery analytics on your dashboard.
- To send you transactional emails (sign-in links, recovery alerts).
- To improve MRRescue and fix bugs.
- To process payments for your subscription via Stripe.
4. Data sharing
We do not sell your data. We share data only with:
- Stripe — payment processing and connected account access.
- Resend — transactional email delivery.
- Neon — database hosting (EU region).
- Vercel — application hosting.
5. Data retention
We retain your account data and failed payment records for as long as your account is active. If you delete your account or disconnect Stripe, we remove your data within 30 days. Recovery email logs are retained for 90 days for analytics purposes.
6. Your rights
GDPR rights (EEA residents):
- Right to access — request a copy of the data we hold about you.
- Right to rectification — correct inaccurate or incomplete data.
- Right to erasure — request deletion of your data.
- Right to restriction — ask us to limit processing of your data.
- Right to portability — receive your data in a machine-readable format.
- Right to object — object to processing based on legitimate interest.
- Right to complain — lodge a complaint with your local supervisory authority.
CCPA rights (California residents):
- Right to know — what personal information we collect and how it is used.
- Right to delete — request deletion of your personal information.
- Right to correct — correct inaccurate personal information.
- Right to opt out of sale — we do not sell or share your personal information.
- Right to non-discrimination — we will not discriminate for exercising your rights.
To exercise any of these rights, email us at support@mrrescue.pro.
7. Lawful basis for processing (GDPR)
If you are located in the EEA, we process your personal data under the following lawful bases (Art. 6 GDPR):
| Purpose | Lawful basis |
|---|---|
| Account creation and authentication | Contract (Art. 6(1)(b)) |
| Subscription billing via Stripe | Contract (Art. 6(1)(b)) |
| Sending recovery emails on your behalf | Contract (Art. 6(1)(b)) |
| Fraud alerts and dispute monitoring | Legitimate interest (Art. 6(1)(f)) |
| Service improvement and bug fixing | Legitimate interest (Art. 6(1)(f)) |
Data controller: MRRescue — contact support@mrrescue.pro.
8. International transfers
Our infrastructure is hosted in the United States (Vercel for application hosting, Neon for database hosting). If you are located in the EEA, your personal data is transferred to the US under EU Standard Contractual Clauses (SCCs), providing an equivalent level of data protection.
9. Security
We use industry-standard encryption (TLS) for all data in transit. Database access is restricted and encrypted at rest. We use Stripe's OAuth with read-only permissions and never store sensitive payment credentials.
10. Changes
We may update this policy from time to time. We will notify you of significant changes via email or a notice on our website.