How we handle your Stripe key and data
DunningCheck only needs read access to audit your failed-payment recovery path. It never moves money, never changes your Stripe settings, and never shares your customers’ data.
Use a restricted, read-only key
We ask for a Stripe restricted key with read-only scopes. You stay in control: you choose the scopes, and you can revoke the key at any time from your Stripe dashboard.
- Subscriptions — read
- Invoices — read
- Customers — read (for billing portal / recovery context)
- Billing Portal configuration — read
- Everything else — none
Encrypted at rest
When you subscribe, we store your restricted key so we can run your monthly checks. It is encrypted at rest with authenticated encryption (AES-256-GCM); the encryption key lives in our deployment secrets, not in the database. We decrypt it only at audit time to call Stripe, then discard the plaintext from memory.
What we never do
- No writes to Stripe — we never create charges, refunds, coupons, or settings changes.
- No exporting or reselling of your customers’ personal data.
- No sharing your key with third parties.
- No founder/personal-brand access — the product is operated as an anonymous service.
How to create a restricted key
- In Stripe, go to Developers → API keys → Create restricted key.
- Set Subscriptions, Invoices, Customers, and Billing Portal configuration to Read.
- Leave all other permissions as None.
- Create the key, copy the
rk_…value, and paste it during onboarding.
Revoking access & deleting data
You can revoke the restricted key in Stripe at any time, which immediately ends our access. Cancelling your subscription stops monitoring; on request we delete the stored encrypted key and your saved run history.
This page describes how the service is built to handle credentials. It is not legal advice; review against your own compliance requirements.