Privacy Policy

Last updated: April 11, 2026

1. Introduction

SoftChurn is a product of Worldisthelimit (Business ID: FI3555278-8), a company registered in Finland ("Company", "we", "our", "us"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our failed payment recovery service. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

2. Information We Collect

2.1 Account Information

When you register for SoftChurn, we collect:

  • Email address and company name
  • Password (stored as a bcrypt hash — we never store plain-text passwords)
  • Billing information (processed and stored by Stripe — we do not store card numbers)

2.2 Stripe Connect Data

When you connect your Stripe account, we receive and store:

  • Stripe OAuth access token (encrypted at rest)
  • Stripe account ID and account name
  • Payment event data from your Stripe webhooks: invoice IDs, failure reason codes, amounts, and timestamps
  • Customer data from your Stripe account: customer IDs, names, and email addresses (used to send dunning emails)

2.3 Usage Data

We automatically collect:

  • Log data including IP addresses, browser type, pages visited, and timestamps
  • Activity logs of actions taken within the Service (logins, settings changes, etc.)
  • Email tracking data: whether dunning emails are opened or links are clicked (via 1×1 tracking pixels)

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process failed payment retries on your behalf via Stripe
  • Send dunning emails to your customers in your name
  • Send you transactional emails (account creation, trial expiry, billing notifications)
  • Analyze recovery performance and generate dashboard statistics
  • Detect and prevent fraud and abuse
  • Respond to your support requests
  • Comply with legal obligations

We do not sell your data or your customers' data to third parties. We do not use your data for advertising.

4. Data Processor Role

When SoftChurn processes personal data about your customers (names, email addresses) as part of delivering the Service, you are the data controller and Worldisthelimit (operating SoftChurn) is the data processor under GDPR and similar laws. As a Finnish company, we comply with the EU General Data Protection Regulation (GDPR) and the Finnish Data Protection Act. You are responsible for ensuring you have a lawful basis to share this data with us and that your customers are informed per your own privacy policy. Our Data Processing Agreement is available upon request.

5. Sharing Your Information

We share data only with:

Stripe

Payment processing and Stripe Connect integration. Stripe's privacy policy governs data shared with them.

Email service providers

To deliver transactional and dunning emails via SMTP. Email content may pass through our mail provider's servers.

Infrastructure providers

Hosting and database services. All providers are contractually obligated to protect your data.

Legal requirements

If required by law, court order, or to protect our rights or the rights of others.

6. Data Security

We implement industry-standard security measures including:

  • HTTPS/TLS encryption for all data in transit
  • bcrypt hashing for passwords
  • Encryption at rest for sensitive tokens (Stripe access tokens)
  • CSRF protection on all forms
  • SQL injection prevention via prepared statements
  • Session security with HTTPOnly and SameSite cookies

No method of transmission over the Internet is 100% secure. We cannot guarantee absolute security, but we take reasonable precautions to protect your data.

7. Data Retention

We retain your account data for as long as your account is active. Payment event logs and dunning email records are retained for 24 months to support analytics and dispute resolution. Activity logs are retained for 90 days. Upon account deletion, we delete your personal data within 30 days, except where required to retain it for legal purposes.

8. Cookies

We use only strictly necessary cookies:

  • Session cookie — maintains your login session (expires when browser closes or after 24 hours of inactivity)
  • CSRF token cookie — protects against cross-site request forgery attacks

We do not use analytics cookies, advertising cookies, or third-party tracking cookies.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Portability — receive your data in a machine-readable format
  • Objection — object to certain types of processing
  • Restriction — request we limit how we process your data

To exercise these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi) or your local data protection authority.

10. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice in the Service at least 14 days before the changes take effect. Your continued use of the Service after changes take effect constitutes your acceptance.

12. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

Worldisthelimit

Business ID: FI3555278-8

Finland

Email: [email protected]

Support: softchurn.com/contact/