Legal
Privacy Policy
Effective June 15, 2026
This Privacy Policy describes how Zrionix Technology, Inc.(“we”) collects, uses, and shares information in connection with Backstop(the “Service”). We're a B2B service: you're typically the operator (a SaaS company that uses Backstop to recover failed payments), and your end-customers' data flows through us as a processor on your behalf. Operator data we hold as a controller; end-customer data we hold as a processor, under the operator's instructions.
Our stance on data:we collect only what the recovery and cancel-flow product needs to do its job, we don't resell it, we don't train models on it, and we make the delete path self-serve so you can wipe everything in one click without emailing support. The right to be forgotten is not a process; it's a button.
1. Data we collect about you (the operator)
When you sign up, we collect your email address and password hash (or magic-link identity), your workspace name and slug, and any branding configuration you set. When you upgrade to a paid plan, our payment processor (Stripe) handles billing — we receive and store the resulting Stripe customer ID and subscription metadata, but never your card details.
2. Data we process on your behalf (your customers)
Through Stripe Connect OAuth, we receive webhooks for events on your connected Stripe account and mirror a subset of that data into our database to power recovery campaigns: customer email addresses and names; subscription status, amounts, and intervals; invoice IDs and amounts; payment-attempt outcomes; card brand, last 4 digits, and expiry month/year (for the card-expiry warning email). We never receive full PAN, CVV, or any card data that isn't tokenized through Stripe. The Stripe Connect scopes we request are the read_write scopes shown on Stripe's OAuth consent screen when you connect your account.
We also store data your customers generate when they interact with the Service: cancel- session reason codes and free-text feedback, cancel-flow outcomes (saved / canceled / abandoned), and email engagement events (sent / delivered / opened / clicked / bounced / complained) reported by our email providers. Free-text feedback is treated as your confidential operator data and never shared.
3. How we use the data
We use the data to:
- operate the Service — schedule retries, send dunning + reactivation emails, render hosted card-update and cancel pages, surface stats in your dashboard;
- detect abuse and protect the integrity of the Service;
- communicate with you about the Service (transactional emails, security advisories);
- comply with legal obligations.
We do not sell personal information. We do not use your customers' data to train machine-learning models. We do not share your data with third parties for their own marketing.
4. Subprocessors
We use the following subprocessors to operate the Service. Each is bound by data- protection terms appropriate to their role. We maintain DPAs with subprocessors that process personal data on our behalf:
- Supabase (Postgres database + auth) — hosts your account and the mirrored customer/subscription data;
- Stripe (payments) — processes our subscription billing and routes our connected-account API calls; stores card data on your behalf under PCI scope we never enter;
- Resend (transactional email) — delivers operator-side emails and the default tenant-facing dunning emails;
- Amazon SES (transactional email) — delivers dunning emails from workspaces that configure a custom send domain;
- Inngest (durable scheduling) — runs delayed retry, dunning, and reactivation jobs;
- Vercel (hosting + edge) — serves the application;
- Sentry (error monitoring) — captures application errors and performance traces. We do not send Stripe secrets, full card data, customer email bodies, or message contents to Sentry; PII scrubbing is enforced in our capture wrapper.
- xAI(AI assistant) — powers the optional in-app Assistant and the marketing-site Q&A bot. We send only your typed messages plus, for the in-app assistant, aggregate workspace metrics — never end-customer personal data, Stripe identifiers, or secrets. xAI's data-sharing / model-training program is disabled, so your prompts are not used to train models. Only invoked when you open the assistant.
We'll notify you by email or in-app at least 14 days before adding a material new subprocessor that processes operator or end-customer personal data, so paid-tier customers have time to object before the change takes effect.
4a. AI assistant
The Service includes an optional AI assistant inside the app, plus a public Q&A bot on our marketing site, both powered by xAI's Grok model. When you use the in-app assistant we send your typed messages and an aggregate, redacted snapshot of your workspace's setup and performance metrics (recovery rates, MRR, decline mix, and the like) — we do notsend end-customer personal data, individual customer records, Stripe identifiers, API keys, or secrets. The public marketing bot sends only your question and our product documentation. In both cases xAI's data-sharing / model-training program is disabled, so your prompts are not used to train models. The assistant is read-only by default; with your explicit, per-action approval it can also apply a small set of low-risk workspace settings (display currency, email branding, retry schedule, offer policies, notification preferences, reactivation settings), which it first proposes as a confirmation you review before anything changes. It never moves money, touches credentials or secrets, changes team roles or access, deletes data, reads individual customer records, or acts without your approval. It runs only when you open it; you can simply not use it.
5. Data location
Account data is stored in our Supabase project (US region by default). Email delivery and Stripe processing may transit other regions per those providers' standard architectures. If you require EU-only residency, contact us — it's available on request for paid tiers.
6. Retention
We retain operator account data for as long as your workspace is active, plus 30 days after you delete it (or longer where required by law, e.g., billing records for tax purposes). When you delete a workspace through the in-app Danger Zone, we cascade-delete downstream rows (recovery campaigns, dunning sends, customer mirror, cancel sessions, hosted tokens) immediately, retaining only the minimum forensic snapshot required for fraud / audit response. We retain mirrored customer data while your Stripe connection is active; when you disconnect Stripe via Danger Zone, in-flight campaigns are immediately marked abandoned and the connection record is cleared.
6a. Data Processing Agreement
For B2B customers who need a Data Processing Agreement (DPA) — including those subject to GDPR, UK GDPR, or CCPA-equivalent regimes — we offer our standard DPA on request. Email support@trybackstop.comwith subject “DPA request” and we'll send it for counter-signature.
7. Your rights
Depending on your location, you may have the right to access, correct, delete, or export the personal information we hold about you, and to object to or restrict certain processing. We've made the delete path self-serve: from Account → Danger zone, “Delete account permanently” removes your identity, profile, and every workspace where you're the sole owner — Stripe is disconnected, any active Backstop subscription is canceled, and every dependent row is cascade-deleted. There's no recovery period; we keep nothing once you ask us to forget you. For workspace-only deletion (keeping your auth identity), use Settings → Danger Zoneon that workspace. For any right we don't expose self-serve, email support@trybackstop.comwith subject “Data subject request” and we'll respond within 30 days.
If we process data about you on behalf of an operator (i.e., you are an end-customer of a SaaS that uses Backstop), please direct your request to that operator first; under GDPR Article 28 we're obligated to act on the operator's documented instructions, not directly on data-subject requests. If you can't reach the operator, contact us at the same address and we'll forward the request and confirm receipt to you.
California residents have rights under the CCPA, including the right to know what personal information we have collected and the right to deletion. EU/UK residents have rights under the GDPR/UK GDPR. We do not knowingly collect data from children under 13.
8. Security
See our Security page for details on how we protect data in transit, at rest, and operationally.
9. Cookies
We use a small number of strictly-necessary cookies for authentication and CSRF protection. We don't use third-party advertising cookies on the application or the marketing site.
10. Changes
We'll notify you by email or in-app banner of material changes to this policy at least 14 days before they take effect. The “Effective” date above reflects the most recent revision.
11. Contact
Zrionix Technology, Inc. is the controller of operator data and the processor of customer data (where applicable). Reach us at support@trybackstop.com.