Privacy Policy

Introduction

Dunning Lite (“we”, “our”) operates the website dunninglite.com and the failed payment recovery service for Stripe. By using our service, you accept this Privacy Policy.

We comply with the General Data Protection Regulation (GDPR) of the European Union and apply its principles to all our users, regardless of their location.

Data we collect

We only collect data necessary to operate the service:

Account data

• Email address: When you sign up or join the waitlist. Used for authentication and service communications.
• Stripe connection (OAuth): When you authorize Dunning Lite to access your Stripe account via Stripe Connect. We obtain a limited access token to read failed payment events (invoices). We do not store card numbers or banking data.

Operational data

• Failed payment events: Data from failed invoices that Stripe notifies us about via webhook: end customer email, invoice amount, failure reason. This data is used exclusively to send recovery emails on your behalf.
• Product usage data: Aggregated usage metrics (pages visited, dashboard actions) to improve the service. We do not sell this data.

How we use your data

We use your data exclusively to:

• Provide and operate the automated payment recovery service.
• Send transactional emails on your behalf to your customers with failed payments.
• Send you notifications about your account status and service updates.
• Improve and develop new product features.
• Comply with legal obligations.

We do not sell, rent, or share your personal data with third parties for commercial purposes.

Third-party services

To operate the service, we use the following trusted providers:

• Supabase: Data storage and authentication. Data is hosted on servers within the EU. Privacy policy: supabase.com/privacy
• Stripe: Subscription payment processing and OAuth connection with your account. Privacy policy: stripe.com/privacy
• Resend: Email delivery (both recovery emails to your customers and notifications to you). Privacy policy: resend.com/legal/privacy-policy

Each of these providers has their own privacy policies. We only share the minimum data necessary for them to provide the service.

Cookies

We use first-party and third-party cookies for:

• Essential cookies: Required for the site to function (authentication session).
• Analytics cookies: Google Tag Manager to measure site traffic. Only loaded if you accept cookies.

You can manage your cookie preferences at any time through the cookie banner that appears on your first visit, or by configuring your browser to reject them. Rejecting analytics cookies does not affect the service functionality.

Your rights (GDPR)

If you are a resident of the European Economic Area, you have the following rights:

• Right of access: You can request a copy of the personal data we hold about you.
• Right of rectification: You can request that we correct inaccurate data.
• Right of erasure: You can request that we delete your personal data.
• Right to portability: You can request your data in a machine-readable format.
• Right to object: You can object to the processing of your data under certain circumstances.

How to exercise your rights

To exercise any of these rights, send us an email at support@dunninglite.com. We will respond within 30 days.

Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or disclosure. This includes encryption in transit (HTTPS/TLS), encryption at rest for sensitive data, and strict access control to our systems.

While we do everything possible to protect your data, no system is 100% secure. If we detect a security breach that affects your data, we will notify you within 72 hours as required by GDPR.

Contact

If you have questions about this privacy policy or how we handle your data, you can contact us at:

• Email: support@dunninglite.com
• Website: dunninglite.com

We may update this policy periodically. We will publish any changes on this page with the date of the last update.