Last updated: March 16, 2026
This Privacy Policy describes how Churn.io, Inc. collects, uses, and shares information about you when you use our subscription retention platform.
Churn.io, Inc. ("Churn.io", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use the Churn.io platform ("Service"). By using the Service, you agree to the practices described in this Policy.
We collect information you provide directly: account registration data (name, email, company name, billing address), payment information processed by Stripe (we do not store full card numbers), and information about your subscription tier and usage. We also collect data about your customers that flows through the widget when they interact with a cancellation flow, including subscription identifiers and user-level attributes you pass via the widget API.
When you use the Service, we automatically collect: server log data (IP address, browser type, referring URLs, pages viewed, timestamps), cookies and similar tracking technologies, device identifiers, and usage data such as feature interactions, click patterns, and session durations. This data is used to maintain security, improve the Service, and generate aggregate analytics.
We use the information we collect to: (a) provide, operate, and maintain the Service; (b) process transactions and send related notifications; (c) send administrative communications, such as security alerts and support messages; (d) respond to inquiries and provide customer support; (e) analyze usage patterns to improve the Service; (f) comply with legal obligations; (g) prevent fraudulent or illegal activity.
If you are located in the European Economic Area or United Kingdom, our legal bases for processing your personal data are: (a) performance of a contract — to provide the Service you have subscribed to; (b) legitimate interests — to improve our products, detect fraud, and communicate relevant updates; (c) legal obligations — to comply with applicable laws; (d) consent — where you have given explicit consent for specific processing activities such as marketing communications.
We do not sell your personal data. We share information with: (a) service providers who perform functions on our behalf (cloud hosting, payment processing, email delivery, analytics) under appropriate data processing agreements; (b) Stripe for payment processing; (c) professional advisors such as lawyers and accountants under confidentiality obligations; (d) law enforcement or regulators when required by law; (e) a successor entity in the event of a merger, acquisition, or sale of assets.
Data about your end-customers that you pass through the widget ("Customer Data") is processed on your behalf as a data processor. You are the data controller for that data and are responsible for ensuring you have appropriate legal bases and consents to share it with us. We process Customer Data only as necessary to provide the Service and do not use it for our own marketing purposes.
We use essential cookies to maintain your session and authentication state. We may use analytics cookies (with your consent where required) to understand how the Service is used. You can control cookies through your browser settings. Disabling essential cookies may affect your ability to use the Service.
We retain your account data for as long as your account is active or as needed to provide the Service. After account deletion, we retain data for up to 90 days to allow for recovery, then permanently delete it. We may retain aggregated, anonymized data for longer periods. Some data may be retained longer where required by law.
We implement industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest, access controls, regular security reviews, and SOC 2 Type II compliance. Despite these measures, no method of electronic transmission or storage is 100% secure. You are responsible for maintaining the security of your account credentials.
Depending on your location, you may have rights including: access to your personal data, correction of inaccurate data, deletion of your data, restriction or objection to processing, and data portability. EEA/UK users may also lodge a complaint with their local supervisory authority. California residents may exercise rights under the CCPA/CPRA. To exercise your rights, email privacy@churn.io.
Your data may be processed in countries other than where you reside, including the United States. When transferring data from the EEA or UK, we rely on Standard Contractual Clauses or other approved transfer mechanisms to ensure adequate protection.
The Service is not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us immediately at privacy@churn.io and we will delete it.
We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a notice on the Service before the changes become effective. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.
For privacy-related questions or to exercise your rights, contact our Data Protection contact at privacy@churn.io or by mail at Churn.io, Inc., 651 N Broad St, Suite 201, Middletown, DE 19709, USA. We aim to respond to all requests within 30 days.
Questions? privacy@churn.io
