Security & Data Practices

A plain-language overview of where your data lives, what we store, what we never store, and who helps us run RecurStop. No jargon, no overclaiming.

Where your data lives

All application data is stored in a Postgres database managed by Supabase. Data is encrypted at rest, and every connection to recurstop.com and to the database is encrypted in transit with TLS. Access to the database from the application is scoped with row-level security policies, so each account can only read its own rows.

What we store — and what we never store

RecurStop only holds the subscription details you enter yourself: service names, prices, renewal dates, categories, and notes — plus your account email, optional name, and phone number if you enable WhatsApp reminders.

  • No bank credentials. We never ask you to connect a bank account and have no bank linking of any kind.
  • No card numbers. When you buy a paid plan, payment is handled entirely by Dodo Payments on their checkout — card details never touch our servers or database.
  • No data selling. Your data is used to run the product, not sold to anyone.

Team data ownership

  • Organization admins control the team workspace: members, roles, and team subscriptions.
  • Personal subscriptions stay personal — teammates and admins cannot see what you track in your individual account.
  • When a member is removed from a team, subscriptions they added for the team remain with the organization, so records and renewal alerts continue without gaps.

Authentication

Sign-in is handled by Supabase Auth. You can use email and password (passwords are stored only as secure hashes, never in plain text) or sign in with Google OAuth. Protected pages are enforced server-side, not just hidden in the browser.

Sub-processors

These are the services that help us run RecurStop and may process data on our behalf:

ServicePurpose
SupabaseDatabase (Postgres) and authentication
VercelApplication hosting and delivery
ResendTransactional and reminder emails
Dodo PaymentsPayment processing (merchant of record)
TwilioWhatsApp reminders and chat
PostHogProduct analytics

Data deletion

You can delete your account and its data from Settings inside the app, or email hello@recurstop.com and we'll process the deletion for you. See our Privacy Policy for full details on data handling.

Responsible disclosure

Found a security issue? Please report it to hello@recurstop.com with enough detail for us to reproduce it. We read every report and will respond as quickly as we can. Please give us reasonable time to fix an issue before sharing it publicly.