Privacy Policy

Last updated: December 13, 2025

This Privacy Policy explains how LowChurn ("LowChurn", "we", "us", "our") collects, uses, and shares information when you use our website and application (the "Services").

This Policy is written to be specific and practical. If you are a SaaS founder evaluating LowChurn, the sections on third-party integrations (e.g., Stripe) and the optional on-site script (event-based tracking) are the most relevant.

1. Key Definitions

  • Customer: the organization or individual who signs up for LowChurn.
  • End Users: your customers/users whose information may be processed through your use of the Services.
  • Customer Data: data you import, sync, send, or make available to LowChurn (including via third-party integrations or the optional script).

2. Information We Collect

A. Information You Provide

We collect information you provide directly to us, such as your name, email address, authentication details, settings you configure, and communications you send us.

B. Information Collected Automatically

When you access or use the Services, we (and our service providers) may automatically collect information such as IP address, device and browser type, pages viewed, referring/exit pages, timestamps, and diagnostic logs.

C. Third-Party Integrations (e.g., Stripe)

If you connect a third-party platform (such as Stripe), we access and retrieve information through that platform's APIs to provide analytics and insights.

Stripe access is controlled by the credentials/permissions you choose to provide. For example, we may request or instruct you to create a Stripe restricted key (typically starting with rk_) with limited read permissions. You can rotate or revoke access at any time in Stripe.

Depending on what you enable, Stripe data we process may include subscription records (e.g., subscription status, renewal dates, plan identifiers) and basic customer fields necessary to match subscriptions to customers (e.g., customer identifiers and email address).

D. Optional On-Site Script (Event-Based Tracking)

If you choose to install our optional JavaScript snippet on your website or product, it is designed to send only event data you explicitly configure.

  • What it can collect/send: event identifier (rule id), page URL, and a visitor identifier you set ("visitor id"). Optionally, you may send a payment identifier ("payment id") if you choose.
  • What it is not designed to collect: keystroke logging, session replay, or reading form input values.
  • Network metadata: like any web request, our servers may receive IP address and user-agent information when events are sent.

E. Cookies, Local Storage, and Analytics

We use cookies and similar technologies for authentication, security, and to help operate the Services. We may also use product analytics tooling (for example, PostHog) to understand how our website and application are used and to improve the Services. Analytics providers may set their own cookies or collect device identifiers consistent with their documentation.

3. How We Use Information

  • Provide, operate, maintain, and improve the Services
  • Generate analytics, dashboards, and churn-related insights based on Customer Data
  • Authenticate users, manage accounts, and secure sessions
  • Provide customer support and respond to requests
  • Monitor, prevent, and investigate fraud/abuse and security incidents
  • Send administrative, product, and service-related communications
  • Comply with legal obligations and enforce our terms

We do not sell personal information. We do not use Customer Data to train public models or to advertise unrelated third-party products.

4. Legal Bases (EEA/UK Users)

We process personal data under lawful bases including contract performance, legitimate interests (e.g., securing and improving the Service), consent (where required), and legal compliance.

5. How We Share Information

We do not sell your personal information. We may share data with:

  • Service providers who help us operate the Services (e.g., hosting, databases, analytics, email delivery)
  • Compliance, legal, or law enforcement authorities when required
  • Successors in a merger, acquisition, or asset sale

Third-party processors are bound by contractual obligations to protect your data.

If you connect a third-party integration (such as Stripe), your use of that integration is also subject to the third party's terms and privacy practices.

6. Data Retention

We retain information only as long as necessary for the purposes described in this Policy (for example, to provide the Services, comply with legal requirements, resolve disputes, and enforce our agreements). You may request deletion of your account and associated data at any time. Deletion may not immediately remove residual copies from backups.

7. Data Security

We use reasonable technical and organizational safeguards designed to protect information. These may include access controls, network security measures, and limiting access to credentials and Customer Data to personnel who need it to perform their job. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. International Transfers

Your information may be processed in jurisdictions other than your residence. Where required, we implement appropriate safeguards (e.g., Standard Contractual Clauses).

9. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, or request data portability. You may also withdraw consent where applicable.

You can also control certain data collection through your browser settings (cookies) and by choosing whether or not to install the optional on-site script.

10. Cookies & Tracking

We use strictly necessary, functional, and analytical cookies. Most browsers allow you to control or block cookies. Some features may be limited if disabled.

11. Controller / Processor Roles (B2B)

If you use LowChurn as a business, you are generally the controller of End User personal data and LowChurn acts as a processor on your behalf for Customer Data you provide to the Services. In that case, you are responsible for providing notices to End Users and obtaining any necessary consents for your use of the Services.

12. Third-Party Links

Our Services may link to third-party sites. We are not responsible for their privacy practices. Review their policies before providing data.

13. Children

The Services are not directed to individuals under 16. We do not knowingly collect data from children. If you believe a child provided information, contact us for removal.

14. Changes to This Policy

We may update this Privacy Policy periodically. Changes are effective when posted with an updated date. Continued use constitutes acceptance.

15. Contact

Please use our contact form for any inquiries.