Privacy Policy

Last updated: May 1, 2026

Who we are

CancelGuard is a sole proprietorship operated by the owner from New York, NY. CancelGuard provides a drop-in widget that helps SaaS companies retain subscribers when they attempt to cancel. You can reach us at hello@getcancelguard.com.

What we collect

From you (our customer):

  • Email address and password hash (handled by Supabase Auth).
  • Your Stripe account ID via Stripe Connect OAuth, so we can perform pause and discount actions on your behalf.
  • Your subscription plan and billing status.
  • Site configuration (display preferences, secret keys).

From your subscribers (end-users of your app):

  • Their Stripe subscription ID and customer ID, only when they interact with the cancel widget.
  • Cancellation reason and free-text feedback they choose to submit.
  • The outcome of their flow (saved, surveyed, or cancelled) and the estimated revenue saved.

We do not collect names, addresses, payment card details, IP addresses, browser fingerprints, or behavioral analytics from your subscribers.

From visitors to our Free Revenue Scan (optional):

  • The Stripe restricted API key you paste is processed in memory to compute your scan and is never stored or logged.
  • If you choose to enter your email in the optional follow-up field, we store that email plus a single boolean indicating whether your scan found a leak. We do not store the dollar amounts, cancellation counts, or any other details from your scan.

How we use it

  • To run the widget and execute pause/discount actions.
  • To bill you for your CancelGuard subscription via Stripe.
  • To show you analytics on your CancelGuard dashboard.
  • To send you essential service emails (billing receipts, security notices, account changes). We do not send marketing emails without consent.
  • If you opted in via the Free Revenue Scan, to send you follow-up emails about CancelGuard and reducing cancellations. You can unsubscribe by emailing us at any time.

Subprocessors we share data with

  • Stripe: payments and Stripe Connect actions.
  • Supabase: authentication and database hosting.
  • Vercel: application and edge hosting.

We do not sell your data and we do not share it with advertising networks.

Data retention

We retain customer accounts and save event records for as long as your CancelGuard account is active, plus 90 days after cancellation for billing reconciliation and dispute resolution. After that we delete or anonymize the data unless a legal obligation requires otherwise.

Scan opt-in emails are retained until you ask us to remove them or for 24 months from the scan date, whichever comes first.

Your rights

You can request access to, correction of, or deletion of your personal data at any time by emailing hello@getcancelguard.com. If you are located in the EU, UK, or California you have additional rights under GDPR, UK GDPR, and CCPA respectively, including the right to lodge a complaint with a supervisory authority.

Cookies

CancelGuard itself uses only essential cookies (authentication and CSRF protection). The CancelGuard widget that runs on your site does not set tracking cookies on your subscribers.

Changes

We may update this policy as the service evolves. Material changes will be announced by email to active customers at least 14 days before they take effect.