Privacy Policy

The privacy of your data — and it is your data, not ours — is a big deal to us. In this policy, we lay out what data we collect and why, how your data is handled, and your rights with respect to your data. We promise we never sell your data: never have, never will.

This policy applies to DunningBear, a Stripe App built and maintained by Forty Two Technologies, Inc. ("Company", "we", "our", or "us"), located at 2093 Philadelphia Pike #9998, Claymont, DE 19703. When we say "Services", we mean the DunningBear Stripe App and the dunningbear.com website. When we say "you" or "your", we mean the Stripe account owner who has installed DunningBear.

What we collect and why

Our guiding principle is to collect only what we need. DunningBear is a Stripe App, so our data footprint is intentionally small.

Account information

When you install DunningBear from the Stripe App Marketplace, we store your Stripe Account ID (to identify your account), your email address (so we can send weekly digest reports, if enabled), and your timezone. That's it. There is no separate username, password, or login — authentication is handled entirely by Stripe.

Cancellation data from your Stripe account

DunningBear reads cancellation data from your Stripe account using the permissions you grant at install time. This includes: subscription IDs, customer IDs, customer names or emails, cancellation feedback reasons, free-text cancellation comments, plan names, MRR amounts, and cancellation timestamps. This data is stored on our servers so we can compute aggregates and serve them to the app quickly.

We only request read-only access to your Stripe data. DunningBear never modifies, creates, or deletes anything in your Stripe account.

Billing information

DunningBear's own billing is handled entirely through Stripe. We do not collect or store your credit card details. Stripe processes your payment and we store only the Stripe Subscription ID associated with your DunningBear plan.

No cookies, no tracking

The DunningBear app runs inside the Stripe Dashboard as a sandboxed iframe. We do not set cookies, use analytics scripts, or track your browsing activity. The dunningbear.com marketing site does not use any third-party analytics or advertising scripts either.

Voluntary correspondence

When you email us with a question or support request, we keep that correspondence, including your email address, so we have a history to reference if you reach out again.

Third-party services

We use a small number of third-party services to operate DunningBear. You can view the full list on our Subprocessors page.

• Stripe — payment processing, app hosting, and authentication.
• Anthropic (Claude API) — AI analysis of free-text cancellation comments (Pro tier only). Individual comments are sent to the Claude API for theme extraction and sentiment analysis. Anthropic does not use this data to train their models.
• Hetzner — server infrastructure where the DunningBear backend and database are hosted, located in Europe.

We do not sell, share, or disclose your data to any other third parties for marketing or advertising purposes.

When we access or disclose your information

To provide the service you've requested. We access your cancellation data to compute the analytics and insights you see in the app. This is automated — no human looks at your data in the normal course of operations.

To help you troubleshoot. If you contact us with a support issue, we may need to look at your account data to diagnose the problem. We will only do so with your permission.

When required under applicable law. Forty Two Technologies, Inc. is a U.S. company with data infrastructure located in Europe. If compelled by a legally binding order, we may be required to disclose data. Our policy is to notify affected users before disclosure unless legally prohibited from doing so.

Your rights with respect to your information

We strive to apply the same data rights to all customers, regardless of location. These include:

• Right to Know. You have the right to know what personal information we collect, use, and share. This policy documents that.
• Right of Access. You can request a copy of the data we hold about your account.
• Right to Correction. You can request correction of your personal information.
• Right to Erasure. You can request deletion of your data. Uninstalling DunningBear from the Stripe Dashboard automatically deletes your account and all associated data from our systems.
• Right to Portability. You can request a copy of your data in a portable format.
• Right to Object. You have the right to object to how your personal information is processed.

To exercise any of these rights, please contact us at [email protected] or at Forty Two Technologies, Inc., 2093 Philadelphia Pike #9998, Claymont, DE 19703.

How we secure your data

All data is encrypted via SSL/TLS when transmitted between our servers, the Stripe Dashboard, and your browser. The database is stored on a dedicated server with encrypted backups. Access to the server is restricted and protected by SSH key authentication.

Data retention and deletion

We retain your data for as long as your DunningBear account is active. When you uninstall DunningBear from the Stripe Dashboard, we receive a deauthorization webhook from Stripe, and we delete your account and all associated cancellation data from our active systems. Backups containing your data will be purged within 30 days.

Changes and questions

We may update this policy as needed to comply with relevant regulations or reflect new practices. When we make significant changes, we will update the date at the top of this page.

Have questions or concerns about this privacy policy or your data? Please get in touch at [email protected] and we'll be happy to help.

---

Adapted from the 37signals open-source policies, licensed under CC BY 4.0.