• Pricing
  • Sign in
  • Start for free

Products

Save more subscribers, recover more revenue.

  • Cancel flows

    Intercept cancellations with on-brand surveys, offers, and pauses, so more subscribers stay.

  • Recovery flows

    Automatically recover failed payments and win back revenue lost to declined cards.

    COMING SOON

Resources

Free calculators for the metrics that make or break a subscription business.

    Churn Rate Calculator

    See what churn costs you each month.

    Retention Rate Calculator

    Measure how many subscribers stay.

    Lifetime Value Calculator

    Find what each subscriber is worth over their lifetime.

    MRR Calculator

    Total up your recurring revenue.

    CAC Calculator

    Work out what you spend to win each new subscriber.

    LTV CAC Ratio Calculator

    Check if earnings per customer beat acquisition cost.

Last updated: June 11, 2026

Privacy Policy

1. Introduction and Scope

This Privacy Policy explains how Churn Technologies FZCO ("Churn", "Churn.io", "we", "us", or "our") collects, uses, shares, and protects personal data in connection with our churn-reduction software, our website at churn.io, our in-app widget and embed script (widget.js), our hosted cancel pages, our APIs, and all related services (collectively, the "Services").

This Policy applies to three groups of individuals:

  • Visitors — people who browse our website or interact with us before creating an account.
  • Merchants and account holders — the SaaS and subscription businesses that sign up for Churn.io, and the individual users (owners, administrators, members, and other team members) who access an account on a merchant's behalf.
  • End-subscribers — the customers of our merchants whose cancellation attempts pass through a Churn.io cancellation flow (an embedded widget or a hosted cancel page).

The way we handle personal data, and our legal role, differs depending on which group is involved. Section 2 explains those roles. Please read this Policy together with our Cookie Policy and our Terms of Service.

2. Who We Are and Our Role

Churn Technologies FZCO is a free-zone company registered in Dubai, United Arab Emirates. We provide cancellation-flow software that helps subscription businesses reduce churn by intercepting cancellations, surveying departing subscribers, and presenting save offers.

Our legal role under data-protection laws depends on the data in question:

  • We act as a controller for personal data relating to visitors to our website and to merchants and their account users — for example, account registration details, billing information for a merchant's own Churn.io subscription, support communications, and usage, log, device, and approximate-location data generated when someone uses the Services. For this data we decide why and how it is processed.
  • We act as a processor for the end-subscriber personal data that we handle when a merchant's cancellation flow runs. In this context the merchant is the controller — the merchant decides what flows to build, what data to collect, and what offers to make. We process that end-subscriber data only on the merchant's documented instructions and as described in our Terms of Service and any applicable data processing agreement. If you are an end-subscriber and have questions about how your data is used, you should usually contact the merchant whose service you were cancelling (see Section 11).

3. Categories of Personal Data We Collect and How We Collect Them

We collect the following categories of personal data.

3.1 Account and Profile Data (merchants/account holders)

When a merchant creates an account or a team member is added, we collect and store: name, email address, a hashed version of the password, company and business details (such as business name, website, and description), the user's role, language preference, and an optional avatar image. We collect this directly from the individuals who register, are invited to, or update an account.

3.2 Billing Data for the Merchant's Own Churn.io Subscription

Merchants pay for their Churn.io plan through Stripe. We do not store full payment card numbers. We store and receive from Stripe: a Stripe customer identifier, the card brand and the last four digits of the card, billing address, and invoice metadata (such as amounts, dates, invoice and subscription status, and links to hosted invoices and PDFs). Card details are entered into payment fields hosted by Stripe and handled by Stripe as a payment processor.

3.3 Connected Billing-Provider Credentials

To deliver the core Service, merchants connect their own billing platform (Stripe today; Chargebee, Recurly, Braintree, Adyen, and Mollie are planned) by OAuth so that Churn.io can read and modify the merchant's subscriptions on the merchant's instruction. We collect and store the resulting credentials (such as OAuth access and refresh tokens and a connected-account identifier). These credentials are stored encrypted at rest and are never returned through our user-facing interfaces.

3.4 Usage, Log, Device, and Approximate-Location Data

When you use the Services we automatically collect technical and usage data, including: IP address, approximate geographic location derived from IP address (GeoIP), browser and device characteristics, pages and features used, actions taken, dates and times of access, request and trace identifiers, and error and diagnostic data. This data is generated through your interaction with our website, application, and APIs.

3.5 Cookies and Similar Technologies

We and our service providers use cookies and similar technologies, including essential session and security cookies (such as the HttpOnly JWT access-token and refresh-token cookies that keep you signed in) and, where applicable, functional and analytics cookies. See Section 12 and our Cookie Policy for details.

3.6 Support Communications

When you contact us for support — including through our in-app support messenger (Intercom), by email at support@churn.io, or otherwise — we collect the content of your messages and any information you choose to provide, together with metadata about the communication.

3.7 End-Subscriber Data Captured by Cancellation Flows (processed on a merchant's behalf)

When an end-subscriber goes through a merchant's cancellation flow (widget or hosted cancel page), we process the following on the merchant's behalf and on the merchant's instructions:

  • the subscriber's email address;
  • the subscriber's plan and MRR / subscription value;
  • the subscriber's billing-provider subscription and customer identifiers;
  • the cancellation reason and survey answers the subscriber provides;
  • the save offer presented and whether it was accepted or declined (the offer outcome);
  • session events recording the subscriber's progress through the flow (such as steps shown, offers viewed, feedback submitted, and the final outcome — saved, cancelled, or dismissed); and
  • technical data associated with the session, such as IP address and approximate location.

For this category of data, the merchant is the controller and we are the processor (see Section 2).

4. How and Why We Use Personal Data

We use personal data for the following purposes:

  • To provide and operate the Services — create and maintain accounts, authenticate users, connect billing providers, build and run cancellation flows, apply accepted offers and execute cancellations through the merchant's billing provider, deliver webhooks, run A/B tests, and provide the analytics dashboard.
  • To process billing and payments — manage a merchant's Churn.io subscription, meter usage by churn volume, generate invoices, and handle plan changes, upgrades, downgrades, and cancellations.
  • To provide support and communicate — respond to enquiries, send service and transactional messages (such as email confirmations, password resets, billing and trial notifications, and team invitations), and operate our in-app support messenger.
  • To maintain security and integrity — authenticate sessions, enforce single-session login and token rotation, detect and prevent fraud and abuse, apply rate limiting, and monitor for and respond to errors and incidents.
  • To improve and develop the Services — understand how the Services are used, troubleshoot, and develop new features and improvements.
  • To comply with legal obligations — meet our legal, tax, accounting, and regulatory requirements and respond to lawful requests.
  • To process end-subscriber data — solely to deliver the cancellation-flow functionality to the relevant merchant, on that merchant's instructions, including showing surveys and offers, recording outcomes and analytics, and applying offers or cancellations through the merchant's billing provider.

5. Legal Bases Under GDPR

Where the EU or UK General Data Protection Regulation applies and we act as a controller, we rely on the following legal bases:

  • Performance of a contract — to provide the Services to merchants and account holders, manage accounts, and process subscription billing.
  • Legitimate interests — to secure, maintain, and improve the Services, prevent fraud and abuse, understand usage, and run our business, where those interests are not overridden by your rights and freedoms.
  • Consent — for certain cookies and similar technologies and for optional communications, where consent is required. You may withdraw consent at any time without affecting prior processing.
  • Legal obligation — to comply with applicable laws, including tax, accounting, and regulatory requirements.

Where we act as a processor for end-subscriber data, the relevant merchant (as controller) is responsible for establishing the legal basis for that processing.

6. How We Share and Disclose Data

We do not sell personal data. We share personal data in the following ways.

6.1 Sub-Processor and Service-Provider Categories

We engage third parties to help us provide the Services. They may process personal data only on our instructions and under appropriate confidentiality and data-protection obligations. These categories include:

CategoryPurpose
StripeProcessing the merchant's own Churn.io payments and providing OAuth-based access to a merchant's connected billing provider for reading and modifying subscriptions.
Cloud hosting / infrastructureHosting our application, databases, caching, and background-processing infrastructure.
Transactional email deliverySending account, security, billing, and team-related emails.
IntercomOperating our in-app support messenger and managing support conversations.
SentryError monitoring and diagnostics to detect and resolve issues.
Web / product analyticsUnderstanding website and product usage to maintain and improve the Services.

We may add or change sub-processors as our Services evolve; we maintain appropriate contractual safeguards with each.

6.2 Between Merchants and Their End-Subscribers

End-subscriber data captured by a cancellation flow is made available to the relevant merchant, who is the controller of that data. Merchants may also configure cancellation flows to deliver data to their own systems (for example, via webhooks to a destination they specify).

6.3 Legal and Safety Disclosures

We may disclose personal data where we believe in good faith that it is necessary to comply with applicable law, regulation, legal process, or a lawful governmental request; to enforce our Terms of Service; or to protect the rights, property, or safety of Churn.io, our users, or others, including to prevent fraud or security threats.

6.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our assets, personal data may be transferred as part of that transaction, subject to the protections described in this Policy.

7. International Data Transfers

We are based in the United Arab Emirates, and we and our service providers may process personal data in the UAE and in other countries that may have data-protection laws different from those in your country. Where we transfer personal data internationally — including from the European Economic Area, the United Kingdom, or Switzerland to countries that have not been recognized as providing an adequate level of protection — we put in place appropriate safeguards, such as the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Agreement or Addendum where applicable) or other lawful transfer mechanisms. You may contact us at support@churn.io for more information about the safeguards we use.

8. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this Policy, including to provide the Services, comply with our legal, tax, and accounting obligations, resolve disputes, and enforce our agreements.

  • Account and billing data is retained for the life of the account and for a period afterwards as required for legal and financial record-keeping.
  • Usage, log, and diagnostic data is retained for a limited period appropriate to security, troubleshooting, and analytics needs.
  • End-subscriber data processed on a merchant's behalf is retained in accordance with the merchant's instructions and our agreement with the merchant; the merchant, as controller, determines the applicable retention period. On termination of a merchant's account, we delete or return such data as required by our agreement, subject to any legal retention obligations.

We use a soft-delete approach for certain records, meaning data may be marked as deleted and removed from active use before being permanently erased in accordance with our retention practices.

9. Security

We implement technical and organizational measures designed to protect personal data, including:

  • Encryption of sensitive credentials at rest — connected billing-provider credentials (such as OAuth tokens) are stored encrypted.
  • Password hashing — account passwords are stored only as cryptographic hashes, never in plain text.
  • Access controls — role-based permissions, authentication, and authorization controls restrict access to data.
  • Session security — HttpOnly authentication cookies, single-session enforcement, token rotation, and rate limiting.
  • Secure transmission — encryption of data in transit.
  • Monitoring — error monitoring, logging, and traceability to detect and respond to issues.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.

10. Your Rights and Choices

Depending on where you live and the role we play with respect to your data, you may have some or all of the following rights.

10.1 GDPR Rights (EEA / UK)

If you are in the EEA or UK, you may have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate or incomplete data;
  • erase your data ("right to be forgotten");
  • restrict or object to certain processing, including processing based on legitimate interests;
  • data portability — receive your data in a structured, commonly used, machine-readable format;
  • withdraw consent where processing is based on consent; and
  • lodge a complaint with your local data-protection supervisory authority.

10.2 CCPA / CPRA Rights (California)

If you are a California resident, you may have the right to:

  • know the categories and specific pieces of personal information we collect, use, and disclose;
  • delete personal information we have collected, subject to exceptions;
  • correct inaccurate personal information;
  • opt out of the "sale" or "sharing" of personal information; and
  • non-discrimination for exercising your rights.

We do not sell personal information and do not "share" it for cross-context behavioral advertising in the manner defined by California law. If our practices change, we will provide a "Do Not Sell or Share My Personal Information" mechanism as required.

10.3 Exercising Your Rights

To exercise any of these rights, contact us at support@churn.io. We will respond within the timeframes required by applicable law. We may need to verify your identity before acting on a request. You may use an authorized agent where permitted by law. Account holders can also access and update much of their information directly within the Services.

11. How Merchants and End-Subscribers Exercise Rights

Merchants and account holders may exercise their rights with respect to the data for which we are the controller by contacting us as described above, or by using the account and profile controls within the Services.

End-subscribers: because we process end-subscriber data as a processor on the merchant's behalf, and the merchant is the controller, end-subscribers who wish to access, correct, delete, or otherwise exercise rights over their data should normally contact the merchant whose subscription they were cancelling. If an end-subscriber contacts us directly, we will, where appropriate, refer the request to the relevant merchant or assist that merchant in responding, consistent with our role as processor and our agreement with the merchant.

12. Children's Data

The Services are intended for businesses and are not directed to children. We do not knowingly collect personal data from children under the age of 16 (or the equivalent minimum age in the relevant jurisdiction). If you believe a child has provided us with personal data, please contact us at support@churn.io and we will take appropriate steps to delete it. Merchants are responsible for ensuring their cancellation flows are not directed to children in violation of applicable law.

13. Cookies and Similar Technologies

We use cookies and similar technologies for essential, functional, and analytics purposes, including authentication cookies that keep you signed in. Our widget.js embed script runs on merchants' own websites to deliver cancellation flows. For details on the cookies we use and how to manage your preferences, please see our Cookie Policy.

14. Third-Party Links

The Services and our communications may contain links to third-party websites, products, or services that we do not operate or control. This Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party sites or services you visit.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice (such as by email or an in-app notice). Your continued use of the Services after an update takes effect constitutes acceptance of the revised Policy.

16. How to Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, or wish to reach our data protection contact, please contact us:

Churn Technologies FZCO
Dubai, United Arab Emirates
Email: support@churn.io

Built for teams that want full control

Churn gives you full control to tailor offers around your product, pricing, and customer behavior.

Book a demo
Try for free

Average rating

See what merchants say about using Churn to decrease churn rates.

Find us on the
Stripe Marketplace
View our rating on
Trustpilot

Solutions

  • Cancel flows
  • Pricing
  • Get started

Company

  • About
  • Book a demo
  • Customer support
  • Sales support

Resources

  • Blog
  • FAQs
  • Help center
  • Contact

Free tools

  • Churn calculator
  • Retention rate calculator
  • Lifetime value calculator
  • MRR calculator
  • CAC Calculator
  • View all tools

Legal

  • Terms and conditions
  • Privacy policy
  • Cookie policy