Legal

Privacy Policy

Effective date: May 14, 2026

Beamt, LLC ("Beamt," "we," "us," or "our") operates Recoupt and respects your privacy. This Privacy Policy explains what information we collect when you visit recoupt.io (the "Site") or interact with the Recoupt service, how we use it, and what choices you have. Please read it carefully.

By using the Site, you agree to the practices described in this policy. If you do not agree, please do not use the Site.

1. Information We Collect

Information you provide directly

We collect information you give us voluntarily, including:

  • Email address — when you sign up for Recoupt or otherwise create an account.
  • Stripe OAuth connection data — when you connect your Stripe account at sign-up, Stripe shares the access tokens and account metadata required to read failed-payment events. Recoupt never receives card numbers or other PCI data; all card processing stays inside Stripe.
  • Messages and inquiries — if you contact us at hello@beamt.io, we retain the content of your message and any contact details you include.

Information collected automatically

When you visit the Site, certain information is collected automatically by our hosting infrastructure, including:

  • Log data — IP address, browser type and version, operating system, referring URL, pages visited, and timestamps.
  • Device information — screen resolution, device type, and language preferences.

The Site uses Google Analytics 4 to measure aggregate visitor metrics — pages viewed, approximate geographic region, device type, referring source, and session duration. The Recoupt marketing site uses its own GA4 property so traffic stays isolated from other Beamt properties. Product-application disclosures for the Recoupt application are provided separately at sign-up.

Cookies

On marketing pages, Google Analytics sets first-party cookies (typically named _ga and _ga_<id>) used to distinguish unique visitors and sessions. These cookies do not contain directly identifying information.

We use Google Consent Mode v2 with the analytics signal defaulted to denied for visitors in the European Economic Area, United Kingdom, and Switzerland. This means no analytics cookies are set and no analytics data is sent to Google for visitors from those regions unless and until consent is granted. Visitors elsewhere are measured by default; you can opt out by using a browser content blocker that filters Google Analytics, or by emailing hello@beamt.io and we will exclude your IP from future measurement.

2. How We Use Your Information

We use the information we collect to:

  • Operate the Recoupt service: detect failed Stripe payments, run smart retries, and send branded dunning emails on your behalf to your customers.
  • Send you product updates, billing notices, and account-related emails.
  • Respond to your inquiries and provide customer support.
  • Monitor and improve the performance, reliability, and security of the Site and service.
  • Comply with applicable legal obligations.

We do not use your information for automated decision-making or profiling that produces legal or similarly significant effects on you.

3. Legal Bases for Processing (EEA/UK Visitors)

If you are located in the European Economic Area or the United Kingdom, our legal bases for processing your personal data are:

  • Contract — for processing necessary to deliver the Recoupt service you signed up for.
  • Consent — for sending marketing and product update emails. You may withdraw consent at any time (see Section 7).
  • Legitimate interests — for server log data used to maintain security and improve the Site, where those interests are not overridden by your data protection rights.
  • Legal obligation — where processing is required by applicable law.

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share information only in the following limited circumstances:

  • Service providers — we engage third-party vendors (e.g., Stripe for payment processing, email delivery, hosting, analytics) who process data on our behalf under confidentiality and data processing agreements. The current analytics provider is Google LLC (Google Analytics 4), which receives pseudonymous event data — including IP address (used for approximate geolocation and then discarded), user-agent string, page URL, and referrer — subject to Google's processing terms.
  • Legal requirements — we may disclose information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of Beamt, our users, or the public.
  • Business transfers — in connection with a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Site before your information is transferred and becomes subject to a different privacy policy.

5. Data Retention

We retain your account data for as long as your Recoupt account is active and for a reasonable period afterward (see §13 for the cancellation retention schedule), unless you request deletion earlier. Server log data is typically retained for up to 90 days. Google Analytics event-level data is retained for the period configured in our Google Analytics property and then automatically deleted by Google. Data you send via email is retained for as long as necessary to resolve your inquiry and for our legitimate business records.

6. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your information against unauthorized access, loss, or misuse. Card data is never stored by Recoupt — all PCI processing happens inside Stripe. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights and Choices

Email opt-out

You may unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any email we send or by contacting us at hello@beamt.io.

Access, correction, and deletion

You may request access to, correction of, or deletion of the personal information we hold about you by emailing hello@beamt.io. We will respond within 30 days. Some information may be retained as required by law or for legitimate business purposes.

California residents (CCPA/CPRA)

California residents have the right to know what personal information we collect and how it is used, to request deletion of their personal information, to opt out of the sale of personal information (we do not sell personal information), and to non-discrimination for exercising these rights. To exercise these rights, contact us at hello@beamt.io.

EEA/UK residents (GDPR/UK GDPR)

In addition to the rights above, EEA and UK residents have the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority. To exercise these rights, contact us at hello@beamt.io.

8. Children's Privacy

The Site is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have inadvertently collected such information, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us.

9. Third-Party Links

The Site contains links to third-party websites (e.g., Stripe, X/Twitter, GitLab, Beamt). This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party sites you visit.

10. Stripe Integration — Data Practices

When you connect Stripe to Recoupt, the integration follows these principles:

  • Recoupt receives only the failed-payment events and customer metadata required to run retries and send dunning emails. We never receive card numbers, CVCs, or other sensitive payment data.
  • All payment retries are executed via Stripe's API; Recoupt never charges cards directly.
  • Card-update links in dunning emails route customers to Stripe's hosted billing portal, where Stripe handles the card-update flow under Stripe's PCI-compliant infrastructure.
  • You can revoke Recoupt's Stripe access at any time from your Stripe Dashboard. No further reads or sends will occur after revocation.

11. Sub-processors

Recoupt uses the following sub-processors to operate the Service:

  • Stripe, Inc. — payment data access via Stripe Connect OAuth; retry attempts and customer payment-method updates flow through Stripe. Card data is never accessible to Recoupt.
  • Railway — application hosting and compute (US region).
  • Supabase — primary application database and authentication (Postgres, US region).
  • Upstash — managed Redis for job queues and rate limiting.
  • Resend — transactional email delivery for dunning emails sent from your branded domain.
  • GitLab Pages — marketing-site hosting only; no customer data.
  • Google — anonymized marketing-site analytics only (Google Analytics 4); no customer or recoupment data.

We will notify customers by email at least 30 days before adding a new sub-processor that has access to recoupment data. If you object to the new sub-processor, you may cancel your subscription before the new sub-processor goes live without penalty.

12. Security Incident Notification

If Recoupt becomes aware of a security incident affecting your account data, you will be notified by email at the address on file within 72 hours of confirmation. The notification will include: what data was affected, what we know about the cause, and what steps we are taking. This is in addition to any obligations under GDPR Article 33 or US state breach-notification laws.

13. Data Retention After Cancellation

After your subscription ends, your account record and recoupment history remain on Recoupt's systems in inactive form so you can reconnect Stripe later without losing setup. No new data is collected once Stripe is disconnected.

If you request deletion of your Recoupt account data by emailing support@beamt.io, your data is removed from Recoupt's active database within five business days. Backup copies are purged within an additional 35 days on Recoupt's standard backup rotation.

This retention schedule does not apply to data Recoupt is required to keep for tax, accounting, or legal compliance purposes, which is retained per applicable statute.

14. Compliance Posture

Recoupt operates on top of audited infrastructure:

  • Stripe Connect — PCI-DSS Level 1 (Stripe's attestation)
  • Supabase — SOC 2 Type II
  • Railway — SOC 2 Type II

Recoupt's own SOC 2 audit is on the roadmap for a future version; certification status will be updated on this page when obtained. Until then, Recoupt does not claim independent SOC 2 attestation.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective date" at the top of this page. Material changes will be communicated to registered users via email or a prominent notice on the Site. Your continued use of the Site after changes are posted constitutes your acceptance of the updated policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Beamt, LLC
hello@beamt.io