Churnless
Security & trust

Built to be trusted with your revenue data.

Churnless connects to your billing system and your customers’ history. We treat that access with the seriousness it deserves — here’s exactly how.

Encrypted end to end

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Customer billing secrets are encrypted with per-tenant keys.

Least-privilege Stripe access

Connect with a restricted Stripe key. Churnless only requests the read scopes needed to detect risk and the limited write scopes needed for save actions you enable.

SOC 2–ready controls

Built from day one around SOC 2 control families — access management, change control, monitoring, and incident response.

Scoped, audited access

Role-based access, tenant isolation, and audit logging mean every action is attributable and every customer's data stays their own.

Resilient infrastructure

Hosted on SOC 2 / ISO 27001 cloud infrastructure with automated backups, encryption, and continuous security monitoring.

Your data, your call

Export or delete your data at any time. We process on your behalf under a DPA and never sell or train public models on it.

SOC 2–ready·GDPR·AES-256 at rest·TLS 1.2+·DPA available·Restricted Stripe

Security questions, answered.

Where is my data stored?

In encrypted, access-controlled cloud infrastructure in the US (with EU residency available on Enterprise). Postgres holds your entities; analytics events stream to a dedicated, isolated store.

What Stripe permissions do you need?

A restricted key with read access to customers, subscriptions, and invoices, plus the specific write scopes required for payment recovery you enable. You can revoke it from Stripe at any time.

Who on my team can see customer data?

Only the members you invite, scoped by role. Churnless staff access is restricted, logged, and used only for support you request.

Do you use my data to train AI models?

No. Your customer data is never used to train shared or public models. AI runs per-tenant on your own data to make retention decisions for your accounts only.

Can I get a DPA or security review?

Yes. We'll sign a DPA and walk security and procurement teams through our controls. Reach out and we'll get you what you need.

Secure by design. Saving revenue by default.

Start with a restricted Stripe key and a 14-day trial. Bring your security team — we’ll walk them through it.

See customer results →