Privacy Policy
Effective July 11, 2026
CancelKit ("CancelKit", "we", "us") is operated as an individual sole proprietorship based in Turkey. This policy explains what data we collect through cancelkit.site and the CancelKit dashboard and embeddable widget, and how we use it.
1. Data we collect
From you, as a CancelKit customer:
- Your account email address (used for login and billing).
- Your Stripe restricted API key, encrypted at rest with AES-256-GCM before it ever reaches our database. We never see or store your Stripe full-access secret key.
- Project configuration you create: allowed origins, save-offer settings, and exit-survey reasons.
From your end customers, via the CancelKit widget on your site:
- The cancellation session: chosen exit-survey reason, whether a save offer was shown and accepted, and the resulting recovered revenue amount.
- The Stripe customer identifier you pass to the widget (and their email, if you choose to pass it) — this is the same identifier already present in your own Stripe account.
2. How we use this data
We use this data solely to operate the service: rendering the exit survey and save offer, applying the discount or pause you configure through your connected Stripe account, and showing you the resulting recovered-revenue dashboard. We do not use your data for advertising, and we do not sell it to anyone.
3. Third parties we share data with
CancelKit is built on top of a small number of infrastructure providers, each of which processes data only as needed to run the service:
- Supabase — hosts our database and handles authentication.
- Vercel — hosts the application and widget.
- Lemon Squeezy — processes your subscription payment as our merchant of record (see our Terms of Service).
- Resend — delivers transactional emails (login links, account notifications).
- Stripe — your own Stripe account, which you connect directly. CancelKit never routes your customers' payment data through our servers; discount and pause actions are applied via the Stripe API using your restricted key.
4. Data retention
We retain your account and project data for as long as your account is active. If you delete your account or a project, the associated data is deleted from our production database. If you'd like a copy of your data or to request deletion outside of the dashboard, email us at efecaliskan3458@gmail.com.
5. Security
Your Stripe restricted key is encrypted at rest (AES-256-GCM) and only decrypted server-side, in memory, when a customer accepts a save offer. All data in the database is isolated per account with row-level security, and all traffic to and from CancelKit is encrypted in transit (HTTPS/TLS).
6. Cookies
We use a single first-party session cookie (set by Supabase Auth) to keep you logged in to the dashboard. We do not use advertising, analytics, or third-party tracking cookies.
7. Children's privacy
CancelKit is a business tool and is not directed at, or intended for use by, children under the age of 16.
8. Changes to this policy
If we make material changes to this policy, we'll update the effective date above and, where appropriate, notify you by email.
9. Contact
Questions about this policy or your data? Email efecaliskan3458@gmail.com.