Privacy Policy

Last updated: April 3, 2026

1. Who we are

DunningHQ is a product of CultureIQ Labs Corp., a Canadian corporation located in Laval, Quebec, Canada. We provide AI-powered failed payment recovery for SaaS businesses.

2. What data we collect

  • Account information: your email address, company name, and password (hashed).
  • Stripe OAuth tokens: encrypted access and refresh tokens that allow us to interact with your Stripe account on your behalf.
  • Payment failure data: invoice IDs, decline codes, failure amounts, and customer email addresses from your Stripe account, used to execute payment retries and send recovery emails.
  • Usage data: recovery rates, retry outcomes, and dashboard interactions for service improvement.

3. How we use your data

  • To retry failed payments on your behalf via the Stripe API.
  • To send AI-personalized recovery emails to your customers whose payments have failed.
  • To display recovery metrics and ROI data on your dashboard.
  • To generate AI-powered insights about your payment failure patterns.
  • To communicate with you about your account and our service.

4. Data storage and security

Your data is stored in Supabase (PostgreSQL), hosted in Canada. All data is encrypted at rest using AES-256. Stripe OAuth tokens are additionally encrypted with AES-256-GCM before storage. All connections use TLS 1.2+.

5. Third-party services

We use the following third-party services:

  • Stripe — payment processing and Stripe Connect OAuth for account access.
  • Resend — transactional email delivery for recovery emails sent to your customers.
  • Anthropic (Claude) — AI-powered email personalization and payment failure analysis. We send decline codes and anonymized context to generate recovery email content. No personally identifiable customer information is sent to Anthropic.

6. We do not sell your data

We will never sell, rent, or trade your personal information or your customers' data to third parties. Your data is used solely to provide the DunningHQ service.

7. Compliance

DunningHQ is compliant with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Law 25 (Act respecting the protection of personal information in the private sector). We process data lawfully and transparently, and you may request access to, correction of, or deletion of your personal information at any time.

8. Data retention

We retain your data for as long as your account is active. When you delete your account, all associated data — including Stripe tokens, payment failure records, and email logs — is permanently deleted within 30 days. Anonymized, aggregated analytics may be retained for service improvement.

9. Your rights

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data and account.
  • Withdraw consent for data processing.
  • Disconnect your Stripe account at any time from the DunningHQ dashboard.

10. Contact us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at support@dunninghq.com.

CultureIQ Labs Corp.
Laval, Quebec, Canada