Privacy Policy

Last updated: May 2026

What Kirn does with your data

Kirn connects to your Stripe account via a restricted API key you provide. We use that key to read your subscription and billing history, compute churn risk scores, and send you a weekly digest of your highest-risk accounts. We do not write to your Stripe account.

What we collect

We collect the following:

• Your email address (via Clerk authentication)
• The restricted Stripe API key you provide
• Churn scores and signals we compute from your Stripe data

From Stripe, we read only a strict allowlist of fields needed to compute churn risk scores:

• Subscription: status, creation date, cancel-at-period-end flag, current period start/end, plan/price ID, seat quantity
• Invoice: status, amount due, amount paid, payment attempt count
• Customer: ID (foreign key only), creation date
• Discounts and coupons applied at subscription creation

We never collect: customer name, email, address, phone number, card details, customer metadata, or invoice line item descriptions.

How we store it

Your Stripe API key is encrypted at rest. Your Stripe data is stored in our database and used solely to power your Kirn dashboard and weekly digest. We do not sell it, share it with third parties, or use it for any purpose other than providing the Kirn service.

We retain your data for as long as your account is active. If you cancel or your account is terminated, we delete all associated Stripe data, scores, and model artefacts within 30 days.

Third-party services

Kirn uses the following services to operate:

• Clerk — authentication
• Stripe — billing for your Kirn subscription
• Resend — delivery of your weekly digest email
• PostHog — product analytics (anonymized usage data)
• Sentry — error tracking (anonymized error reports)
• Railway / Vercel — hosting and infrastructure

Each service processes only the data necessary for its function. None of these services receive your subscribers' personal information.

Model training and prediction improvement

Kirn uses your Stripe data to build per-account statistical models that generate churn risk scores for your subscribers. Your raw subscriber data is never shared with other customers.

We may also use anonymized, aggregated patterns derived from data across accounts to improve prediction accuracy for all users. This cross-account learning uses only statistical signals — not raw data — and cannot be used to identify your business or your subscribers. You may opt out of contributing to this at any time by emailing hello@getkirn.com. Opting out does not affect your predictions.

Your data, your control

You can disconnect your Stripe account at any time from Settings. To delete your account and all associated data, email hello@getkirn.com and we'll remove everything within 30 days.

If you require a Data Processing Agreement for GDPR compliance, our standard DPA is available at getkirn.com/dpa and is accepted as part of your account terms.

GDPR (EEA and UK users)

If you are located in the European Economic Area or the United Kingdom, our lawful basis for processing your data is the performance of our contract with you (Art. 6(1)(b) GDPR). You have the right to access, correct, or delete your personal data, to restrict or object to processing, and to data portability. To exercise these rights, email hello@getkirn.com. You also have the right to lodge a complaint with your local supervisory authority.

California (CCPA)

California residents have the right to know what personal information we collect, to request deletion, and to opt out of the sale of personal information. We do not sell personal information. To make a request, email hello@getkirn.com.

Contact

Questions? hello@getkirn.com