Privacy Policy

Last updated: May 3, 2026

1. Introduction

RecurDash ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our subscription tracking service.

Our core principle: We never require access to your bank accounts or financial institutions. Your subscription data is entered manually and stays under your control.

2. Information We Collect

Account Information: When you create an account, we collect your name, email address, and password (stored securely using industry-standard hashing).

Subscription Data: The subscription details you manually enter, including service names, costs, billing cycles, and renewal dates.

Usage Data: Basic analytics about how you interact with RecurDash, such as pages visited and features used. We do not track you across other websites.

3. What We Do NOT Collect
  • Bank account credentials or access tokens
  • Credit card numbers (payments are processed by our merchant of record, Paddle)
  • Financial institution login information
  • Transaction history from your bank
4. How We Use Your Information
  • To provide and maintain the RecurDash service
  • To send you renewal reminders and notifications you've opted into
  • To improve our service based on aggregated, anonymised usage patterns
  • To communicate important service updates
5. Data Security

Your data is encrypted in transit using HTTPS and stored on encrypted disk volumes. Passwords are hashed using bcrypt. We regularly review and update our security practices to protect your information.

6. Data Sharing and Sub-Processors

We do not sell, trade, or rent your personal information. We share data only with the following service providers ("sub-processors") that help us operate RecurDash:

Sub-processor Purpose Data accessed Location
Paddle Merchant of Record — payment processing, fraud screening, tax remittance, invoicing Email, billing address, payment-method details, transaction history UK / US / EEA
PostHog Product analytics — understanding how the application is used Email, name, product events. Never receives subscription-cost data, payment details, or account contents. United States
Cloudflare Bot protection (Turnstile) and content delivery IP address, browser metadata for the duration of the challenge Global edge network
Hetzner Application hosting All data stored in our database European Union (Germany)
Transactional email provider Sending emails (renewal reminders, password resets, receipts) Email address, name, email content Provider-dependent

Each sub-processor is bound by a data processing agreement that requires it to protect your data to a standard at least equivalent to the GDPR. We never share your data with advertisers or data brokers.

PostHog detail: PostHog receives your email, name, and product events such as account creation, waitlist signup, and subscription added/removed. PostHog never receives your subscription cost data, payment details, or the contents of your account. You can request deletion of your PostHog data at any time by emailing us.

7. Legal Basis for Processing (GDPR)

If you are in the EU, EEA, or UK, we process your personal data on the following legal bases under GDPR Article 6:

  • Contract (Article 6(1)(b)) — to provide the service you signed up for, including subscription tracking, reminders, and account management.
  • Legitimate interest (Article 6(1)(f)) — for product analytics and security monitoring, balanced against your privacy interests.
  • Legal obligation (Article 6(1)(c)) — for tax, accounting, and fraud prevention obligations imposed on us or our payment processor.
  • Consent (Article 6(1)(a)) — for non-essential cookies and marketing communications, where applicable.
8. Data Retention & Deletion

You can delete your account and all associated data at any time from your account settings. When you delete your account, all your subscription data is permanently removed from our servers within 30 days.

9. Your Rights

You have the following rights regarding your personal data:

  • Access — request a copy of all data we hold about you
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your account and data
  • Portability — receive your data in CSV or JSON format
  • Objection — object to processing based on legitimate interest, including analytics
  • Restriction — limit how we process your data while a dispute is resolved
  • Withdraw consent — at any time, where processing is based on consent
  • Lodge a complaint — with your local supervisory authority (e.g., ICO in the UK, your national DPA in the EU)

Exercise any of these rights by emailing support@recurdash.com. We respond within 30 days.

10. International Data Transfers

RecurDash is operated from Pakistan, which has not been granted a GDPR adequacy decision by the European Commission. Where personal data of EU/EEA/UK residents is transferred to Pakistan or to sub-processors outside the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) as the transfer mechanism. Copies of the relevant SCCs are available on request to support@recurdash.com.

11. Cookies

We use essential cookies to keep you logged in and maintain your session, and analytics cookies (with your consent in the EU/UK) to understand how the service is used. For full details, see our Cookie Policy.

12. California Residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, to request deletion, to opt out of "sale" or "sharing" of personal information, and to non-discrimination for exercising these rights. We do not sell or share personal information for cross-context behavioural advertising. To exercise CCPA rights, email support@recurdash.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through a notice on our service.

14. Contact Us

If you have questions about this Privacy Policy, please contact us at support@recurdash.com. RecurDash is operated by Muhammad Mujahid Abbas, Sole Proprietor, registered with the Federal Board of Revenue of Pakistan and based in Lahore, Pakistan.