Privacy Policy
Last updated: May 11, 2026
1. Overview
Stripe Fee Auditor ("we", "our", "the Service") is a tool that analyzes Stripe Balance CSV exports to help you understand your fee structure. We are committed to handling your data with care and transparency. The data controller for the personal data described in this policy is the operator of Stripe Fee Auditor. You can contact the operator at support@feeauditor.com.
2. Data We Collect
CSV file content
When you upload a Stripe Balance CSV, the file is transmitted to our server over an encrypted HTTPS connection, processed in memory to generate your analysis, and is not stored as a raw file on disk. Parsed values are used only to compute the report.
Analysis results
The computed analysis (fee totals, rates, anomalies, etc.) is stored in our database and linked to a random report ID plus a private access token you receive in the URL. Outside our promotional beta, unpaid free preview reports expire about 1 hour after creation. During beta, full-report links for real uploads may remain available for up to 30 days at no charge. If you complete a purchase, we extend access so your report remains available for up to 30 days from the time of payment. Stored results are derived from your CSV — not a full copy of the file — and we remove free-text transaction descriptions from stored report rows where they are not needed after analysis.
Email address
If you provide your email (for example at the report gate or checkout), we use it to reach you about your report (for example a link after payment). We do not send marketing email. We do not sell or share your email with third parties for their own marketing.
IP address
We log your IP address for rate limiting (to prevent abuse). Rate limit records are deleted after approximately 2 days.
Operational logs
Our hosting and infrastructure providers may process limited technical logs such as request timestamps, IP addresses, URLs, error traces, and user-agent data so the Service can run securely and reliably.
Analytics
We use Plausible Analytics (EU-hosted, privacy-focused, no cookies by default) to measure aggregate traffic. We do not use third-party cookie-based behavioural advertising.
3. How We Use Your Data
- To generate your fee analysis report
- To send transactional messages about your report (when email is provided and a mail provider is configured)
- To enforce rate limits and prevent abuse
- To operate payments and unlock paid features
- To understand aggregate traffic and improve the Service (via Plausible Analytics — see section 2)
We do not use your financial data for advertising, profiling, or any purpose beyond providing the Service.
4. Legal Bases
Where data protection law requires a legal basis, we rely on:
- Contract — to process your CSV, generate reports, unlock paid access, and send transactional report messages.
- Legitimate interests — to prevent abuse, secure the Service, debug errors, keep minimal operational logs, and measure aggregate website usage (Plausible).
- Legal obligations — where payment, tax, accounting, dispute, or consumer-protection records must be retained.
- Consent — where we specifically ask for it (for example optional marketing).
5. Third-Party Services
We use the following infrastructure and service providers (their own policies apply):
- Vercel — hosting and edge infrastructure (vercel.com/legal/privacy-policy)
- Neon — PostgreSQL for report metadata and analysis results (neon.com/privacy-policy)
- Polar — checkout, payment processing, receipts, and order-related records as our payment provider / merchant of record where applicable (polar.sh/legal/privacy)
- Resend — transactional email delivery when enabled (resend.com/legal/privacy-policy)
- Plausible Analytics — privacy-oriented, aggregate traffic metrics (plausible.io/privacy)
We only share with them what is needed to run the Service (for example payment receipts, report identifiers needed for checkout, or an email address you give us). These providers may process data in countries outside your own. Where required, we rely on their published transfer safeguards and data processing terms.
6. Data Retention
| Data | Retention |
|---|---|
| Raw CSV file | Not stored as a file; processed in memory for the request |
| Analysis result (unpaid, outside beta) | Expires about 1 hour after the report is created (may be briefly extended during checkout) |
| Analysis result (after successful payment) | Up to 30 days from payment, then deleted automatically |
| Analysis result (beta full access) | Up to 30 days from report creation while the beta flag is enabled |
| Checkout session link state | Short-lived server-side checkout state expires after about 24 hours |
| Payment webhook event IDs | Kept for up to 90 days to prevent duplicate payment processing |
| Email address | Kept only while the corresponding report row exists; deleted when the report expires |
| IP address (rate limit) | Deleted after about 2 days |
| Site analytics (Plausible) | Processed by Plausible under their retention policy; we do not receive raw CSV or report contents there |
7. Security
Data is transmitted over HTTPS. CSV content is processed on the server for analysis and is not written to a public bucket. Report access uses a secret token in addition to the report ID. We use rate limiting and other controls to reduce abuse.
8. Your Rights
You may request deletion of the stored analysis associated with your report by contacting us and providing your report ID (and any access details we need to verify your request). Rows are also removed automatically when they expire. We do not operate a user account system, so there is no separate "profile" beyond what is tied to an active report row.
Depending on where you live, you may also have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data, and to complain to a local data protection authority. We will not discriminate against you for exercising privacy rights that apply to you.
9. Automated Analysis
Reports are generated automatically from the CSV data you provide. The report is informational only and does not make legal, financial, credit, employment, or other similarly significant decisions about you.
10. Children
The Service is not directed at children. We do not knowingly collect data from children under 13, or under the higher age threshold that may apply in your country.
11. Changes
We may update this Privacy Policy. Material changes will be reflected in the "Last updated" date above. Continued use of the Service after changes constitutes acceptance where permitted by law.
12. Contact
For privacy-related questions or data requests, contact us at: support@feeauditor.com