1. Definitions
- Controller: The merchant who subscribes to LostChurn and determines the purposes and means of processing their customers' personal data.
- Processor: LostChurn, LLC, which processes personal data on behalf of the Controller.
- Data Subjects: The Controller's customers whose failed payment data is processed through LostChurn.
- Personal Data: Any information relating to an identified or identifiable Data Subject.
- Processing: Any operation performed on Personal Data, including collection, storage, use, disclosure, and deletion.
2. Scope and Purpose of Processing
LostChurn processes personal data solely for the purpose of providing failed payment recovery services on behalf of the Controller, including:
- Classifying payment decline codes and determining recovery strategy
- Orchestrating payment retry attempts via the Controller's payment processor
- Sending dunning communications (email, SMS, WhatsApp) to Data Subjects
- Generating recovery analytics and reporting
- Personalizing communication content using AI
3. Categories of Personal Data Processed
- Customer identifiers (payment processor customer ID)
- Contact information (email address, phone number, name)
- Payment transaction data (amounts, currency, decline codes, subscription IDs)
- Card metadata (brand, last four digits, expiry month/year)
- Communication engagement data (delivery status, open/click events)
Full card numbers, CVVs, and sensitive authentication data are never processed by LostChurn. These are handled exclusively by the Controller's payment processor.
4. Categories of Data Subjects
Customers of the Controller who have experienced a failed payment transaction.
5. Processing Instructions
- LostChurn processes Personal Data only in accordance with the Controller's documented instructions.
- The Controller configures recovery campaigns, communication templates, and retry strategies through the LostChurn dashboard.
- LostChurn will not process Personal Data for any purpose independent of the Controller's instructions.
- LostChurn will promptly inform the Controller if it believes an instruction infringes applicable data protection law.
6. Sub-Processors
LostChurn uses the following sub-processors to deliver its services:
| Sub-Processor | Purpose | Data Categories | Location |
|---|---|---|---|
| SpacetimeDB (Clockwork Labs) | Database hosting | All service data | United States |
| Cloudflare, Inc. | Edge processing, CDN | Webhook payloads in transit | Global (US primary) |
| Stripe, Inc. | Payment retry execution | Payment tokens, amounts | United States |
| Braintree (PayPal) | Payment retry execution | Payment tokens, amounts | United States |
| Twilio, Inc. | Email, SMS, and WhatsApp delivery | Email address, phone number, name, amounts | United States |
| Google LLC (Gemini API) | Content personalization | First name, decline code, amount | United States |
| Clerk, Inc. | Merchant authentication | Merchant email only | United States |
- LostChurn will provide 30 days written notice before adding or replacing a sub-processor.
- The Controller may object to a new sub-processor within 15 days of notice.
- If the objection cannot be resolved, the Controller may terminate the agreement.
7. Security Measures
- All data encrypted in transit using TLS 1.3
- Dashboard access secured via Clerk authentication
- API keys and webhook secrets stored with encryption
- Rate limiting on all webhook ingestion endpoints
- SAQ-A compliant — no cardholder data stored or processed
- Access to production systems limited to authorized personnel
8. Data Subject Rights
- LostChurn will assist the Controller in responding to Data Subject requests (access, rectification, erasure, portability, restriction, objection) within 10 business days.
- The Controller remains the primary point of contact for Data Subjects.
- LostChurn will promptly notify the Controller of any Data Subject request received directly.
9. Data Breach Notification
LostChurn will notify the Controller without undue delay and in any event within 72 hours of becoming aware of a personal data breach.
Notification will include: the nature of the breach, categories and approximate number of Data Subjects affected, likely consequences, and measures taken or proposed to address the breach.
LostChurn will cooperate with the Controller in investigating and remediating the breach.
10. Data Return and Deletion
- Upon termination of the agreement, the Controller may request data export within 30 days.
- LostChurn will delete all Personal Data within 30 days after the export period, except where retention is required by applicable law.
- LostChurn will provide written certification of deletion upon request.
11. Audit Rights
- The Controller may request compliance documentation annually.
- On-site audits may be conducted with 30 days prior written notice, during business hours, at the Controller's expense.
- LostChurn will make available all information necessary to demonstrate compliance with data processing obligations.
12. International Data Transfers
All primary infrastructure is located in the United States.
Where Personal Data is transferred outside the European Economic Area, LostChurn ensures adequate safeguards through Standard Contractual Clauses (SCCs).
SCCs are available upon request from dpa@lostchurn.com.
13. Term and Termination
- This DPA is effective for the duration of the Controller's subscription to LostChurn.
- Obligations regarding confidentiality and data protection survive termination.
- Data return and deletion procedures (Section 10) apply upon termination.
14. Contact
For DPA inquiries, please contact us at dpa@lostchurn.com.
Our Data Protection Officer can be reached at dpo@lostchurn.com.
LostChurn, LLC — Oregon, United States