Legal
Privacy Policy
Last updated · May 21, 2026
Dunner (“we”, “us”) provides voice-native failed-payment recovery for SaaS businesses. This policy explains what data we collect, how we use it, and the choices you have. It applies to both merchants (businesses signing up for Dunner) and end-customers(the merchants' own customers who receive recovery calls).
1. Data we collect
From merchants
- Account information — email, name, and authentication data managed by Clerk.
- Stripe Connect account ID and onboarding status, used to deposit recovered funds and collect our success fee.
- Voice sample— a 60–120 second recording you make during onboarding. We pass this to ElevenLabs to generate a voice clone. The raw sample stays on ElevenLabs' infrastructure; we store only the resulting voice ID.
- Knowledge base content — the product information you author to train your recovery agent.
From end-customers (the merchant's customers)
- Stripe invoice metadata— name, email, phone, plan, amount due. We receive this via Stripe webhooks when a payment fails on the merchant's account.
- Call transcripts and recordings — produced by ElevenLabs after each recovery call. Stored for analytics, audit, and dispute resolution.
We do notrequest, store, or process card numbers, CVV, or full PAN data. Payment instruments stay inside Stripe's vault on the merchant's connected account.
2. How we use it
- To place outbound recovery calls on the merchant's behalf.
- To act on the merchant's Stripe account during a call (pause subscriptions, swap payment methods, apply coupons, etc.) — only with the agent's in-call confirmation.
- To compute and collect our success fee via
application_fee_amounton the connected PaymentIntent. - To send transactional emails — waitlist confirmations, access codes, invite emails.
- To improve product quality via aggregated, de-identified analytics.
We do not sell personal data, share it with advertisers, or use it to train third-party general-purpose models.
3. Sub-processors
Dunner relies on the following providers to deliver the service. Each is bound by their own DPA and certifications:
| Provider | Purpose |
|---|---|
| Stripe | Connect, payments, success fee |
| ElevenLabs | Voice cloning, conversational agent, call transcripts |
| Telnyx | SIP outbound telephony |
| Clerk | Authentication, session management |
| Railway | Backend hosting, Postgres, Redis |
| Resend | Transactional email delivery |
| Sentry, PostHog | Error tracking, product analytics |
4. Retention
- Merchant accounts and operational records — retained while the account is active and for 7 years after deletion (Stripe-aligned compliance window).
- Call transcripts and recordings — retained for 24 months from the call, then deleted unless the merchant requests a shorter retention.
- Waitlist signups not redeemed within 12 months are purged.
5. Your rights
Subject to your jurisdiction, you have the right to access, correct, export, or delete your personal data. To exercise any of these, email hello@dunner.xyz from the address associated with your account. We respond within 30 days.
6. Security
All traffic is TLS 1.2+. Stripe and ElevenLabs webhook payloads are signature-verified before any database write. Authentication tokens are JWTs verified statelessly. Per-merchant data isolation is enforced at every query — one merchant cannot read another's recoveries or customer data. Sensitive bearer tokens for agent callbacks are bcrypt-hashed at rest.
7. Changes
We'll update this page when our practices change and post the new effective date at the top. Material changes are also emailed to active merchants.
8. Contact
Privacy questions: hello@dunner.xyz.