Last updated: June 24, 2026

Privacy Policy

This Privacy Policy explains how ChargeKit ("ChargeKit", "we", "us", or "our") collects, uses, stores, and shares information when you use chargekit.dev, the ChargeKit dashboard, the ChargeKit SDK, and related APIs and services (together, the "Service").

ChargeKit helps software builders add login, Stripe Payment Link checkout, webhook-based access sync, signed access tokens, and credit balances to their own products. Because the Service sits between your application and your Stripe Payment Links, we process information about both dashboard users and the end users who interact with your ChargeKit-powered paywalls.

1. Our Role

For your ChargeKit account, dashboard, and billing relationship with us, we act as the controller of your account information. For information about end users of your application, you are usually the controller and we act as your service provider or processor, using that information only to provide the Service unless otherwise required by law.

You are responsible for giving your own users any privacy notices required for your application, including notice that ChargeKit, Stripe, Supabase, and email providers may process data as part of your paid access flow.

2. Information We Collect

Account and dashboard information

  • Email address, name, avatar, authentication metadata, and session information.
  • Support messages and other information you choose to send us.
  • ChargeKit subscription status, Stripe customer ID, selected plan, and billing status for your account with us.

Product and Stripe configuration

  • Product names, slugs, public SDK keys, allowed origins, active/inactive status, and timestamps.
  • Plan labels, prices for display, currencies, billing type, entitlement type, credit amounts, optional Stripe Price IDs, and Stripe Payment Link URLs.
  • Stripe webhook signing secrets that you provide so we can verify webhook events. We do not ask for or store your Stripe API keys, and we do not require Stripe Connect. A webhook signing secret cannot charge cards, issue refunds, or manage your Stripe account.

End-user access information

  • End-user email address, email verification status, login-link/session state, and access status.
  • Stripe customer ID, subscription ID, subscription item ID, subscription status, current period end, plan ID, trial start time, and verification timestamps when provided by Stripe webhooks.
  • Credit balance and credit ledger events when you use credit-pack features.
  • Signed access tokens and related token metadata used to verify access. We do not store payment card numbers.

Technical information

  • IP address, browser and device information, request metadata, pages viewed, API calls, timestamps, errors, and security logs.
  • Cookies or similar technologies needed for authentication, dashboard sessions, security, analytics, and service reliability.

3. How We Use Information

  • Create and secure your account.
  • Send dashboard login links and service emails.
  • Store your products, allowed origins, plans, Payment Links, and webhook settings.
  • Verify Stripe webhook signatures and update access, subscription, trial, and credit state.
  • Issue and verify signed access/session tokens.
  • Operate the dashboard, SDK APIs, demo, documentation, and support workflows.
  • Enforce plan limits, prevent abuse, debug errors, and protect the Service.
  • Process your ChargeKit subscription through Stripe.
  • Comply with legal obligations and enforce our Terms.

4. Third-Party Services

We use service providers to operate ChargeKit. They may process information only as needed to provide their services to us.

  • Stripe: processes payments, hosts Payment Link checkout, sends webhook events, and manages your ChargeKit subscription billing. Stripe handles card and payment details directly.
  • Supabase: provides authentication, database, and storage infrastructure for account, product, plan, access, and credit records.
  • Resend: sends transactional emails, including magic-link login emails.
  • Hosting and infrastructure providers: host the website, dashboard, APIs, logs, and related infrastructure.

We do not sell personal information.

5. Security

We use technical and organizational safeguards designed to protect information, including server-side storage for webhook signing secrets, origin checks, signed tokens, access controls, and encrypted transport. No internet service can be guaranteed to be perfectly secure. You are responsible for keeping your account, Stripe account, Payment Links, and integration code secure.

6. Data Retention

We keep information for as long as needed to provide the Service, maintain security, resolve disputes, comply with legal obligations, and enforce our agreements. You may request deletion of your account or certain data by contacting us. We may retain limited records where required for security, fraud prevention, accounting, legal compliance, backups, or legitimate business records.

7. International Transfers

We and our providers may process information in countries other than where you or your end users are located. Where required, we rely on appropriate safeguards such as data processing agreements, standard contractual clauses, and provider security controls.

8. Your Choices and Rights

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information. To make a request, contact us at contact@chargekit.dev. If you are an end user of an application that uses ChargeKit, contact that application owner first because they control your relationship with their product.

9. Children

The Service is intended for business users and developers who are at least 18 years old. We do not knowingly collect personal information directly from children. If your application is directed to children or requires parental consent, you must not use ChargeKit unless you can comply with all applicable laws.

10. Changes

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new "Last updated" date. Your continued use of the Service after an update means the updated policy applies.

11. Contact

Questions about this Privacy Policy can be sent to contact@chargekit.dev.