Privacy
Revenue Leak Audit uses either uploaded Stripe CSVs or read-only Stripe App access, plus your submitted contact details, to produce a human-reviewed billing report.
Files are stored outside the public web path and are never stored in browser storage. Report links use unguessable tokens, and only a token hash is stored.
For Stripe App audits, the app stores an encrypted connected account ID. It does not store user secret keys, OAuth access tokens, refresh tokens, or raw Stripe API responses.
Findings are hidden until an admin approves the audit. Each audit gets a 30-day deletion date and is removed by the retention cleanup job.
Encryption at rest must be provided by the hosting database and private file storage. This v1 app does not implement app-layer encryption.
This is not accounting, tax, legal, or financial advice. Findings should be reviewed before action.