For your legal team

This page is the legal team’s map of the Recurr engagement: what contracts apply, what data flows, what survives termination, where IP sits, and how indemnification works. The detailed terms live in the MSA itself — this page is the navigable summary.

​

The contractual stack

Three documents govern a Recurr migration engagement:

​

Master Service Agreement (MSA)

The primary contract between Recurr Pty Ltd and the customer. Covers:

• Scope of services (Migration Program, platform fee period, lifecycle motions)
• Fee structure (pilot deposit, Migration Program fee, platform fee, performance pricing)
• Term + renewal mechanics
• Termination triggers + notice periods
• Confidentiality
• Indemnification framework
• Governing law + dispute resolution
• IP ownership

Standard MSA template is available on request during the Migration Review. Customer-specific MSA terms are negotiated during the pilot scoping phase.

​

Data Processing Addendum (DPA)

Attached to the MSA. Covers Recurr’s role as a data processor for subscriber PII, including:

• Categories of personal data processed
• Subprocessor list
• Cross-border transfer mechanics (Standard Contractual Clauses where applicable)
• Data subject rights handling
• Breach notification process
• Audit rights

The DPA is GDPR-aligned and CCPA-aligned by default. Customer-specific regulatory addenda (HIPAA, GLBA, etc.) are negotiated at contract time.

​

Stripe Connect Terms

The customer signs Stripe Connect’s terms directly — Recurr is not in this contractual path. This puts the customer in direct contractual relationship with Stripe as the payment rail; Recurr acts as a Stripe Connect platform.

​

Data handling + PII flow

​

What PII Recurr processes

• Subscriber email (raw + SHA256-hashed)
• Subscriber identifier from the app’s auth system
• Subscription state (plan, status, period)
• Payment metadata (no card details — those live with Stripe)
• Optional: attribution metadata if provided by the customer’s MMP

Recurr does not process card numbers, CVV, or any PCI scope data directly — Stripe handles all card-data processing under PCI DSS Level 1.

​

Where data lives

• Production data: US-East (AWS region us-east-1) today; multi-region scoped post-customer-5
• Backups: encrypted, cross-region for disaster recovery
• Logs: 90-day retention by default, configurable per customer

​

Retention policy

• Subscription state: retained for the duration of the engagement + 30 days post-termination for data-export purposes
• Webhook events: 90-day default retention; longer retention configurable
• Subscriber PII: deleted on customer instruction (right-to-be-forgotten requests routed through customer to Recurr)

​

Subprocessor list

Recurr’s subprocessors fall into two categories: Processors handling subscriber data (named in the DPA):

• Stripe — payment processing
• Supabase — managed Postgres + auth (subscriber records, subscription state)
• Vercel — hosting for customer-facing surfaces (branded checkout, billing portal, help center)
• Resend — transactional email delivery
• AWS — underlying infrastructure

Internal tooling (operational only, no subscriber PII by default):

• Sentry — error monitoring; subscriber identifiers excluded from logs
• PostHog — Recurr’s own product analytics for the tenant dashboard
• Google Workspace — internal operations

Customers receive 30-day advance notice of additions to the subscriber-data subprocessor list. Internal tooling changes are not subject to notification.

​

Termination + portability

​

Termination triggers

Either party may terminate for material breach with 30 days’ cure period. Standard MSA terms also include:

• Customer convenience termination at end of annual term with 60 days’ notice
• Recurr operational termination only for cause (non-payment, breach, regulatory)

​

What survives termination

Critically, the customer’s Stripe Connect account is in the customer’s name — not Recurr’s. Subscriptions live in the customer’s Stripe account directly. Recurr is the operational interface for managing them. If Recurr ceases to operate or the engagement terminates:

1. Subscriptions continue billing through Stripe uninterrupted — payment processing, billing schedule, and subscription state are native to your Stripe account, not Recurr’s infrastructure
2. Account control transitions to the customer via Stripe’s standard platform-disconnection process — direct for engagements on Stripe Standard Connect, mediated through Stripe support for embedded-dashboard engagements
3. The only thing affected is the operational interface (Recurr’s dashboard); the underlying billing rail is untouched

This is structural, not contractual. There is no migration-of-data step required to recover from a Recurr-disappearance scenario.

​

Data export on termination

On termination, Recurr exports:

• Full subscriber + subscription state (CSV + JSON)
• Historical webhook events (queryable via replay API for the retention window)
• Operator dashboard activity log

Export delivered within 30 days of termination. Customer retains export indefinitely.

​

Notice periods

​

IP ownership

Three buckets:

• Customer data (subscribers, subscriptions, events, customer-uploaded content) — customer property. Recurr has a license to process for service delivery; no other rights.
• Customer brand (logos, brand colors, brand voice, custom messaging) — customer property. Used on Recurr-hosted surfaces (checkout, portal, help center) under license for service delivery; license terminates on engagement termination.
• Recurr platform (software, infrastructure, methodology, documentation) — Recurr property. Customer has a service-delivery license; no rights to the underlying platform.

Aggregate/anonymized data — Recurr may use aggregated, anonymized data (e.g., industry benchmarks, methodology improvements) without naming customers. Customer-specific identifying details are never used in external materials without explicit consent.

​

Indemnification framework

Standard mutual indemnification with caps:

​

Recurr indemnifies the customer for

• Third-party claims arising from Recurr’s gross negligence or willful misconduct
• IP infringement claims relating to the Recurr platform (excluding customer-supplied content)
• Data breaches caused by Recurr’s failure to maintain its security posture per the DPA

​

Customer indemnifies Recurr for

• Third-party claims arising from customer-supplied content (subscriber data, brand assets, custom messaging)
• Customer’s misuse of the platform
• Customer’s regulatory non-compliance for matters outside Recurr’s scope

​

Caps + carve-outs

• Standard cap: fees paid in the prior 12 months
• Uncapped carve-outs: data breach (Recurr’s caused), gross negligence, willful misconduct, IP infringement

Specific caps and carve-outs are negotiable at MSA execution.

​

Jurisdictional notes

​

Recurr entity

Recurr Pty Ltd — Australian Pty Ltd company. ABN: 31 693 957 809. Registered office: Australia. Banking + invoicing details on the engagement-specific invoice.

​

Governing law

Default: customer’s preferred jurisdiction. Most engagements settle on Delaware (US customers), England + Wales (UK customers), or New South Wales (AU customers).

​

Insurance posture

Recurr maintains commercial cyber + tech E&O insurance scaled to ICP band:

• Pre-customer #1: $2M/$2M aggregate (Cyber + Tech E&O combined)
• Band 2 customers: $5M/$5M
• Band 3 customers: $10M Cyber +$5M Tech E&O + Crime coverage

Customer named as additional insured on request. Certificate of insurance available during contract negotiation.

​

Cross-references

• Compliance posture → — GDPR, CCPA, SOC 2 status
• Data handling → — full PII flow + retention detail
• Portability + reversibility → — exit mechanics
• Risk register → — what could go wrong, including legal-adjacent
• Procurement → — vendor risk + insurance + entity info