Last updated: 5 April 2026 · Effective: 5 April 2026
By creating an account or using RetainLab, you agree to these Terms. If you do not agree, do not use the Service.
These Terms of Service ("Terms") govern your access to and use of RetainLab ("Service"), operated by RetainLab ("Provider", "we", "us") at retainlab.io. "Customer" or "you" means the legal entity or individual accepting these Terms. These Terms form a binding contract between you and Provider.
RetainLab is a B2B SaaS platform that helps subscription businesses reduce churn through cancel-flow customisation, dunning email automation, and retention analytics. The Service connects to your Stripe account via Third-Party Credentials to read and act on subscription data. Provider grants you a limited, non-exclusive, non-transferable, revocable licence to access the Service during your subscription term solely for your internal business purposes.
To use core Service features you must provide Stripe API credentials. By doing so, you represent and warrant that: (a) you are authorised to grant Provider access to the relevant third-party account; (b) you will use restricted, least-privilege API keys where the third-party service supports them; (c) you are solely responsible for rotating or revoking credentials if you suspect unauthorised access; and (d) you have complied with Stripe's own terms regarding third-party API access.
Provider shall: (i) store Third-Party Credentials using AES-256 encryption at rest; (ii) access third-party services only as necessary to provide the Service; (iii) not use credentials for any purpose outside this Agreement; and (iv) notify you promptly upon becoming aware of any unauthorised access to Third-Party Credentials. Provider shall not be liable for loss arising from your failure to use restricted keys, your failure to timely revoke compromised credentials, or unauthorised access attributable to your own systems.
Where the Service sends Customer Emails on your behalf, you acknowledge and agree that:
You agree not to: (a) process data you are not authorised to access; (b) reverse-engineer or decompile the Service; (c) send unsolicited commercial messages; (d) resell or sublicense access without written consent; (e) circumvent rate limits, security controls, or authentication; (f) introduce malicious code; or (g) use the Service in any manner that violates applicable law, including consumer protection laws governing your own subscription practices.
You are responsible for ensuring that cancel flows, retention offers, and subscription practices you implement using the Service comply with all applicable negative-option, click-to-cancel, and automatic-renewal laws (including the FTC Negative Option Rule, California ARL, and EU Consumer Rights Directive).
To the extent Provider processes Personal Data on your behalf in connection with the Service, the parties acknowledge that you act as Data Controller and Provider acts as Data Processor under GDPR Art. 28. Such processing is governed by our Data Processing Addendum ("DPA") available at legal@retainlab.io on request, which is incorporated into and forms part of these Terms. Your continued use of the Service constitutes acceptance of the DPA. You are responsible for ensuring you have a lawful basis to share Customer Data with Provider and have disclosed such sharing in your own privacy policy.
Provider and its licensors own all rights in the Service, including software, designs, and trademarks. You retain all rights to Customer Data. You grant Provider a limited licence to store, process, and use Customer Data solely to provide the Service. Provider claims no ownership over Customer Data and will not use it for any purpose outside this Agreement.
Each party shall keep confidential the other party's non-public business information disclosed in connection with this Agreement ("Confidential Information") and shall not disclose it to third parties or use it except as necessary to perform under this Agreement. This obligation does not apply to information that is publicly known, independently developed, or required to be disclosed by law (provided prompt notice is given where legally permitted).
Provider will use commercially reasonable efforts to maintain 99.5% monthly uptime for the dashboard and API, excluding Scheduled Maintenance and Force Majeure Events. In the event Provider fails to meet this commitment, your sole and exclusive remedy is a service credit of 5% of the monthly subscription fee per 1% of downtime below the commitment, up to a maximum of 100% of that month's fee. Credits do not apply where downtime results from: (a) your acts or omissions; (b) third-party service unavailability outside Provider's control, including Stripe API downtime; (c) Scheduled Maintenance communicated at least 48 hours in advance; or (d) Force Majeure Events. SERVICE CREDITS CONSTITUTE YOUR SOLE AND EXCLUSIVE REMEDY FOR ANY FAILURE TO MEET THE UPTIME COMMITMENT.
THE SERVICE IS PROVIDED "AS IS," "WITH ALL FAULTS," AND "AS AVAILABLE." TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, PROVIDER EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, DATA ACCURACY, NON-INFRINGEMENT, AND SYSTEM INTEGRATION. PROVIDER DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE, OR THAT ANY DEFECTS WILL BE CORRECTED.
TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW: (A) NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING WITHOUT LIMITATION LOSS OF REVENUE, PROFITS, DATA, BUSINESS, OR GOODWILL, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND REGARDLESS OF THE THEORY OF LIABILITY; AND (B) PROVIDER'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS SHALL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER TO PROVIDER IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
THE FOREGOING LIMITATIONS SHALL NOT APPLY TO: (I) EITHER PARTY'S INDEMNIFICATION OBLIGATIONS UNDER THESE TERMS; (II) EITHER PARTY'S LIABILITY FOR FRAUD, WILFUL MISCONDUCT, OR GROSS NEGLIGENCE (OPZET OF BEWUSTE ROEKELOOSHEID), WHICH CANNOT BE LIMITED UNDER DUTCH LAW; (III) CUSTOMER'S OBLIGATION TO PAY FEES; OR (IV) PROVIDER'S LIABILITY FOR UNAUTHORISED DISCLOSURE OF CUSTOMER'S CONFIDENTIAL INFORMATION.
The parties acknowledge this limitation forms an essential element of the basis of the bargain, without which Provider would not have entered this Agreement at the current pricing.
Customer indemnification. You shall defend, indemnify, and hold harmless Provider and its officers, directors, employees, and agents from all claims, damages, losses, fines, penalties, and costs (including reasonable legal fees) arising from: (a) your use of the Service in violation of these Terms or applicable law; (b) Customer Data, including claims that Customer Data infringes third-party rights or that you lacked authorisation to provide it; (c) your violation of Email Laws; (d) claims alleging that your cancel flows, retention offers, or subscription practices implemented using the Service violate any negative-option, click-to-cancel, automatic-renewal, or similar consumer protection laws, regardless of merit; and (e) your breach of obligations as Data Controller under GDPR, including regulatory fines imposed on Provider due to your unlawful instructions.
Provider indemnification. Provider shall defend, indemnify, and hold harmless Customer from third-party claims that the Service, as provided by Provider and used in accordance with these Terms, infringes any third-party patent, copyright, trademark, or trade secret, subject to the liability limitations in Section 14.
Neither party is liable for delays or failures in performance caused by a Force Majeure Event, including the unavailability of third-party services such as Stripe, Clerk, Supabase, or internet infrastructure providers. The affected party shall notify the other promptly and use commercially reasonable efforts to resume performance. If a Force Majeure Event continues for more than 30 days, either party may terminate the Agreement on written notice without further liability.
In accordance with Regulation (EU) 2023/2854 (EU Data Act): (a) you may request a complete export of Customer Data in a machine-readable, commonly used format at any time by emailing support@retainlab.io; Provider will make such export available within 30 days. (b) Upon termination for any reason, Provider will retain Customer Data for 90 days, during which you may request export. Customer Data will be deleted within 30 days after this retention period unless law requires otherwise. (c) Provider will not impose contractual, commercial, or technical barriers to switching service providers or porting Customer Data.
Either party may terminate for material breach upon 14 days' written notice if the breach is not remedied within that period. Provider may suspend or terminate your account immediately for: fraud, non-payment overdue by more than 30 days, violation of acceptable-use obligations, or legal requirements. Upon termination, your licence to use the Service ceases. Data export and deletion are governed by Section 17.
These Terms are governed by Dutch law (Burgerlijk Wetboek), excluding conflict-of-law rules. The parties submit to the exclusive jurisdiction of the competent courts of the Netherlands, without prejudice to mandatory consumer rights applicable in your country of residence under EU law. The UN Convention on Contracts for the International Sale of Goods (CISG) does not apply.
Questions about these Terms: legal@retainlab.io. General support: support@retainlab.io.