Security & your data.
Solo founders are right to hesitate before pasting a Stripe key. Here is exactly what FlarePath Metrics does today.
Read-only Stripe access
We ask for a restricted API key with read-only permissions on customers, charges/invoices, and subscriptions. We cannot modify accounts, process refunds, or move money.
Encrypted at rest
Your key is encrypted in our database before storage. It is never written to application logs and is only decrypted inside our sync jobs to pull metrics.
What we store
We keep computed metric snapshots (MRR, churn, retention, and similar aggregates), not a full copy of your Stripe customer export. You can disconnect anytime, which removes your connection and synced metrics from your account.
Daily updates
Your guide and metrics refresh on a daily schedule so numbers stay current through the week. The Monday email uses the latest snapshot after that sync.
Connect flow
Roadmap
Automated bank linking for runway and burn is planned. This page updates when it ships.
Questions
Email sean@deliberatelyworks.com for security disclosures or to report a concern.