Security & your data.
FlarePath Metrics connects via read-only OAuth to Stripe and Google Analytics. Tokens are encrypted at rest and never logged. We store computed metric snapshots, not your login credentials. Revoke anytime in Stripe, Google, or FlarePath Integrations.
Solo founders are right to hesitate before connecting billing or analytics data. Here is exactly what FlarePath Metrics does today.
Read-only Stripe access
We use Stripe Apps OAuth with read-only permissions on customers, subscriptions, invoices, and charges. We cannot modify accounts, process refunds, or move money.
Read-only Google Analytics access
We use Google OAuth with the analytics.readonly scope. We can read traffic, engagement, and retention metrics. We cannot modify your Google Analytics property or Google account settings.
Revoke access at Google Account → Third-party access, then disconnect in FlarePath Integrations.
Encrypted at rest
Your OAuth refresh token is encrypted in our database before storage. It is never written to application logs and is only decrypted inside our sync jobs to pull metrics.
What we protect you from
- Logging or exposing your credentials: never in application logs, support tickets, or error reports
- Selling or sharing your revenue data with third parties or advertisers
- Storing your Stripe login or dashboard session: OAuth grants read access only
- Modifying your Stripe account: read-only scopes; we cannot charge, refund, or change subscriptions
Uninstall FlarePath in Stripe Dashboard → Installed apps to revoke OAuth access. FlarePath removes your encrypted credentials and synced subscription data automatically when Stripe notifies us of the uninstall. You can also disconnect anytime from Integrations in FlarePath.
What we store
We keep computed metric snapshots (MRR, churn, retention, and similar aggregates), not a full copy of your Stripe customer export. You can disconnect anytime, which removes your connection and synced metrics from your account.
Optional AI summaries
When we enable AI summaries server-side, FlarePath may send derived weekly facts (metric headlines, pulse lines, and ranked focus items) to a third-party AI inference API to generate a short Summary paragraph. We never send OAuth tokens or full Stripe or Google Analytics exports for this purpose. Generated summaries are cached in our database for the week and are deleted when you delete your account. See our Privacy Policy for details.
Daily updates
Your guide and metrics refresh on a daily schedule so numbers stay current through the week. The weekly Monday email, and any important-updates email we send when something meaningful changes, use the latest snapshot after that sync.
Connect flow
When you connect Stripe, you approve read-only permissions once in Stripe:
Example
- Click Connect with Stripe on the FlarePath connect page
- Sign in to Stripe and approve the read-only install
- Open your Guide: ranked focus appears in under a minute
Roadmap
More integrations are on the way. See what we are planning to watch on the signals page.
Questions
Email support@deliberatelyworks.com for security disclosures or to report a concern.