Built to be evaluated by skeptical engineers.

Chaser connects through Stripe's official OAuth. You see and approve the scopes on Stripe's own consent screen before granting anything, and you can revoke access from your Stripe dashboard at any time.

The 90-day Safe Mode audit reads your ledger and sends nothing. Live recovery uses the same scoped connection to run retries and invoice actions on your behalf.

Read-only correctly describes only the Safe Mode audit phase.

Before anything goes live, Chaser replays your last 90 days and shows what it would have recovered. Not a single customer email is sent until you approve. Safe Mode is locked on for the initial connection.

Chaser never sees or stores card details. Payment methods are handled by Stripe. Card fields are served and tokenized by Stripe, and Chaser only ever works with the resulting tokens.

Every workspace's data is isolated at the database level with row-level security. Access is scoped per workspace and enforced by the database, not just the application.

Inbound Stripe events are verified with HMAC-SHA256 signature checks and a timestamp freshness check before Chaser acts on them.

In-app recovery uses short-lived, workspace-pinned tokens with HMAC signing and timing-safe comparison.

The service enforces per-workspace and per-IP rate limits to protect against abuse and runaway requests.

Closed Outcomes is a read-only, exportable record of every payment that reached a terminal state: recovered, churned, or written off, with operator, timestamp, and reason. It reports losses, not just wins, and exports for your month-end close.

Anything unresolved for more than 48 hours escalates to the workspace owner, so nothing sits forgotten in a queue.

Encryption in transit and at rest on managed cloud infrastructure, hosted on SOC 2 Type II certified infrastructure.