AS   AvanSaber
Solutions Enterprise
EntAgent CraftAgent.AI Pi.TEAM SocialMan.AI UtilitiesLabs
Industries About Contact Get Started
App Privacy

ERPClaw for Stripe Privacy

Effective date: April 26, 2026

How our Stripe integration handles your data. Designed to process zero on our side.

Plain-language summary

ERPClaw for Stripe is a free, open-source connector. Your charges, customers, payouts, and financial data are pulled by your self-hosted ERPClaw directly from Stripe and never pass through our servers. We have no Worker, no relay, no cloud. The integration is direct and offline-capable.

Data controller
AvanSaber Inc., United States
Contact
[email protected]
Parent privacy policy
avansaber.com/privacy
Terms of service
avansaber.com/terms

1 What the App Does

ERPClaw is a self-hosted ERP. It runs on a server or computer that you control — not on our infrastructure. The Stripe integration is one of 48 modules; it lets your ERPClaw:

  • 1 Read your Stripe charges, refunds, disputes, payouts, customers, and subscriptions using your Stripe API key.
  • 2 Post the corresponding journal entries to your local general ledger.
  • 3 Reconcile your Stripe payouts to your bank deposits using a clearing-account pattern.
  • 4 Compute SaaS metrics (MRR, ARR, churn, retention) and ASC 606 revenue recognition from your subscription data.

Your Stripe charges, customer records, payouts, and financial data never pass through our servers. Unlike the Shopify integration, the Stripe connector has no AvanSaber-hosted Worker in the data path. Your ERPClaw talks to api.stripe.com directly using your Stripe API key, which is stored on your own machine.

2 Personal Data We Process

For the Stripe integration specifically, AvanSaber processes none of your Stripe data on our infrastructure. There is no Worker, no relay, no message queue. AvanSaber-hosted infrastructure that touches the Stripe integration is limited to:

Category Specific items Purpose
Marketplace listing metadata Listing copy, screenshots, support contact email at marketplace.stripe.com/apps/erpclaw-accounting. Maintained by AvanSaber on the Stripe Marketplace surface, not on our infrastructure.
Static documentation hosting Hosted at erpclaw.ai/docs/stripe; standard web logs (IP address of visitors, page paths) under our parent privacy policy. To serve install walkthroughs, architecture docs, and reference materials.
Support email If you email [email protected], we hold your email address and the contents of your message. To respond to your support request. Retained per parent privacy policy.

We do not process, store, or have visibility into: Stripe API keys, charge amounts, customer names or emails, payment card data (we never see card data; that is exclusively Stripe), payout amounts, dispute outcomes, subscription details, or any financial records. Those stay on your self-hosted ERPClaw instance and in Stripe's systems.

3 How We Use the Limited Data We Hold

  • Marketplace listing data is used for nothing beyond what the Stripe Marketplace UI displays. We do not extract or process it.
  • Documentation site logs are standard web access logs (IP, path, status, user agent). Used to diagnose page errors. Retained per our parent privacy policy.
  • Support email content is used solely to respond to your inquiry. We do not feed it to AI training, do not share it with third parties, do not analyse it for marketing.

We do not sell data. We do not share data with advertisers. We do not run analytics on your Stripe activity. We do not have your Stripe activity.

4 Retention

Data Retention
Marketplace listing copy Until we update or remove the listing.
Documentation site web logs 7-30 days (Cloudflare Pages defaults).
Support email correspondence Per the parent AvanSaber privacy policy.
Your Stripe data Held by Stripe (per Stripe's privacy policy) and by your self-hosted ERPClaw instance (per your retention choice). Not held by AvanSaber.

5 Stripe API Key Handling

Your Stripe API key (whether secret sk_ or restricted rk_) lives in your ERPClaw's encrypted credential vault on your machine.

  • The key is never transmitted to AvanSaber-hosted infrastructure.
  • The key is encrypted at rest in the local SQLite database using PBKDF2-HMAC-SHA256 (600,000 iterations).
  • You can rotate or revoke the key at any time from the Stripe Dashboard; ERPClaw will lose API access at that point and you re-add a fresh key.
  • We strongly recommend the restricted-key (rk_) variant with read-only scopes, which is what our docs describe.

If you suspect your key has been compromised, rotate it in the Stripe Dashboard immediately and update your ERPClaw via erpclaw stripe-update-account.

6 Sub-processors

Sub-processor Role Location
Stripe, Inc. Source of the data your ERPClaw reads. Stripe is the data processor for all your Stripe activity, not AvanSaber. Per Stripe privacy policy.
Cloudflare, Inc. Hosts our documentation site and processes web access logs (IP, path, status). No customer or financial data passes through Cloudflare for the Stripe integration. Global edge network; primary region: United States.

AvanSaber uses no other sub-processors for the Stripe integration. We do not use a database, email provider, analytics vendor, or CRM that touches your Stripe data, because we do not have your Stripe data.

7 Data Location

Your Stripe data lives in two places: Stripe's systems and your self-hosted ERPClaw instance. Cross-border transfer of your data is governed by Stripe's privacy policy and by your own choice of where to host ERPClaw.

AvanSaber-side, the only data is documentation site web logs (Cloudflare global edge) and any support correspondence (email server in the United States). Cloudflare is certified under the EU–US Data Privacy Framework and offers Standard Contractual Clauses.

8 Security

  • All traffic from your ERPClaw to Stripe uses TLS 1.2+ (Stripe enforces this).
  • Your Stripe API key is stored locally, encrypted with PBKDF2-HMAC-SHA256 at 600,000 iterations.
  • If you enable Stripe webhook delivery, your local ERPClaw verifies HMAC signatures on every inbound event using your webhook secret.
  • ERPClaw's source code is open under the MIT licence; you can read every line of how your Stripe key is handled at github.com/avansaber/erpclaw-addons.
  • We follow responsible-disclosure practices: security reports to [email protected] are acknowledged within 48 hours.

9 Your Rights

If you use the Stripe integration, you can at any time:

  • Revoke or rotate your Stripe API key from the Stripe Dashboard. ERPClaw immediately loses API access; no remote disable from us is needed because we never had access in the first place.
  • Delete the Stripe account from your ERPClaw via erpclaw stripe-delete-account. The local Stripe-related rows are removed from your SQLite database.
  • Export your ERPClaw Stripe data as CSV via erpclaw stripe-export-asc606 or any of the report actions.
  • Email [email protected] to request access, deletion, or rectification of any support correspondence we hold about you.

10 Changes to this Policy

Material changes will be announced on the marketplace listing and via the avansaber/erpclaw-addons GitHub repository. The current version is always available at https://www.avansaber.com/privacy-stripe. The parent AvanSaber Inc privacy policy at https://www.avansaber.com/privacy and terms of service at https://www.avansaber.com/terms apply to all AvanSaber products.

11 Contact

AvanSaber Inc.
Email: [email protected]
Security: [email protected]
Support: [email protected]

Ready to Transform Your Enterprise with AI & SAP Solutions?

Schedule a free consultation with our experts to discuss your specific business challenges and how our solutions can address them.

Schedule Consultation Explore Solutions