Read-only, always
Every provider credential grants read access only. VerifiedMRR physically cannot move money, issue refunds, change prices, or edit your products.
Connecting a payment account is the most sensitive thing VerifiedMRR asks of you, so here is exactly what it can and cannot do — no marketing, just the mechanism. Every credential is read-only, encrypted before storage, and deletable in one click.
Every provider credential grants read access only. VerifiedMRR physically cannot move money, issue refunds, change prices, or edit your products.
Credentials are validated server-side and encrypted with AES-GCM before they are stored. They are never exposed back to the browser.
Disconnect a provider and its stored credential is deleted. Delete your workspace and VerifiedMRR-owned data goes with it.
Most analytics tools want broad access. VerifiedMRR wants almost nothing. You connect with a restricted, read-only credential — for Stripe that is a restricted key (rk_…), never your secret key — and it reads only what is needed to count money: balance transactions and basic account metadata.
Less access on our side is less risk on yours. A read-only credential cannot be used to move money, issue refunds, or change your settings, because the provider itself enforces the scope. Even in the worst case, there is no write access to abuse.
We store the normalized money events and aggregates that build your dashboard — net revenue, refunds, disputes, fees where available, trend — plus your encrypted credential and basic account metadata. That is it.
We do not store customer names, emails, or lists, and we do not store card or payment-method data. VerifiedMRR is not designed to receive that information from your providers in the first place.
You are never locked in. Disconnect a provider and its stored credential is deleted immediately. Delete your workspace from settings and VerifiedMRR-owned data — credentials, imported revenue, aggregates, and settings — is removed, subject to operational backups or records we must keep for legal and billing reasons.
You can also export project rows to CSV at any time, so your numbers are yours to take with you.
VerifiedMRR is a SimpleBytes project. For any security, privacy, or data-deletion question, email [email protected] — a real person answers.
No. You create a restricted or read-only credential in the provider's dashboard and paste that. For Stripe it is a restricted key (rk_…), never your secret key.
No. Every credential is read-only. It physically cannot move money, refund, change prices, or edit products — the provider enforces that scope, not just us.
Validated server-side and encrypted with AES-GCM before storage. They are never sent back to your browser, and disconnecting a provider deletes the stored credential.
No. We read balance transactions and account metadata only — no customer names, emails, lists, or card data.
Disconnect a provider to delete its credential, or delete your workspace to remove VerifiedMRR-owned data, subject to backups or records required for legal and billing reasons.
It is a SimpleBytes project. Security or privacy questions go to [email protected].
Explore the sample dashboard free — no credentials required — then connect a read-only key when you trust it.