Features

Picks due recovery steps and executes them every hour. No delay beyond one hour from any scheduled step.

Checks dispute deadlines, fires reminders, auto-submits evidence, cleans up closed disputes.

Executes win-back email steps on schedule. Intelligence-prioritized accounts send at 1 hour; others at 4 hours.

Finds every card expiring within 30 days each morning and emails the customer with a Stripe Billing Portal link.

Computes health scores and recommended actions for every customer nightly.

Pulls subscription data from Stripe and computes MRR, NRR, GRR, and movement waterfall. Updated every 24 hours.

Invoices 20% of payments recovered in the prior month on the 1st of each month.

Re-runs your Stripe diagnostic on the 1st of each month and emails you the results. Toggle on in Settings.

Weekly email covering recovery stats, open disputes, and Intelligence high-risk customers.

Rebuilds all demo account data nightly. Demo accounts never touch live Stripe.

Mutex lock per cron via cron_locks table. Overlapping runs are blocked, not queued.

check-cron-health fires every 6 hours. If any cron has not run within its expected window, you are alerted.

Maps every Stripe decline code to one of four categories: soft, network, expired, fraud. Different category, different sequence.

Fraud-category declines suppress retry steps and flag the customer in Intelligence for dispute risk assessment.

0-100 score per customer derived from three independent bands: engagement health, recovery history, and customer value.

Every customer gets one: personal outreach, continue automated, continue automated (priority), continue automated (deprioritize), accept loss dispute, expansion outreach, or win-back priority.

Claude Sonnet writes each email. Claude Haiku runs a quality audit pass. Em dash strip, timing-word removal, and a hard strip pass run before send.

0-100 fight/accept score with confidence percentage and reasoning, derived from prior charge history, authentication signals, and dispute reason code.

Haiku-generated 2-3 sentence plain-English diagnostic summary at the top of every audit result.

Haiku writes a plain-English assessment of every at-risk customer nightly. Explains the risk and what the recommended action means in context.

When a dispute closes, won/lost counters and last_dispute_outcome write to customer_context.dispute_signals. Intelligence uses this in scoring.

Fraud-category decline writes fraud_decline_flag and fraud_decline_code to customer_context.recovery_signals. Dispute triage reads this as a risk signal.

Lost dispute sets recovery_suppressed_retries on the customer. Recovery cron skips retry_ steps for suppressed customers. Email steps continue.

continue_automated_deprioritize recommendation delays email steps 48 hours. Applied at cron time. Retry steps are unaffected.

winback_priority customers receive their first win-back email at 1 hour. All others receive it at 4 hours.

Audit detects when Stripe's Card Account Updater is available but has not fired for expiring cards. Flags as advisory with count of affected cards.

is_renewal_noise flag on failed_payments. Prevents duplicate sequences on Stripe's own retry events.

Soft, network, expired, and fraud each receive different email sequences. Timing, tone, and retry strategy differ by decline type.

Each email gets an AI-generated subject line tuned to the decline category and customer history.

Set the tone for recovery emails per decline category, or globally. Stored in Settings then Brand Voice.

Add a plain-English description of your product. Recova uses it in email copy and dispute evidence.

If Claude fails, a category-appropriate fallback email sends. Sequences never stall on an AI failure.

Any pending email step can have its body replaced before it sends. Editable from the payment detail timeline.

Every sent email tracks opens, clicks, time-to-open, send hour, and send day of week via Resend webhooks.

email_suppressions table checked before every send. Bounced, complained, or unsubscribed addresses never receive a recovery email.

Three send attempts with 1s/2s exponential backoff on failure. Sentry captures on final failure. Sequences do not silently stop.

Three-step post-cancellation sequence (step 1 at 1h or 4h, step 2 at 4 days, step 3 at 14 days).

Templated email with a Stripe Billing Portal link. Unique constraint prevents duplicate alerts per (customer, card, expiry).

Monday morning email: recovery stats, open disputes, and Intelligence high-risk customers. One email, all products.

Reminder emails at 3 days and 1 day before the dispute evidence deadline.

All outbound emails include RFC 8058 List-Unsubscribe headers for CAN-SPAM compliance.

Unsubscribe links use signed tokens. Clicking adds the address to email_suppressions immediately.

Stat cards, ROI widget, 5 charts, recovery queue, deliverability panel. Range: 7d / 30d / 90d / all.

Cumulative area chart. Rate never exceeds 100%. Color threshold: green at or above 36%, amber 21-35%, red below 21%.

Bar chart showing when-in-sequence recoveries occur. How many recover on step 1, step 2, and so on.

Open rate and click rate per decline category. Shows which category your customers respond to most.

Category distribution with per-category recovery rate and sparklines.

Every step in a payment's sequence: scheduled, sent, pending. Exact timestamps, results, and email preview.

Full subject line and rendered email body visible on every completed email step.

Grouped bar chart showing open/click/recovery rate per email step number across all sequences.

Open disputes, triage scores, deadline proximity, historical win rate. Intelligence health badge per customer.

Full evidence panel before submission: prior charges, emails, AVS/CVV/Radar signals, 3DS, structured evidence JSON.

MRR, NRR trend, MRR movement waterfall, portfolio health distribution, monthly AI narrative.

All customers sorted by health score ascending. Worst-health customers surface first.

Health sparkline (30-day), signal cards, IntegrityLayerBanner, AI assessment, recovery history link.

High/medium/healthy band summary, churn rate trend chart (90 days), high-risk customer table sorted by MRR.

New, expansion, reactivation vs contraction, churn. Week by week.

Four scopes: failed invoices, expiring cards, open disputes, business health. AI summary at top.

Bar chart grouping upcoming card expirations by month. Peak risk month highlighted in red.

Authenticated accounts see all past audit runs at /audit/dashboard with persistent historical results.

Live cron health (last-run timestamps + green/amber/red status) visible at /help.

Full webhook event log with filter, errors-only toggle, and JSON expand.

Last 100 admin actions with actor, action, and metadata.

All 15 crons with last-run status in /admin/operations.

Pause any active recovery sequence from the payment detail page. Resume when you're ready.

Cancel a sequence permanently. No further steps will run.

Insert an immediate retry step for any payment in an active sequence.

Replace the next scheduled step with a different step type.

Re-queue any email step by clearing its execution state.

Replace the AI-generated body on any pending email step before it sends.

Trigger a Stripe invoice retry manually from the payment detail page.

Add a note to any payment visible in the timeline.

Review staged evidence, edit the uncategorized text field, attach files, and submit to Stripe.

Close a dispute without submitting evidence. No Recova fee on accepted disputes.

Enable automatic submission 24 hours before the deadline for all fight-recommendation disputes.

Clear an Intelligence recommendation for a customer.

Defer recalculation of an Intelligence recommendation by N days.

Add freeform notes to any Intelligence customer record.

Configure the lookback window (default 90 days) for your Stripe diagnostic.

Enable monthly auto-run in Settings. Audit runs on the 1st and emails you results.

processing_paused flag on your account suspends all cron activity immediately.

Configure metric alerts (11 metrics) with custom thresholds, directions, and channels (email or Slack).

Sender name, reply-to address, and notification email per Stripe account.

Per-decline-category tone configuration. Influences AI email generation.

Product description and ships-physical-goods flag. Used in email copy and dispute evidence.

Dark/light mode toggle in nav and Settings. Persists to DB for authenticated users, cookie for unauthenticated.

Unlimited team seats. Add members from Settings then Team.

Read-only OAuth connection to your Stripe account. Connects in under 60 seconds.

Connect multiple Stripe accounts. Pricing is per connected account. Switch between accounts from the nav.

All Stripe access tokens encrypted at rest in stripe_connections table.

Handles invoice.payment_failed/succeeded, subscription events, and charge.dispute.* events.

All outbound emails sent via Resend. Delivery, open, click, bounce, and spam events tracked via webhook.

Full platform access via Claude.ai. OAuth 2.1 with PKCE S256. 50+ tools across Recovery, Disputes, Intelligence, and Audit. URL: mcp.recovamrr.com/mcp

Platform-wide admin access via Claude.ai. Separate endpoint, admin OAuth scope only. URL: mcp.recovamrr.com/mcp/admin

Full RFC 8414 + RFC 9728 + RFC 7591 compliant authorization server. PKCE S256 enforced. Authorization codes single-use, 10-minute expiry.

Every refresh token use issues a new refresh token. Old token invalidated.

SHA-256 hashed API keys with merchant/operator/admin scopes. Manage from Settings then API Keys.

Claude Sonnet for email generation and dispute evidence. Claude Haiku for quality audits and nightly analyst.

PostgreSQL + Auth + Row Level Security. All 39 tables have RLS enabled.

Auto-deploy from GitHub main. Edge network.

Error tracking with source maps. All cron failures captured.

Rate limiting on public API routes.

Recova requests read-only Stripe Connect access. It reads your data. It never writes to or modifies your Stripe configuration.

RLS enabled on all 39 Supabase tables. No query can access data outside the authenticated account.

All Stripe access tokens encrypted at rest. Decrypted only in memory during cron execution.

All incoming Stripe webhooks verified with constructEvent signature verification. Replay window enforced.

Resend delivery events verified with HMAC-SHA256 signatures.

All 15 cron routes validate CRON_SECRET header. Direct HTTP execution blocked.

OAuth authorization codes require code_verifier proof. Interception attacks blocked.

OAuth codes expire in 10 minutes and are invalidated on first use.

Every token refresh issues a new refresh token and invalidates the old one.

Admin OAuth scope: requires isAdminEmail check on consent page UI and again on the API route. Neither alone is sufficient.

Upstash rate limiting on audit endpoint and public API routes.

List-Unsubscribe headers, signed unsubscribe tokens, email_suppressions table, physical address in all commercial emails.

66 contrast pairs audited, 0 failures, no exemptions. prefers-reduced-motion, prefers-contrast: more, and forced-colors all implemented.

Error token adjusted from #e05252 to #db5757 for deuteranopia simulation compliance. Green/amber distinction uses icon+label, not color alone.

Disposable email domains blocked at signup.

Full schema: accounts, stripe_connections, failed_payments (42 columns), recovery_steps (24 columns), disputes (44 columns), customer_context (23 columns), mrr_snapshots (21 columns), audit_runs (31 columns), and 31 more.

All 15 running. Scheduled from hourly to monthly. Full status visible at /help.

outcomes table records every material event across all products. Foundation for cross-product scoring and benchmarking.

29 documented integration points between Recovery, Disputes, and Intelligence. Dispute outcomes affect Intelligence scoring. Fraud declines suppress recovery retries. Intelligence scores affect dispute triage.

Every recovery, dispute, and intelligence event written to outcomes for cross-product pattern learning.

Two demo accounts (Teamflow, Bolt Analytics) with 200 realistic customers each. Full surface parity with live accounts. Nightly reset.

ai_calls table tracks every Anthropic API call with model, tokens, and cost. Per-account and platform-wide views.

benchmark_data table aggregates cross-merchant patterns. Empty until real merchant volume accumulates. Foundation for industry benchmarks.

ab_test_group field on failed_payments, ab_variant field on recovery_steps. Infrastructure ready for sequence testing.

deleted_at on failed_payments and recovery_steps. Records preserved for audit trail.

is_renewal_noise flag prevents duplicate sequences on Stripe's own retry events.

accounts.last_visited_path and last_visited_product. Authenticated users return to where they left off.