Can LeakCheck charge my customers?

No. LeakCheck requests Stripe's read_only scope or accepts an export upload. It cannot move money or charge customers through that access.

Can LeakCheck change subscriptions?

No. The audit path does not request write access, so it cannot create, update, cancel, or pause subscriptions.

What scope does LeakCheck request?

LeakCheck requests Stripe Connect OAuth with the read_only scope.

Read-only Stripe audit

A Stripe audit that can read your billing, and nothing else

We use Stripe's read_only OAuth scope, so the audit can never move money or change a subscription. If you do not want to connect at all, upload a Stripe JSON export instead.

Connect read-only and run your audit Or upload a Stripe export instead

You should not hand write access to your billing to a tool you just found. LeakCheck gives you two read-only doors.

Access requested

Exactly what read_only allows.

Stripe's read_only scope lets the audit read billing objects needed to build the report. It does not allow LeakCheck to charge customers, refund payments, transfer money, create subscriptions, cancel subscriptions, or edit pricing.

Allowed

Read billing objects

Customers, subscriptions, charges, invoices, prices, and products needed for the audit.

Forbidden

Write to Stripe

No customer charges, no subscription changes, no refunds, no pricing edits.

Checked

Scope validation

The server rejects the OAuth callback if Stripe does not grant read_only access.

No connection required

Prefer not to connect at all?

Upload a Stripe JSON export instead. It keeps the cautious buyer in the same audit flow without granting OAuth access.

01Export the relevant Stripe objects as JSON from your account or internal billing export flow.
02Use the upload panel on LeakCheck's audit form.
03Review the teaser total and leak count before deciding whether to unlock the full report.

Upload a Stripe export View sample report

Data handling

What happens to your data.

The audit writes a report so you can review and share findings. It does not need write access to Stripe to do that.

encrypted

AES-GCM report payload

The report payload is encrypted before it is stored.

minimal

Plaintext routing fields

Only non-sensitive routing fields needed to serve the report stay in plaintext.

30 days

Expiring links

Shareable report links expire after 30 days by default.

noindex

Report shells

Report pages send noindex and nofollow directives.

headers

Audit responses

Audit data responses use security headers and no-store behavior.

support

Deletion requests

Email support@mnac.io if you need a report removed or have a data request.

Report output

What you get back.

LeakCheck returns ranked findings, dollar totals, and a shareable report link you can send to the person who owns billing cleanup.

FindingsRanked

Failed payments, past-due subscriptions, dead trials, duplicates, coupons, and billing gaps.

TotalsAt risk

A headline total plus leak count for the free teaser.

ReportShareable

Secure report link that expires in 30 days by default.

FAQ

Safety questions founders ask first

Can you charge my customers?

No. The read-only audit cannot charge customers, refund payments, or move money.

Can you change subscriptions?

No. The audit path does not request write access, so it cannot create, update, pause, or cancel subscriptions.

How long is data kept?

Report links expire after 30 days by default. Email support@mnac.io for deletion requests.

Can I delete the report?

Contact support from the email used for the audit and ask for the report to be removed.

What scope exactly?

Stripe Connect OAuth with `read_only` scope. The server rejects a callback that does not grant read-only access.

Where is the main funnel page?

Start with the free Stripe revenue leak check.

Run the audit without write access.

Connect with read_only scope, or upload a Stripe export instead. Both paths lead to the same free teaser audit.

Connect read-only and run your audit Or upload a Stripe export instead