Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Baremetrics is a subscription analytics platform for SaaS companies. It connects to Stripe, Braintree, Recurly and Chargebee to compute MRR, churn, LTV, forecasts and cancellation insights.
Baremetrics is a popular subscription analytics platform aimed at SaaS founders, finance teams and product analysts. It connects to Stripe, Braintree, Recurly or Chargebee with a single OAuth step, then computes monthly recurring revenue, churn, customer lifetime value, retention cohorts, and revenue forecasts. It also exposes optional features such as Cancellation Insights, Recover for failed payments, and public dashboards.
Baremetrics is mainly a backend integration. It pulls subscription data through the Stripe API and similar payment platforms, normalises it, and presents dashboards in the internal admin. The optional Cancellation Insights widget loads a small JavaScript on the cancellation page of your product and asks the customer why they are leaving. Recover and dunning emails are sent via Mailgun.
On the merchant side, no cookies are placed in the visitor browser unless the Cancellation Insights widget or a Baremetrics public dashboard is embedded. Baremetrics processes customer email, name, subscription plan, billing address (city, country), MRR, charges and refunds. The exact set depends on what your billing system exposes.
Baremetrics acts as a processor under your DPA for the analytics workload. Subscriber data is personal data; the legal basis is typically legitimate interest in measuring the business, with a balancing test. The Cancellation Insights widget loads non strictly necessary scripts and may require consent if shown on a public flow. Public dashboards must obfuscate customer level data or rely on consent.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Baremetrics is hosted in the United States on Heroku and AWS. Subscription data and any free text from Cancellation Insights are transferred to the US. Transfers rely on the EU-US Data Privacy Framework and on Standard Contractual Clauses for non DPF subprocessors. Document the chain.
Sign the DPA, scope the Stripe API permissions to the minimum needed, restrict access to the Baremetrics dashboard with SSO and MFA, set retention for unused snapshots, and disclose Baremetrics in your privacy notice as an analytics processor. Pseudonymise public dashboards. Gate the Cancellation Insights widget behind consent on consumer flows.
Websites using Baremetrics must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA can be useful when Baremetrics is used at scale on consumer subscriptions or when Cancellation Insights collects free text reasons. Document the data flow from Stripe, the retention, the US transfer mechanism, and the access controls on the internal dashboard.
Sample consent text
We use Baremetrics to analyse our subscription metrics. Baremetrics receives customer subscription data from our billing system and processes it on servers in the United States. We disclose this in our privacy notice and rely on legitimate interest for internal analytics.
Third-party domains contacted
baremetrics.comapi.baremetrics.combaremetrics-public.s3.amazonaws.comcdn.baremetrics.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _baremetrics_session | http_cookie | Session | Session cookie set on baremetrics.com when the Cancellation Insights widget or a public dashboard is embedded. |
| _baremetrics_cancellation_id | http_cookie | 30 days | Identifier used by Cancellation Insights to associate the user feedback with the cancellation flow. |
| __cf_bm | http_cookie | 30 minutes | Cloudflare bot management cookie set by the Baremetrics edge to protect the platform. |
Baremetrics collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Baremetrics does not set cookies on the merchant website unless you embed the Cancellation Insights widget or a public dashboard. In those cases, a session cookie is set on the embedded baremetrics.com iframe. The Baremetrics admin uses its own cookies for its own login.
For the backend integration with Stripe and similar systems, no specific consent from end users is required: the legal basis is legitimate interest in business analytics, with information in the privacy notice. For embedded widgets and public dashboards, consent may be required because non strictly necessary scripts are loaded.
Legitimate interest under Article 6(1)(f) GDPR for internal SaaS metrics, with a documented balancing test. Consent under Article 6(1)(a) for Cancellation Insights and public dashboards when embedded on consumer surfaces.
Yes. Baremetrics is hosted in the United States on Heroku and AWS. Subscription data and Cancellation Insights free text are transferred to the US. Transfers rely on the EU-US Data Privacy Framework and on Standard Contractual Clauses.
A DPIA is not strictly required for internal SaaS metrics. It becomes useful when Cancellation Insights collects sensitive free text or when public dashboards expose customer level data. Document the scope and the safeguards.
Sign the DPA, scope Stripe API permissions, secure access with SSO and MFA, set retention for snapshots, disclose Baremetrics in the privacy notice. Pseudonymise public dashboards. Gate Cancellation Insights behind consent on consumer flows.
Alternatives include ProfitWell (Paddle), ChartMogul, Putler, SaaSGrid, Stripe Sigma, and self hosted dbt models on a data warehouse like BigQuery or Snowflake. ChartMogul provides EU residency in some plans.
If you embed Cancellation Insights or a public dashboard, list the corresponding cookies in your policy. Add a section explaining that Baremetrics receives subscription data from your billing system and processes it in the United States with DPF and SCC safeguards.