Recurly - Recurring Payment Privacy & Consent Info

Overview

Recurly specializes in subscription billing with a focus on revenue recovery and churn reduction. The platform offers sophisticated dunning management, intelligent retry logic for failed payments, and analytics around subscriber lifecycle metrics like MRR and churn rate. Recurly integrates with multiple payment gateways and supports a wide range of billing models including usage-based, hybrid, and ramp pricing.

What This Script Does

Recurly's client-side integration uses Recurly.js, loaded from js.recurly.com. The primary function is rendering PCI-compliant payment forms on the merchant's website. Rather than redirecting to a hosted page, Recurly.js creates iframes for sensitive payment fields (card number, CVV, expiry) that are served from Recurly's domain, ensuring card data never touches the merchant's servers.

The script sets the following cookies:

recurly_session — session cookie maintaining the checkout state during form completion
_recurly_ — functional cookie for form state persistence if the user navigates away and returns

Recurly.js communicates with api.recurly.com and {subdomain}.recurly.com during the checkout process. It collects the customer's name, email, billing address, and payment method token. For 3D Secure authentication (required in the EU under PSD2), the script may also open an authentication challenge window communicating with the card issuer's domain.

The script performs basic device data collection for fraud screening, including browser user agent and IP geolocation (resolved server-side). It does not set third-party tracking cookies or perform cross-site identification.

Consent & Compliance

Recurly is classified as essential. Its scripts handle payment form rendering and transaction processing — functions that are strictly necessary for completing a purchase the user has initiated. Under GDPR and ePrivacy Directive Article 5(3), cookies set for the purpose of carrying out a transaction requested by the user are exempt from consent.

Under CCPA/CPRA, Recurly processes data solely for the business purpose of payment processing. As a service provider, it does not sell or share personal information. The fraud screening data collection falls under the security operations exception.

Should You Block This Without Consent?

No. Recurly scripts are essential for rendering payment forms and processing subscription transactions. Blocking them would prevent users from completing purchases. These scripts and their cookies are exempt from consent requirements as strictly necessary for a user-requested service.

Visit website

Consent Categories

Essential

Also Known As

Recurly billingRecurly checkoutrecurring billing platformsubscription paymentsRecurly.js

Industries

Programming and Developer SoftwareComputers Electronics and Technology

Tracked Domains (2)

recurly.comEssential

js.recurly.comEssential

Frequently Asked Questions

Does Recurly require cookie consent?

No. Recurly.js renders PCI-compliant payment forms and handles subscription transactions users explicitly initiate. Session and form-state cookies are strictly necessary for checkout to function. These qualify as exempt from ePrivacy consent requirements.

What cookies does Recurly set?

Recurly sets recurly_session (session cookie for checkout state during form completion) and _recurly_ (functional cookie for form state persistence if the user navigates away and returns). No third-party tracking or advertising cookies are placed by Recurly.js.

How does ConsentStack handle Recurly?

ConsentStack classifies Recurly as essential. Its payment form and checkout session cookies are treated as strictly necessary for processing subscription transactions. ConsentStack always allows Recurly scripts to load without consent gating and excludes them from blocking rules.