Privacy Policy

• Account data: your email address (used to sign you in).
• Business profile: business name, address, payment instructions you optionally enter.
• Invoices and clients: data you create — client emails, line items, amounts, dates.
• Usage analytics: anonymous page-view metrics via Vercel Analytics (no cross-site tracking, no third-party cookies).
• Hosted invoice page views: when one of your clients opens an invoice link (/i/<publicId>), we record a timestamp and a one-way hash of their IP and user-agent for dedup purposes. We never store raw IP addresses, and the hash rotates daily so we cannot correlate a viewer across days. This data is shown only to you (the invoice owner) on your dashboard.

• To authenticate you (your email + a signed session cookie).
• To send invoice and reminder emails to your clients on your behalf.
• To generate AI content (line items, cover emails, reminder copy) — your input is sent to our AI providers (see below).
• To improve the Service via aggregate usage analytics.

We share data with the following sub-processors strictly to operate the Service:

• Resend — outbound email delivery
• Anthropic / DeepSeek — AI text generation (your work descriptions and invoice context are sent for processing)
• Neon — Postgres database hosting
• Vercel — application hosting + analytics
• Cloudflare — DNS and email routing

We do not sell your data. We do not share data with advertisers.

We set one cookie, session, an HMAC-signed token used to keep you signed in. It is httpOnly, sameSite=lax, and secure in production. We do not use third-party tracking cookies.

You can request access to, export of, correction of, or deletion of your data at any time by emailing [email protected]. We respond within 30 days.

We retain account and invoice data while your account is active. On account deletion, we delete personal data within 30 days, retaining only minimal records required for legal/financial compliance.

Our infrastructure is hosted in the United States (Vercel, Neon us-east-1) and Europe (Cloudflare global). By using the Service, you consent to your data being processed in those regions.

For privacy questions, write to [email protected].