InvoiceDash

Privacy Policy

Last updated: March 29, 2026

1. What We Collect

We collect the following categories of information:

  • Account information: Name, email address, company name, timezone.
  • Billing information: Payment details are processed and stored by Stripe. We do not store credit card numbers.
  • Invoice and debtor data: Invoice records, debtor contact details, payment history, and communication logs that you create or import through the Service.
  • Integration data: OAuth tokens and account identifiers for connected platforms (QuickBooks, Xero, FreshBooks, Stripe).
  • Usage data: Pages visited, features used, and general interaction patterns to improve the Service.

2. How We Use Your Data

  • To provide and operate the Service, including sending reminders and tracking communications on your behalf.
  • To process payments and manage subscriptions.
  • To sync data with your connected integrations.
  • To generate AI-powered predictions and analytics based on your invoice data.
  • To send you Service-related notifications (account updates, billing, security alerts).
  • To improve the Service based on aggregate usage patterns.

3. How We Share Your Data

We do not sell your data. We share information only in these cases:

  • Service providers: Supabase (database), Stripe (payments), Twilio (SMS), Resend (email), and Anthropic (AI features). These providers process data on our behalf under their own privacy policies.
  • Your integrations: When you connect QuickBooks, Xero, FreshBooks, or Stripe, data flows between InvoiceDash and those platforms as needed to sync invoices.
  • Legal requirements: If required by law, court order, or government request.

4. Data Security

We take reasonable measures to protect your data:

  • All data is encrypted in transit (TLS) and at rest.
  • Database access is enforced through row-level security policies — users can only access their own data.
  • OAuth tokens for integrations are stored securely and refreshed automatically.
  • Payment processing is handled entirely by Stripe (PCI-compliant).

No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you promptly.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove your data within 30 days, except where we are required by law to retain it longer (e.g., billing records).

6. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Export your data in a portable format.
  • Opt out of non-essential communications.

To exercise any of these rights, email [email protected].

7. Cookies

The marketing site does not use tracking cookies. The application uses essential cookies (authentication session tokens) required for the Service to function. We do not use third-party advertising cookies.

8. Children's Privacy

The Service is not intended for anyone under 18. We do not knowingly collect data from minors.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice in the Service. The "Last updated" date at the top reflects the most recent revision.

10. Contact

Questions or concerns about your privacy? Email us at [email protected].