Privacy Policy

Last updated: 6/25/2026

Placeholder copy. Replace with final legal-reviewed Privacy Policy before launch.

What we collect

• Account info — name, email, company name, password hash.
• Business data — customers, invoices, payments, time entries, and related records you enter.
• Payment metadata — we never see or store full card numbers. Authorize.net tokenizes cards in the browser and we store only the tokenized profile IDs.
• Usage — standard server logs (IP, user-agent, timestamps) retained for 30 days for abuse + debugging.

How we use it

To run the product, process payments, send transactional email, and reply to support requests. We don't sell data, share it with advertisers, or train AI models on it.

Sub-processors

• Neon — Postgres hosting (your data at rest).
• Vercel — application hosting + edge logs.
• Authorize.net — payment processing.
• Resend — transactional email when tenant SMTP isn't configured.
• Anthropic / Google — AI assistant calls, only with the tenant's bring-your-own API key.

Your rights

You can export all your data at any time (Settings → Export), cancel your account from Billing, or email us to request deletion. We delete canceled accounts 30 days after cancellation.

Security

All traffic is served over HTTPS. Sensitive fields (Authorize.net keys, SMTP passwords) are encrypted at rest with AES-256-GCM. Two-factor authentication is available on owner accounts at Settings → Security.

Contact

privacy@dicksoft.io

Terms · Home