Privacy Policy

1. Introduction

Welcome to Paidly ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoicing service at paidly.co (the "Service").

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, password, business name, phone number, and business address
• Payment Information: Billing details processed securely through Stripe (we do not store your credit card information)
• Business Data: Invoices, contracts, client information, payment records, and other data you upload or create
• Communications: Messages you send us via email or support channels

2.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on the Service
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies: Session cookies for authentication and functionality (see Section 7)

2.3 AI Processing

When you upload contracts for AI parsing, we send the document to Google's Gemini AI API for processing. Google processes this data according to their privacy policy and does not use your data to train their models.

3. How We Use Your Information

• Provide, operate, and maintain the Service
• Process your invoices and payments through Stripe
• Parse contracts using AI to extract invoice data
• Generate professional PDF invoices with your business branding
• Send invoice emails with PDF attachments to your clients
• Send payment reminder emails to you and your clients
• Track product usage and user behavior through analytics (PostHog)
• Monitor errors and performance issues (Sentry)
• Respond to your questions and provide customer support
• Improve and optimize the Service
• Detect, prevent, and address technical issues or fraud
• Comply with legal obligations

4. Third-Party Services

We use the following third-party services to provide our Service:

• Supabase: Database and authentication infrastructure (see Supabase Privacy Policy)
• Stripe: Payment processing and subscription management (see Stripe Privacy Policy)
• Google Gemini: AI-powered contract parsing (see Google Privacy Policy)
• Resend: Email delivery for invoices and notifications (see Resend Privacy Policy)
• PostHog: Product analytics and user behavior tracking (see PostHog Privacy Policy)
• Sentry: Error monitoring and performance tracking (see Sentry Privacy Policy)
• Vercel: Hosting and deployment (see Vercel Privacy Policy)

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following situations:

• Service Providers: With third-party vendors who perform services on our behalf (listed above)
• Business Transfers: If we are acquired or merged, your information may be transferred
• Legal Requirements: When required by law or to protect our rights
• With Your Consent: When you explicitly authorize us to share your data

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of data at rest (database encryption)
• Secure authentication (password hashing, OAuth)
• Regular security audits and updates
• Access controls and role-based permissions

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

7. Cookies and Tracking

We use essential cookies to provide the Service, including:

• Authentication Cookies: To keep you logged in
• Session Cookies: To maintain your session state
• Preference Cookies: To remember your settings

You can control cookies through your browser settings. Disabling cookies may limit functionality of the Service.

8. Data Retention

We retain your personal information for as long as necessary to provide the Service and comply with legal obligations. When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, regulatory, or security purposes.

9. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Request your data in a portable format
• Opt-Out: Unsubscribe from marketing communications
• Restriction: Request limitation of processing

To exercise these rights, please contact us at [email protected]

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable laws.

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us: