Privacy Policy

1. Introduction

PayNudge ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered invoice reminder service.

By using PayNudge, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access the service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address and business name when you create an account via Google OAuth or email authentication.
• Invoice Data: Invoice documents you upload, including invoice numbers, amounts, due dates, currencies, and descriptions.
• Contact Information: Names, email addresses, phone numbers, and company names of your clients/contacts.
• Payment Information: Billing details processed securely through our payment provider (Stripe). We do not store your full credit card details.
• Communications: Email content sent through our platform to your clients on your behalf.

2.2 Information Collected Automatically

• Usage Data: How you interact with our service, features used, and time spent.
• Device Information: Browser type, operating system, IP address, and approximate geographic location.
• Email Engagement: When payment reminder emails are opened and links are clicked by your recipients.
• Cookies: Session cookies for authentication and analytics cookies to improve your experience.

2.3 Third-Party Integrations

When you connect third-party services like Xero, we receive invoice and contact data from those platforms as authorized by you. We only access the minimum data necessary to provide our service, such as invoice details, contact information, and payment status.

3. How We Use Your Information

We use the collected information for the following purposes:

• To provide, maintain, and improve our invoice reminder service
• To process and extract information from uploaded invoices using AI technology
• To send payment reminder emails to your clients on your behalf
• To calculate Trust Scores and payment reliability metrics for your contacts
• To provide aggregated, anonymized Trust Score data (see Section 4)
• To process payments and manage your subscription
• To send you service-related notifications and updates
• To respond to customer support inquiries
• To detect, prevent, and address technical issues, fraud, and abuse
• To analyze usage patterns and improve our AI algorithms

4. Trust Score System and Aggregated Data

PayNudge calculates Trust Scores for contacts based on their payment behavior. This section explains how Trust Score data is handled:

4.1 Your Contact Trust Scores

Trust Scores are calculated based on payment history, response patterns, and engagement with your invoices. These scores are visible to you within your account and may be shown to your contacts when they view invoice reminder pages.

4.2 Aggregated Global Trust Data

To improve the accuracy of Trust Scores for new contacts, we may use aggregated, anonymized payment behavior data across all PayNudge users. This means:

• When you add a new contact, we may reference anonymized payment patterns to provide an initial Trust Score estimate
• Individual invoice amounts, user identities, and specific business relationships are never shared
• Only statistical aggregates (averages, trends) based on hashed email identifiers are used
• You cannot identify other users or their specific invoice data from this aggregated information

4.3 Opting Out

If you do not wish your contact data to contribute to aggregated Trust Score calculations, please contact us at privacy@paynudge.ai to request exclusion. Note that this may limit certain features of the service.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We work with trusted third-party service providers who assist us in operating our service:

• Supabase: Database, authentication, and file storage services
• Resend: Email delivery services for payment reminders
• Stripe: Payment processing for subscriptions
• OpenAI/Anthropic: AI-powered invoice data extraction and analysis
• Vercel: Hosting and infrastructure
• Xero: Accounting integration (when connected by you)

5.2 Your Clients/Contacts

When we send payment reminder emails on your behalf, recipients can see: your name/company name, invoice details, their Trust Score, and response options. We do not share your email address directly with recipients unless you configure this.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud or security issues.

6. AI Processing

PayNudge uses artificial intelligence to enhance our service:

• Invoice Extraction: AI analyzes uploaded invoice documents to extract relevant data such as amounts, dates, and contact information
• Email Personalization: AI helps craft contextually appropriate payment reminder messages based on invoice details and payment history
• Risk Assessment: AI assists in calculating Trust Scores and predicting payment likelihood

Invoice data sent to AI providers is processed according to their privacy policies (OpenAI, Anthropic). We use these services in compliance with their data processing agreements and do not permit them to use your data to train their models.

7. Data Security

We use trusted infrastructure providers that implement industry-standard security measures:

• All data transmitted over HTTPS/TLS encryption
• Database encryption at rest provided by Supabase (our database provider)
• Secure authentication via Google OAuth 2.0 and magic link emails
• Row-level security policies ensuring data isolation between users
• Hosting on Vercel with enterprise-grade security infrastructure
• Payment processing via Stripe (PCI-DSS compliant)

While we use secure infrastructure, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but will notify you promptly in the event of a data breach affecting your information.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specifically:

• Account data: Retained until you delete your account
• Invoice data: Retained for 7 years for tax and legal compliance purposes
• Email logs: Retained for 2 years
• Analytics data: Retained for 1 year in identifiable form, then anonymized
• Uploaded files: Retained while your account is active; deleted upon account termination

You may request deletion of your data at any time by contacting us at privacy@paynudge.ai. We will process deletion requests within 30 days, subject to legal retention requirements.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of your personal data we hold
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Request your data in a machine-readable format
• Objection: Object to certain processing activities
• Restriction: Request restriction of processing in certain circumstances
• Withdraw consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@paynudge.ai. We will respond within 30 days. We may need to verify your identity before processing your request.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. When we transfer data internationally, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission to protect your information in compliance with applicable laws including GDPR.

11. Children's Privacy

PayNudge is a business service not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

12. Cookies and Tracking

12.1 Cookie Consent

When you first visit PayNudge, we display a cookie consent banner asking for your permission to use analytics cookies. You can choose to:

• Accept: Enable all cookies including analytics and tracking
• Decline: Only essential cookies required for the service to function will be used

Your cookie preference is stored in your browser and remembered for future visits. If you decline cookies, analytics tracking via PostHog is disabled and no usage data is collected.

12.2 Types of Cookies We Use

Essential Cookies (Always Active):

• Authentication and session cookies to keep you logged in
• Security cookies to protect against fraud and abuse
• Cookie consent preference storage

Analytics Cookies (Require Consent):

• PostHog analytics to understand how users interact with our service
• Page view tracking and session recording (passwords are masked)
• Feature usage analytics to improve product development

12.3 Managing Your Cookie Preferences

You can change your cookie preference at any time by:

• Clearing your browser's local storage and cookies, then revisiting PayNudge
• Using your browser's privacy settings to manage cookies
• Contacting us at privacy@paynudge.ai to request your preference be reset

12.4 Email Tracking

Payment reminder emails may contain tracking pixels that notify us when an email is opened. This helps us provide delivery confirmation and engagement analytics. Email tracking is used to improve our service and is attributed to your account, not to the email recipient.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information we collect, use, and disclose
• Right to request deletion of your personal information
• Right to non-discrimination for exercising your privacy rights
• Right to opt-out of the sale of personal information (we do not sell personal information)

To exercise these rights, contact us at privacy@paynudge.ai or call our privacy line (details available upon request).

14. UK Privacy Rights (UK GDPR)

If you are located in the United Kingdom, you have rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018:

• Right to be informed about how your data is used
• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure (right to be forgotten)
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making and profiling

To exercise these rights, contact us at privacy@paynudge.ai. We will respond within one month. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

15. Australian Privacy Rights (Privacy Act 1988)

If you are located in Australia, your personal information is handled in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs):

• Access: You may request access to your personal information held by us
• Correction: You may request correction of any inaccurate, out-of-date, incomplete, or misleading information
• Anonymity: Where practicable, you may deal with us anonymously or using a pseudonym
• Cross-border disclosure: Your data may be transferred overseas to our service providers (see Section 5). We take reasonable steps to ensure overseas recipients comply with the APPs
• Direct marketing: You may opt out of receiving direct marketing communications at any time

To exercise these rights or make a complaint, contact us at privacy@paynudge.ai. If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page, updating the "Last updated" date, and sending an email notification for significant changes. Your continued use of the service after changes constitutes acceptance of the updated policy.

17. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: