Legal
Privacy policy
Last updated:
What we collect
When you sign up, we store your email and a hashed password. When you create an invoice, we store the invoice details, your client's contact details (name, email, optional phone number), the amount, and reminder activity. We never store credit card numbers. Stripe and PayPal credentials are stored encrypted at rest with AES-256-GCM.
What we don't do
DueFire is not a payment processor. We never hold or move your money. Payments flow directly from your client to your Stripe / PayPal / bank account. We do not sell your data. We do not share your client list with third parties.
Reminders we send on your behalf go through our email provider. The provider stores the message bodies for delivery, bounce handling, and spam compliance. We do not read individual emails.
Cookies
We use one httpOnly cookie (named duefire_rt) to keep you signed in. It contains a refresh token and is rotated on every refresh. We do not use third-party analytics cookies on the marketing site or the app.
Data retention
When you delete your account, we delete your invoices, clients, and reminder logs within 30 days. Audit log entries that reference legally-required transaction history (e.g. tax records) are retained as required by your jurisdiction's law.
Where to reach us
Questions about this policy? Email [email protected].
This is a placeholder summary. The full, lawyer-reviewed policy will replace this page before launch.