1. Introduction
This Privacy Policy explains how Tidybill (“we”, “us”, “our”) collects, uses, and protects information when you use our online invoicing software and related services (the “Service”). By using the Service, you agree to the practices described here.
2. Information We Collect
- Account information: your name, email address, company name, and password (stored hashed).
- Billing information: subscription payments are processed by Stripe. We do not store your full card number; we receive a token and limited metadata (last four digits, brand, expiry).
- Service content: data you enter such as clients, invoices, quotes, time entries, projects, and uploaded logos.
- Usage data: page views, feature usage, and aggregate analytics collected via Google Analytics.
- Server logs: IP address, browser user-agent, request timestamps, and error traces, retained for security and debugging.
- Cookies: essential session cookies to keep you signed in, plus optional analytics cookies.
3. How We Use Your Information
- To provide and operate the Service (storing your invoices, sending emails to your clients, generating PDFs).
- To process subscription billing and manage your account.
- To respond to support requests.
- To improve the product and understand how users engage with features.
- To comply with legal obligations (tax, accounting, lawful requests).
4. Lawful Basis (GDPR)
Where GDPR applies, our lawful bases are: performance of a contract (operating the Service for you), legitimate interest (security, fraud prevention, product improvement), consent (analytics cookies, marketing emails), and legal obligation (tax records, lawful requests).
5. Sharing
We do not sell your personal information. We share data with the following categories of providers solely to operate the Service:
- Stripe (payment processing).
- Mailgun (transactional email delivery).
- Google Analytics (aggregate usage analytics).
- Cloudflare (CDN and DNS).
- Our hosting provider (server infrastructure).
We may also disclose information if required by law, to protect our rights, or in connection with a corporate transaction.
6. International Transfers
Tidybill is operated from South Africa. Your data may be processed and stored in countries other than your own. Where applicable, we rely on standard contractual clauses or equivalent safeguards for international transfers.
7. Retention
We retain account and invoicing data for the life of your account, plus up to six years after closure to meet tax and accounting record-keeping requirements. After this period, data is deleted or anonymised.
8. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, delete, port, or object to the processing of your personal information, and to withdraw consent for analytics or marketing. To exercise any of these rights, email [email protected]. We will respond within the timeframes required by applicable law.
9. Cookies
We use a small number of essential cookies to keep you signed in and to remember your preferences. Analytics cookies (Google Analytics) help us understand product usage. You can disable cookies in your browser, though some features will not work without essential cookies.
10. Children
The Service is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.
11. Security
We use TLS encryption for all data in transit, hashed passwords, and access controls on production systems. No system is 100% secure; you are responsible for keeping your account credentials confidential and notifying us of any suspected unauthorised access.
12. Changes
We may update this Privacy Policy from time to time. The effective date at the top of this page reflects the most recent revision. Material changes will be communicated via email or in-app notice where reasonable.
13. Contact
Tidybill, South Africa. Privacy enquiries: [email protected].