Last Updated: October 27, 2025
Invoice Nudge ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and our software-as-a-service platform (the "Service").
We are an Australian based company, and this policy is designed to comply with the Australian Privacy Act 1988 and its Australian Privacy Principles (APP), as well as to incorporate key principles from the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) for our international users.
By using the Service, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
We collect the minimum information necessary to provide and improve our Service.
Personal Information: When you create an account, we collect your name and email address.
Authentication Tokens: To connect your third-party accounts, we securely collect and store encrypted OAuth2 access and refresh tokens for your accounting (Xero, QuickBooks) and email (Google, Microsoft) providers. We never see or store your actual passwords for these services.
Payment Information: We do not collect or store your credit card details. All payments are processed by our third-party payment processor, Polar.sh.
2. Information We Access (But Do Not Store)
Our Service's core function requires real-time access to data in your connected accounts. We are not a system of record and do not store or "sync" this information to our database.
Accounting Data: We perform real-time "GET" requests to your Xero or QuickBooks account to identify overdue invoices. This includes accessing invoice numbers, amounts, due dates, and your customer's contact details (name and email). This data is not stored on our servers and is only used temporarily to create an email draft.
Email Data: We perform real-time searches of your Gmail or Outlook account to find previous email communications with your customer. This is used to provide context to the AI for drafting. We do not store the content of your emails.
3. How We Use Your Information
We use the information we collect and access for the following purposes:
To create and manage your account.
To provide the Service, including:
Authenticating with your third-party accounts.
Fetching overdue invoice data.
Searching email history for context.
Transmitting relevant data to our AI partner (OpenAI) to generate a draft.
Creating the final draft email in your connected email account.
To process your payments and subscriptions.
To communicate with you about your account, support requests or informative content.
4. How We Share Your Information
We do not sell, trade, or rent your Personal Information. We may share information with the following third-party service providers (our "sub-processors") who perform services for us:
Accounting Providers (Xero, Intuit): We use their APIs to access your invoice data.
Email Providers (Google, Microsoft): We use their APIs to search your email and create drafts.
AI Provider (OpenAI): We send anonymized invoice details and email snippets to generate a draft. We do not send your personal email or name.
Database Provider (Supabase): Hosts our production database (e.g., your user record, encrypted tokens).
Hosting Provider (Google Cloud Platform): Hosts our application logic.
Automation Platform (n8n): Powers our backend workflows.
Payment Processor (Polar.sh): Handles all subscription billing.
We may also disclose your information if required by law, to protect our rights, or in the event of a merger or acquisition.
5. Data Security
We use administrative, technical, and physical security measures to protect your information. Key measures include:
Encryption: All OAuth tokens are stored in an encrypted format in our database.
Secure Infrastructure: We leverage secure, enterprise-grade cloud providers (GCP and Supabase).
Data Minimization: As stated, we do not store your sensitive invoice or email data, which fundamentally limits our risk and your exposure.
6. Data Retention
We retain your Personal Information (name, email) and encrypted OAuth tokens for as long as your account is active. If you delete your account, we will delete this information from our production systems within 30 days.
7. Your Data Rights
You have rights over your personal information. Depending on your location, these may include:
Right to Access: You can request a copy of the personal information we hold about you.
Right to Correction: You can update your account information at any time.
Right to Deletion: You can delete your account at any time, which will trigger the deletion of your personal information and connection tokens.
8. Jurisdictional Provisions
For Australian Users: We comply with the Australian Privacy Act 1988. If you have a complaint, please contact us. If you are not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC).
For EU/UK Users (GDPR):
Data Controller: Invoice Nudge is the Data Controller for your Personal Information.
Legal Basis: We process your data based on (a) Performance of a Contract (to provide the Service you paid for) and (b) Your Consent (which you provide when connecting your third-party accounts).
Your Rights: You have the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority.
For US/Canadian Users (CCPA):
We do not "sell" your personal information as defined by the CCPA.
You have the right to request (a) the categories of personal information we have collected and (b) the deletion of your personal information.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.
10. Contact Us
If you have any questions about this Privacy Policy, please contact us.