SwiftDueSign in

Legal

Privacy Policy

Effective April 29, 2026

SwiftDue ("SwiftDue," "we," "us," or "our") provides automated accounts-receivable reminders for small businesses. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over it.

1. Information we collect

We collect information in three ways:

1.1 Information you give us

  • Account information: name, email address, password (hashed), business name, time zone.
  • Communications: messages you send through support tickets or by replying to our emails.
  • Waitlist signups: if you join the waitlist, we collect your email and (optionally) your name, business type, and estimated invoice volume.

1.2 Information from connected services

  • QuickBooks Online: when you connect QuickBooks, we receive read-only access to your customer list, invoices, payment status, and company info. We do not write to or modify your QuickBooks data.
  • Google (optional): if you sign in with Google, we receive your name, email, and profile photo from Google.
  • Stripe: when you subscribe or your customers pay, Stripe processes the payment and shares limited transaction metadata (amount, status, payment method type) with us. Stripe never shares full card numbers with us.

1.3 Information collected automatically

  • Log and device data: IP address, browser type, referring URL, pages visited, and timestamps. We use this for security, debugging, and abuse prevention (e.g., rate-limiting waitlist signups).
  • Cookies: session cookies for authentication (NextAuth) and minimal first-party cookies for app functionality. We do not use third-party advertising trackers.

2. How we use information

  • To provide the SwiftDue service — sync invoices, send reminders, process subscriptions, and let you sign in.
  • To send transactional emails (signup confirmations, ticket replies, payment receipts, invoice reminders to your customers).
  • To prevent abuse and respond to security incidents.
  • To comply with legal obligations.
  • With your consent, to improve the product (e.g., qualitative feedback shared in support tickets).

We do not sell your personal information, and we do not use it for advertising or share it with advertisers.

3. Service providers we share data with

To run SwiftDue we rely on a small set of vetted vendors. Each receives only what's needed to perform their function:

  • Supabase — managed PostgreSQL hosting (account, invoice, and reminder data).
  • Vercel — application hosting and serverless compute.
  • Intuit (QuickBooks Online) — invoice and customer data source via OAuth 2.0.
  • Stripe — subscription billing and payment processing (PCI-DSS compliant; cards never touch our servers).
  • SendGrid — transactional email delivery (signup, ticket, reminder, and receipt emails).
  • Inngest — scheduled job runner for invoice sync and reminder dispatch.
  • Google — optional OAuth sign-in.

We may also disclose information when required by law, in response to a valid legal process, or to protect the rights, property, or safety of SwiftDue, our customers, or the public.

4. Data retention

We keep account data for as long as your account is active. If you delete your account, we delete your account, customer, invoice, and reminder log records within 30 days, except where we are required to keep records for tax, accounting, or legal compliance (typically up to 7 years for billing records). Waitlist signups are kept until you ask us to remove them.

5. Security

We use TLS for data in transit, encrypt sensitive credentials at rest, hash passwords with bcrypt, and limit production access to a small set of operators. QuickBooks tokens are stored encrypted and scoped to read-only. Despite these measures, no system is perfectly secure — if we become aware of a breach affecting your data we will notify you in accordance with applicable law.

6. Your rights

Depending on where you live, you may have the right to:

  • access the personal information we hold about you;
  • correct or update inaccurate information;
  • request deletion of your account and associated data;
  • export your data in a portable format;
  • object to or restrict certain processing.

To exercise any of these rights, email us at privacy@swiftdue.com. We will respond within 30 days.

7. International transfers

SwiftDue is operated from the United States, and our service providers (Supabase, Vercel, Stripe, SendGrid, Inngest) operate data centers in the United States and other regions. By using SwiftDue you consent to your information being processed in the United States.

8. Children

SwiftDue is intended for businesses and is not directed at children under 13 (or 16 in the EU). We do not knowingly collect personal information from children.

9. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice in the app at least 14 days before the change takes effect. The "Effective" date at the top reflects the latest revision.

10. Contact us

Questions or requests about this Privacy Policy? Email privacy@swiftdue.com.