Privacy Policy
What we collect, why we collect it, and how you can control it.
Last updated: 27 February 2026
1. What We Collect
Account information
When you sign up, we collect your email address. That's the only piece of personal information required to create an account.
Invoice and client data
To run the service, we store the information you enter: client names, client email addresses, invoice amounts, due dates, and reference numbers. You may also optionally provide your business name and a reply-to email address.
Payment information
Payments are handled by Stripe. We don't store your card number or payment details — Stripe does that securely on their end. We do store your Stripe customer ID and your current subscription plan status.
Technical data
Vercel, our hosting provider, collects standard server logs including IP addresses and browser information as part of normal web infrastructure operation. We don't run additional tracking pixels, advertising scripts, or behavioural analytics.
2. How We Use Your Data
We use your data to:
- Operate the service — sending reminder emails to your clients on your behalf, based on the rules you've set
- Process billing — managing your subscription via Stripe and sending billing receipts
- Communicate with you — magic link sign-ins, account notifications, and important service updates
- Improve DuePrompt — we may use anonymised, aggregated usage patterns (never individual data) to inform product decisions
We do not sell your data. We do not use it for advertising. We do not share it with third parties beyond what's needed to operate the service.
3. Your Clients' Data
When you use DuePrompt, you provide your clients' names and email addresses so we can send reminders on your behalf. You are responsible for having a legitimate basis to store and contact them — for example, an outstanding invoice from an existing business relationship.
DuePrompt processes this data solely as your service provider. We don't use your clients' information for any purpose beyond delivering the reminders you've configured.
4. Third-Party Services
We use the following providers to operate DuePrompt. Each has their own privacy policy:
| Service | Purpose | Privacy policy |
|---|---|---|
| Stripe | Payment processing | stripe.com/privacy |
| Resend | Email delivery | resend.com/legal/privacy-policy |
| Vercel | Hosting & infrastructure | vercel.com/legal/privacy-policy |
| Upstash Redis | Rate limiting & caching | upstash.com/trust/privacy.pdf |
Client names and email addresses pass through Resend when reminder emails are sent. Resend processes this data solely to deliver the email.
5. Data Storage and Security
Your data is stored on servers operated by Vercel, primarily based in the United States. We use HTTPS for all data in transit. Access to production data is restricted to what's necessary to operate and maintain the service.
No system is completely secure. While we take reasonable precautions to protect your data, we can't guarantee absolute security. If we become aware of a breach affecting your data, we'll notify you promptly.
6. Data Retention
We retain your data while your account is active. When you delete your account:
- Invoice and client data is deleted within 30 days
- Your email address is purged from backup systems within 90 days
- Billing records (Stripe transaction data) may be retained for up to 7 years as required by New Zealand tax law
7. Your Rights
Under the New Zealand Privacy Act 2020, you have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Delete your data — available via Settings → Delete Account, or by emailing us
- Export your data — available via Settings → Export Data
If you're in the European Economic Area, you may also have rights under GDPR, including the right to restrict processing and to lodge a complaint with your local supervisory authority.
To exercise any of these rights, email support@dueprompt.com.
8. International Data Transfers
Our infrastructure is primarily US-based (Vercel). By using DuePrompt, you consent to your data being stored and processed outside New Zealand. We ensure the providers we use maintain appropriate data protection standards consistent with New Zealand law.
9. Children
DuePrompt is a business tool intended for adults. We don't knowingly collect personal information from anyone under 18. If you believe a minor has created an account, contact us at support@dueprompt.com and we'll remove it promptly.
10. Changes to This Policy
If we make material changes to this privacy policy, we'll notify you by email before they take effect. The date at the top of this page will always reflect when it was last updated.
11. Contact
Privacy questions or concerns? Email us at support@dueprompt.com. We're a small team and we take these seriously.