Privacy Policy

DueDrop is the data controller for personal information processed through duedrop.app and the DueDrop service. You can reach us at privacy@duedrop.app.

Information you provide

• Waitlist details: your email address, the invoicing tool you use, and any optional context you share.
• Account information: name, email, billing details, and workspace settings (once accounts launch).
• Invoice and client data: invoice amounts, due dates, status, and recipient contact details that you connect via your invoicing tool.

Information collected automatically

• Usage analytics: page views, button clicks, device, browser, and approximate location, captured via Google Analytics 4.
• Attribution: UTM parameters (source, medium, campaign, term, content) and the in-app CTA you clicked, so we know which channels work.
• Technical logs: IP address, timestamps, and error traces required to keep the service running and secure.

Information from third parties

• When you connect tools like QuickBooks, FreshBooks, Stripe, or PayPal, we receive invoice and client data through their official APIs using the scopes you authorize.

• Provide, operate, and improve the DueDrop service.
• Send invoice reminders on your behalf to recipients you designate.
• Notify you about your account, billing, and product updates.
• Measure marketing performance and product analytics in aggregate.
• Detect, prevent, and respond to fraud, abuse, and security incidents.
• Comply with our legal obligations.

• Contract: to deliver the service you requested.
• Legitimate interests: to keep DueDrop secure, measure performance, and improve the product.
• Consent: for non-essential cookies and marketing email, where required by law. You can withdraw consent at any time.
• Legal obligation: to retain records for tax, accounting, or regulatory purposes.

We do not sell your personal information. We share it only with:

• Sub-processors that run our infrastructure: Supabase (database & auth), Cloudflare (hosting & CDN), Resend or a similar provider (transactional email), Google Analytics (product analytics), and Stripe (billing).
• Invoice recipients you designate, who receive the reminder emails sent on your behalf.
• Authorities, where required by law or to protect rights, property, and safety.
• Acquirers in the event of a merger, acquisition, or asset sale, subject to confidentiality obligations.

DueDrop is operated from the United States and our sub-processors are based in the US and EU. Where personal data leaves your region, we rely on Standard Contractual Clauses or equivalent safeguards.

We keep waitlist signups until DueDrop launches or you ask us to delete them. Account and invoice data is retained for as long as your account is active and for up to 12 months after closure, plus any period required by law (for example, tax records).

Depending on where you live, you may have the right to:

• Access, correct, or delete your personal data.
• Restrict or object to certain processing.
• Receive a portable copy of your data.
• Withdraw consent or unsubscribe from marketing at any time.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email privacy@duedrop.app. We respond within 30 days.

We use a small number of first-party cookies to keep you signed in and to remember UI preferences. Google Analytics sets its own cookies for aggregate measurement. You can disable cookies in your browser; some features may not work without them.

We protect data with TLS in transit, encryption at rest, role-based access, and Row-Level Security on our database. No system is perfectly secure — please report any vulnerabilities to security@duedrop.app.

DueDrop is not intended for anyone under 16. We do not knowingly collect data from children.

We’ll post any updates here and, for material changes, notify you by email. Continued use of DueDrop after an update means you accept the revised policy.

Questions, requests, or complaints: email privacy@duedrop.app.