Privacy Policy

Cashday (“we”, “our”, “us”) is an online invoice generation tool operated at cashday.app. We help freelancers and small businesses create professional PDF invoices. This Privacy Policy explains how we handle information when you use our service.

Anonymous users (no account): We do not collect any personal information. Invoice data you enter is processed entirely in your browser and is never transmitted to or stored on our servers. No cookies are set, no tracking pixels are loaded.

Registered users (Pro plan): When you create an account we collect:

• Email address (for authentication and billing notifications)
• Name and business name (as entered in your profile)
• Invoice data you choose to save (stored encrypted in our database)
• Payment information is processed by Stripe and never stored by us
• Usage analytics (page views, feature usage) via privacy-first analytics

• To provide and improve the Cashday service
• To send transactional emails (invoice sent confirmations, payment receipts)
• To send product updates and billing notifications (you can unsubscribe at any time)
• To detect and prevent fraud or abuse
• To comply with legal obligations

Registered user data is stored on Supabase (PostgreSQL) servers located in the European Union. All data in transit is encrypted via TLS 1.3. Data at rest is encrypted using AES-256. We apply row-level security policies so that each user can only access their own data.

Anonymous invoice data entered on the homepage is never sent to our servers. It exists only in your browser's memory during your session.

We use the following third-party services:

• Stripe — payment processing. Subject to Stripe's Privacy Policy.
• Supabase — database and authentication for registered users.
• Vercel — hosting and CDN.

We do not sell your data to third parties, ever.

Depending on your location, you may have the right to:

• Access a copy of the personal data we hold about you
• Correct inaccurate personal data
• Request deletion of your account and all associated data
• Object to or restrict certain processing activities
• Data portability (receive your data in a machine-readable format)

To exercise any of these rights, email us at privacy@cashday.app. We will respond within 30 days.

We retain your account data for as long as your account is active. If you delete your account, all personal data is purged within 30 days, except where we are required to retain it for legal or tax compliance purposes (typically 7 years for billing records).

Cashday is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it immediately.

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email at least 14 days before they take effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.