Draft Status
This privacy policy is a working draft for the validation sprint and is not final legal copy. The operating product must be reviewed against the final data flows, providers, jurisdictions, and customer commitments before launch.
Draft updated July 3, 2026
DRAFT - human legal review required
This page is a working draft for the PaidUp validation sprint. It must be reviewed by qualified counsel before it is treated as final legal copy.
This draft policy explains how PaidUp handles audit requests, account details, invoice information, customer records, message workflow data, billing, analytics, and security logs.
This privacy policy is a working draft for the validation sprint and is not final legal copy. The operating product must be reviewed against the final data flows, providers, jurisdictions, and customer commitments before launch.
We collect account details, workspace name, plan status, audit request details, invoice and customer information you submit or later connect, message drafts and approvals, support messages, device and usage data, and security logs.
For free invoice audits, we collect the submitted name, email, company, accounting software selection, estimated overdue amount, referrer, user agent, source, and network metadata needed to receive and follow up on the request.
When accounting integrations or manual workflows are enabled, we process invoice, customer, payment, promise, dispute, message, approval, and recovery-attribution data needed to operate PaidUp workflows.
Stripe, PostHog, Resend, hosting, database, AI, email, accounting, and infrastructure providers may process relevant data when configured. Development mode can use mock providers.
We use information to authenticate users, operate plans, receive audit requests, prepare invoice follow-up workflows, classify replies, attribute recovered cash, detect abuse, improve reliability, and provide support.
Payments are processed by Stripe when configured. We store plan status, invoice references, subscription identifiers, checkout status, and Stripe identifiers needed to manage billing, but not full payment card numbers.
We do not publish customer invoice or debtor details. We share data with service providers only as needed to operate PaidUp, process billing, provide support, protect the service, or comply with lawful obligations.
We retain account, plan, invoice workflow, message, payment attribution, audit request, and security data for as long as needed to provide the service, meet obligations, resolve disputes, and operate backups. We use tenant scoping, access controls, protected API routes, and transport security.
You can choose what integrations to connect, what drafts to approve, what data to submit, and contact support@toolmino.com for account or privacy requests.