Privacy Policy
Effective July 2026 · Beta
What we collect.Account details (name, email, password hash or Google account identifier), and the practice data you enter or connect: clients, calendar events from feeds you add, time entries, deliverables, invoices, agreements, and income records. Signature records for agreements include the signer's name, title, email, timestamp, and IP address.
What we don't do. We do not sell your data, use it for advertising, or train AI models on it. Your practice data is visible only to your account.
Calendar feeds. Calendar URLs you add are stored so we can refresh events. Treat these as secrets; you can remove a feed (and its events) at any time, and you can regenerate the URL at your calendar provider to revoke access.
Public links. Invoices and agreements you choose to share get unguessable link tokens. Anyone with such a link can view that single document — share links only with the intended recipient. Recalling an agreement rotates its link.
Service providers. Hosting (Railway), email delivery (Resend), and error monitoring (if enabled: Sentry) process data on our behalf to run the service. If you connect Stripe in the future, payment data is handled by Stripe under its own terms.
Retention and deletion. Data is retained while your account is active. Email us to export or permanently delete your account and data.
Security. HTTPS in transit, passwords hashed with scrypt, session cookies are httpOnly and secure. No system is perfectly secure; report concerns to the address below.
Changes. Material changes will be announced by email.
Contact: [email protected]