Collectly
Sign inStart free

Privacy Policy

Effective date: May 30, 2026 Last updated: May 30, 2026

Template notice: This document is a good-faith starting point generated for compliance review. Have it reviewed by qualified legal counsel and replace the bracketed placeholders before publishing.

This Privacy Policy explains how [Your Company, LLC] ("we", "us") collects, uses, and protects information when you use Collectly (the "Service"). Collectly is not affiliated with Intuit Inc.; QuickBooks is a trademark of Intuit Inc.

1. Information we collect

  • Account data: your email and authentication identifiers, provided via our auth provider (Clerk).
  • QuickBooks data: with your authorization, open invoices, customers, and payment history retrieved from your QuickBooks Online company through Intuit's APIs. This is used only to build your worklist, draft reminders, and compute metrics.
  • Billing data: subscription status and customer identifiers from our payment processor (Stripe). We do not store full card numbers; Stripe handles card data.
  • Usage data: basic logs needed to operate, secure, and debug the Service.

2. How we use information

We use information to provide and improve the Service, authenticate you, sync your QuickBooks data, generate dunning drafts, process payments, provide support, and meet legal obligations. We do not sell your personal information.

3. OAuth tokens & encryption

QuickBooks OAuth access and refresh tokens are encrypted at rest (AES‑256‑GCM) and are used only to call Intuit APIs on your behalf. Refresh tokens are rotated on every refresh. All data in transit is protected with TLS 1.2+.

4. Sharing

We share data only with subprocessors that help us run the Service:

  • Intuit (QuickBooks Online API) — source of accounting data you connect.
  • Neon — database hosting.
  • Clerk — authentication.
  • Stripe — payments.
  • Resend — transactional and (with your action) outbound reminder email.
  • Anthropic — AI drafting of reminder text (invoice metadata is sent to generate a draft; we do not use it to train models).
  • Vercel — application hosting. We may disclose information if required by law or to protect rights and safety.

5. Data retention & deletion

We retain your data while your account is active. Disconnecting a QuickBooks company removes its synced data. You may request deletion of your account and associated data by emailing support@collectly.app; we will delete it within 30 days except where retention is legally required.

6. Your rights (GDPR/CCPA)

Depending on your location you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. EU/UK users: our lawful bases are performance of a contract and legitimate interests. To exercise any right, contact support@collectly.app. California residents may exercise CCPA rights; we do not sell personal information.

7. International transfers

Data may be processed in the United States and other countries where our subprocessors operate, with appropriate safeguards.

8. Security

We employ encryption at rest for secrets, TLS in transit, least‑privilege access, server‑ side authorization on every request, and input validation. No method is 100% secure; we work to protect your data and will notify affected users of material breaches as required.

9. Children

The Service is for businesses and is not directed to children under 16.

10. Changes

We may update this Policy; material changes will be notified in‑app or by email.

11. Contact

Privacy questions or requests: support@collectly.app.