PRIVACY POLICY

01WHAT INFORMATION WE COLLECT

We collect three categories of information.

a) Information you give us directly:

• —Name and email address when you request access or create an account.
• —Business name, ABN, address, and other business details you add to your profile.
• —Invoice data you create in the Service, including amounts, due dates, currency, line items, client names, and client email addresses.
• —Reminder settings, payment terms, late-fee settings, and message tone settings you configure.
• —Support enquiries and correspondence you send to us.

b) Information collected automatically:

• —Log data: IP address, browser type, pages visited, timestamps, and referring URLs when you access the Service.
• —Device information: operating system, device type, and browser version.
• —Essential cookies and authentication session data.
• —Usage data: features you use, actions you take, and frequency of use.
• —Analytics data from Vercel Analytics so we can understand reliability and product usage.

c) Information from third parties:

• —Authentication session information from Supabase when you log in.
• —Invoice payment status information from Stripe, relating to invoices your clients pay.
• —Subscription billing information from Stripe, relating to your own RedLine subscription, including your plan, billing currency, payment status, and the last four digits and card type of your payment method.
• —Email delivery status information from Resend.

02HOW WE USE YOUR INFORMATION

We use your information to:

• —Create and manage your account.
• —Provide the Service, including invoice creation, invoice payment links, invoice emails, reminder emails, activity records, and exports.
• —Manage your RedLine subscription, including processing recurring monthly subscription charges through Stripe, applying your plan limits, and handling plan changes and cancellations.
• —Send transactional emails, including magic-link sign-in emails, invoice emails, reminder emails, subscription and billing notices, support responses, and policy notices.
• —Respond to your support requests.
• —Monitor and improve reliability, security, and performance.
• —Detect and prevent fraud, abuse, and security incidents.
• —Comply with our legal obligations.

We do not sell your personal information to third parties. We do not use your data to train machine-learning models.

03YOUR CLIENT DATA

When you use RedLine you provide contact information for your clients and invoice recipients. This is personal information about third parties.

• —You are responsible for your clients' data.
• —We use your clients' data only to provide the Service on your instructions.
• —We do not use your clients' data for our own marketing.
• —You are responsible for ensuring you have a lawful basis to share your clients' contact details with us and to send them emails using the Service.

04SUB-PROCESSORS

We share data with the following third-party service providers to operate the Service:

• —Supabase: database storage and user authentication. Data shared: account data, invoice data, client contact details, and session data. Privacy policy: supabase.com/privacy.
• —Vercel: hosting, functions, and analytics. Data shared: log data, request metadata, and analytics events. Privacy policy: vercel.com/legal/privacy-policy.
• —Stripe: invoice payment processing and subscription billing. Data shared for invoice payments: invoice payment metadata, amounts, currency, and payer information needed for Stripe Checkout. Data shared for your subscription: your name, email address, billing currency, chosen plan, and payment method details, processed by Stripe so you can pay for and manage your RedLine subscription. Privacy policy: stripe.com/privacy.
• —Resend: transactional email delivery. Data shared: email addresses and outbound email content. Privacy policy: resend.com/legal/privacy-policy.
• —Cloudflare: DNS, CDN, and security. Data shared: IP addresses and request metadata. Privacy policy: cloudflare.com/privacypolicy.

We require sub-processors to protect your data in a manner consistent with this policy. We do not authorise sub-processors to use your data for their own purposes beyond what is needed to provide their services to us.

05DATA RETENTION

We retain your data while your account is active and for a reasonable period after account access ends so you can request export or correction. Some data may be retained longer where required by law, dispute handling, security logs, or backup processes.

Log and usage data is typically retained for up to 90 days unless needed for security, reliability, or legal reasons.

06YOUR RIGHTS

Under the Australian Privacy Act and the Australian Privacy Principles you have the right to:

• —Access the personal information we hold about you.
• —Request correction of inaccurate or incomplete information.
• —Request deletion of your personal information, subject to legal retention requirements.
• —Make a complaint about how we have handled your information.

To exercise any of these rights, contact us at support@redlineinvoices.com. We will respond within 30 days where practical.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

07SECURITY

We take reasonable technical and organisational measures to protect your personal information from unauthorised access, disclosure, alteration, or destruction. These include:

• —Encryption of data in transit using TLS.
• —Access controls limiting who can access production data.
• —Use of established third-party infrastructure providers with strong security track records.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security. If we become aware of a data breach that is likely to result in serious harm, we will notify affected users and the OAIC in accordance with the Notifiable Data Breaches scheme.

08COOKIES AND ANALYTICS

We use cookies and similar technologies to:

• —Keep you signed in during your session.
• —Understand how users interact with the Service through analytics.
• —Protect the Service from abuse.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using the Service.

We do not use third-party advertising cookies.

09CHILDREN

The Service is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such information, contact us and we will delete it promptly where lawful.

10INTERNATIONAL DATA TRANSFERS

Our sub-processors may store or process data outside Australia. We select providers with published privacy and security programs and take reasonable steps to use providers with appropriate data protection standards.

11LINKS TO OTHER WEBSITES

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies.

12CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. If we make material changes we will notify you by email or by a prominent notice in the Service where practical.

The "last updated" date at the top of this policy reflects when it was last revised. Continued use of the Service after a change constitutes acceptance of the updated policy.

13CONTACT

For privacy questions, access requests, or complaints:

Email: support@redlineinvoices.com Website: redlineinvoices.com New South Wales, Australia