DueTidy
Log inGet started
Privacy

Privacy Policy

Last updated: 10 June 2026

Plain English summary

  • · We collect what we need to help you chase unpaid invoices — nothing extra.
  • · We don't sell your data. We don't advertise. We don't track you across the web.
  • · Stripe handles billing. Supabase stores your account. Resend sends the reminders. Vercel hosts the website.
  • · You can export or delete your data any time.
  • · Questions: support@duetidy.com.

Who we are

DueTidy is operated from the United Kingdom and is the data controller for the account information you give us about yourself and your business.

What we collect

About you (the account holder)

  • Your email address (used to sign in and contact you about your account).
  • Your password — handled by Supabase Auth. We never see or store your raw password.
  • Your business name, signature, reply-to email, phone and bank details if you choose to add them. These appear in the reminders you send.
  • Your Stripe customer ID and subscription status, once you start a Pro trial or pay.

About your customers (entered by you)

  • The customer's name, email, phone, company, and any notes you add about them.
  • The invoices you're tracking: amount, due date, your invoice number, what the work was, where it came from (Xero, Stripe, paper, etc.), payment links and bank instructions.

About the reminders DueTidy sends on your behalf

  • The subject, body and recipient of each reminder.
  • Whether it was sent successfully, and any error returned by Resend.
  • A timeline of activities per invoice — created, snoozed, promised-to-pay, marked paid and so on.

We don't use tracking cookies or third-party advertising scripts. We do use a small number of functional cookies needed to keep you signed in and remember your session.

Why we collect it (lawful basis)

  • Account & service: to perform the contract you have with us when you create an account or send reminders (UK GDPR Article 6(1)(b)).
  • Billing: Stripe processes your payment under its own terms; Stripe is a separate data controller for that specific purpose.
  • Service emails: legitimate interest in operating a safe and reliable service (Article 6(1)(f)).

Who we share it with

We use a small number of carefully chosen providers to actually run DueTidy:

  • Supabase — database and authentication. Your account, customers and invoices live here.
  • Resend — email delivery. The reminders you send go through Resend.
  • Stripe — payments. When you subscribe to Pro, Stripe handles your card. We never see or store card numbers.
  • Vercel — hosting and edge delivery for the website itself.

We do not sell data, share it with advertisers, or send it anywhere else.

Where it's stored

DueTidy is operated from the UK. Our providers run servers in the EU and the US. Where data leaves the UK, our providers rely on UK GDPR-approved transfer mechanisms such as the UK Extension to the EU–US Data Privacy Framework or Standard Contractual Clauses.

How long we keep it

  • Your account: for as long as the account exists. If you delete your account, your profile, customers, invoices and reminder history are deleted automatically.
  • Billing records: Stripe retains billing records for the period required by UK tax law (currently 6 years).
  • Backups: Supabase backups are retained on a short rolling basis and expire automatically.

Your customers' data

When you add a customer to DueTidy, you are the data controller for that person's data — DueTidy is your processor. That means it's your responsibility to:

  • Tell your customers that you use a third-party tool to send reminders, when appropriate.
  • Make sure you have a lawful basis to contact them about payment (usually performance of a contract with them).
  • Honour any data rights they exercise. We'll help by deleting a specific customer record on request from your account.

Your rights

Under UK GDPR you have the right to:

  • Ask what data we hold about you (right of access).
  • Have it corrected if it's wrong (right to rectification).
  • Have it deleted (right to erasure / "the right to be forgotten").
  • Take a copy with you (right to portability).
  • Object to specific processing, or restrict it.

To exercise any of these, email support@duetidy.com.

Complaints

If you're unhappy with how we've handled your data, you can complain to the UK Information Commissioner's Office at ico.org.uk. We'd rather hear from you first — support@duetidy.com — so we can fix it.

Changes to this policy

We'll update this page when our processing materially changes. The "Last updated" date at the top will always reflect the current version. Continuing to use DueTidy after a change counts as acceptance of the new policy.

← Back to DueTidy