Privacy Policy

Last Updated: November 24, 2024

SenditSheets ("we," "our," or "us") operates the senditsheets.com website and the PO Converter application (the "Service"). This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

Definitions

For the purposes of this Privacy Policy:

• "Personal Data" means any information relating to an identified or identifiable natural person.
• "Processing" means any operation performed on Personal Data, including collection, storage, use, or deletion.
• "Data Controller" means the entity that determines the purposes and means of processing Personal Data (SenditSheets).
• "Data Processor" means an entity that processes Personal Data on behalf of the Data Controller.
• "Document Data" means the content of documents you upload for processing, including purchase orders, invoices, receipts, and checks.
• "Service" means the senditsheets.com website and PO Converter application.
• "Third-Party Services" means external services we use to provide functionality (e.g., Azure, Stripe, Supabase).
• "Cookies" means small text files placed on your device to enable Service functionality.
• "User" or "You" refers to the individual using our Service.

Your Consent

By using our Service, you consent to the collection and use of information in accordance with this Privacy Policy. When you create an account, you explicitly consent to:

• The processing of your Personal Data as described in this policy
• The use of essential cookies for Service functionality
• The transfer of data to our Third-Party Service providers for processing
• Receiving service-related communications (account, security, billing)

You may withdraw consent at any time by deleting your account or contacting us. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

1. Information We Collect

1.1 Information You Provide

• Account Information: Email address, name, and password (securely hashed) when you create an account
• Document Data: Purchase orders, invoices, receipts, and checks you upload for processing
• Payment Information: Billing details processed securely through Stripe (we do not store credit card numbers)
• Usage Data: Information about documents processed, processing counts, and feature usage

1.2 Information Collected Automatically

• Log Data: IP address, browser type, browser version, pages visited, time and date of visit
• Cookies: Session cookies for authentication and user preferences
• Device Information: Device type, operating system, unique device identifiers

2. How We Use Your Information

We use the collected information for various purposes:

• To provide and maintain our Service
• To process your documents using Azure Document Intelligence
• To manage your account and subscription
• To process payments through Stripe
• To track usage for billing purposes
• To provide customer support
• To detect, prevent and address technical issues
• To send you service-related emails (account verification, password resets, billing notifications)

3. Data Processing and Storage

3.1 Document Processing

• Documents are processed through Azure Document Intelligence API
• Processed data is stored securely in our database for your continued access
• Original documents and processed data remain in your account until you manually delete them
• You have full control over when to delete your documents through your account dashboard
• All document transmission is encrypted using SSL/TLS
• Deleted documents are permanently removed from our systems within 48 hours

3.2 Data Retention

• Account data: Retained while your account is active and until you request deletion
• Processed document data: Stored until you manually delete it from your account
• Original uploaded files: Retained until you choose to delete them
• Usage logs: Retained for 12 months for billing and audit purposes
• You have full control to delete your documents and data at any time through your account dashboard
• Upon account deletion request, we will remove all your data within 30 days

4. Data Sharing and Third-Party Services

We work with trusted third-party services to provide our Service:

4.1 Service Providers

• Supabase: Authentication and database services
• Azure Document Intelligence: Document processing and OCR
• Stripe: Payment processing (PCI compliant)
• Resend: Transactional email service

4.2 We Do NOT:

• Sell, rent, or trade your personal information
• Share your documents with third parties except for processing
• Use your data for advertising purposes
• Access your documents except for support purposes with your consent

5. Data Security

We implement appropriate security measures to protect your personal information:

• SSL/TLS encryption for all data transmission
• Encrypted database storage
• Secure password hashing using industry standards
• Regular security audits and updates
• Access controls and authentication for all systems
• Isolated data processing for each user

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

6. Your Rights and Choices

6.1 You have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and associated data
• Export: Download your processed documents and data
• Opt-out: Unsubscribe from marketing communications
• Restrict Processing: Limit how we use your data

6.2 How to Exercise Your Rights

You can exercise most of your rights directly through your account dashboard:

• Delete documents: Use the delete button next to each document in your dashboard
• Export data: Download your processed documents anytime from your account
• Update information: Edit your profile in account settings
• Delete account: Request full account deletion in account settings

For additional privacy requests or assistance, contact us at privacy@senditsheets.com. We will respond within 30 days.

7. Cookies and Tracking

We use essential cookies to:

• Maintain your session when logged in
• Remember your preferences
• Ensure security features work properly

You can control cookies through your browser settings, but disabling cookies may limit Service functionality.

8. Children's Privacy

Our Service is not intended for use by children under 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal data, please contact us.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including:

• Standard contractual clauses with service providers
• Compliance with applicable data protection laws
• Use of services that maintain appropriate certifications

10. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your data based on:

• Contract: To provide the Service you've signed up for
• Legitimate Interests: To improve our Service and prevent fraud
• Consent: For marketing communications (which you can withdraw anytime)
• Legal Obligations: To comply with applicable laws

11. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising privacy rights

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email for significant changes

Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Information