Privacy.
A plain-English summary. The full policy lives below.
In short
We collect what we need to run the service — your account information, the documents you create, and the payments you process. We don't sell data, we don't run ad trackers, and we don't share your client list with anyone.
What we collect
Your name and email from sign-up, the workspace name you pick, the clients and jobs you enter, the documents you issue, the photos you upload, and metadata about payments processed through Stripe. We log basic request diagnostics (status codes, timing) to keep the service healthy.
How we use it
To run the product, to support you when you email us, to bill you for your plan, and to detect abuse. We don't profile you for advertising, and we don't enrich your data with third-party databases.
Sub-processors
Clerk (auth), Neon (database), Vercel (hosting), Stripe (payments), Resend (email). Each holds a narrow slice of data for a narrow purpose.
Your controls
Export clients, jobs, estimates, and invoices to CSV any time. Delete a workspace to erase its content. Email us and we'll confirm a full erase within 30 days.
Questions about how we handle a specific case? Email us from the contact page — we answer every one.
Export, delete, or move on your terms.
Every workspace includes CSV export and a clean delete path.
How we think about your data.
Collect the minimum
If we don't need it to run the service, we don't ask for it and we don't keep it.
Never for sale
Your client list, your jobs, your photos — none of it is a product we resell, rent, or trade.
Encrypted in flight and at rest
TLS on every request, disk-level encryption on every database. Backups are encrypted the same way.
Isolated per workspace
Every query that reads business data carries a workspace filter. Tenant leakage would be a bug, not a feature.
Narrow sub-processors
Each vendor gets only the data they need for the job we hired them for. We keep the list short and public.
Deletable on request
Delete a workspace to erase its content. Email us to confirm a permanent erase, and we'll do it within 30 days.
Practices we have chosen to skip.
- Sell or trade customer data
- Run third-party ad trackers on the app
- Fingerprint devices beyond session identifiers
- Enrich user records with outside data brokers
- Train AI models on your private workspace content
- Share your client list with partners or affiliates
- Email your clients on your behalf without your action
- Keep data longer than we need for service or law
Act on your data.
Clear data practices, simple plan.
No sale of data, no ad trackers, no surprises.
Privacy questions.
Do you train AI on my workspace data?+
No. We don't use your private workspace content to train models, and we don't pass it to third-party AI providers for training.
Can I request a copy or deletion of my data?+
Yes. Export CSVs yourself any time from Settings, or email us at support@falconbill.com to request a full export or permanent deletion. We confirm within 30 days.
Where is the data stored?+
Primary storage is Neon (US regions) for the database and Vercel Blob for files. Stripe holds payment and card data directly. We don't move data outside these providers.
Do you comply with GDPR and CCPA?+
We honor the rights both laws require — access, deletion, portability, opt-out of sale (we don't sell). Email us to exercise any of them.
What about cookies?+
Session cookies from Clerk for auth and a first-party analytics cookie from PostHog. No third-party ad cookies. You can opt out of analytics in Settings.
Try Falcon Bill free. Your first three jobs are on the house, no card required.
Start free