Privacy Policy

1. What we collect

When you sign up for Citofact, we store the email address and profile information provided by your identity provider (Google), the company name and currency you enter during onboarding, and any branding assets (logo, accent color) you upload.

When you create invoices, we store the invoice contents you author — line items, client contact details, totals, due dates, and payment status.

2. What we don't collect

We do not see or store your clients' payment card details. Payments are processed by Stripe directly; Citofact only receives event notifications confirming payment status.

3. Third-party processors

We use the following sub-processors to operate the service: Supabase (database and authentication), Stripe (payments), Resend (transactional email), Cloudflare (DNS and edge hosting), and Render (API hosting).

4. Your rights

You can export or delete your data at any time by emailing privacy@citofact.com. We will respond within 30 days.

5. Contact

Questions about this policy? Email privacy@citofact.com.