Privacy Policy

Last updated: February 24, 2026

1. Introduction

Chaseless ("we", "us", "our") operates the invoicing and payment automation platform available at chaseless.dev. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

Chaseless acts as the data controller for your personal data. For questions or requests related to your data, contact us at privacy@chaseless.dev.

3. Data We Collect

3.1 Account Data

When you create an account, we collect:

  • Full name
  • Email address
  • Password (stored as a secure hash, never in plain text)
  • Company or business name (optional)

3.2 Billing Data

When you subscribe to a paid plan, we collect:

  • Payment method details (processed and stored by Stripe — we never store your full card number)
  • Billing address
  • Transaction history

3.3 Business Data

In the course of using the Service, you may input:

  • Client names, email addresses, and contact details
  • Invoice details (amounts, descriptions, due dates)
  • Project and milestone information
  • Payment reminder configurations
  • Late fee rules and parameters

This data is provided voluntarily by you and is essential for the Service to function. You are responsible for ensuring you have the right to store your clients' data through our Service.

3.4 Usage Data

We automatically collect:

  • Browser type and version
  • Device type and operating system
  • IP address (anonymized for analytics)
  • Pages visited and features used within the Service
  • Crash reports and error logs

3.5 Cookies

We use the following types of cookies:

  • Essential cookies — required for authentication and core functionality. Cannot be disabled.
  • Analytics cookies — help us understand how users interact with the Service. Can be opted out of.

We do not use advertising or third-party tracking cookies.

4. How We Use Your Data

We use your data to:

  • Provide and operate the Service (creating invoices, sending reminders, processing payments)
  • Manage your account and subscription
  • Send transactional emails (invoice confirmations, payment receipts, reminder notifications)
  • Communicate important updates about the Service or your account
  • Detect and prevent fraud, abuse, or security incidents
  • Improve the Service through aggregated, anonymized analytics

Legal basis (GDPR): We process your data based on (a) contractual necessity (to provide the Service you subscribed to), (b) legitimate interest (to improve and secure the Service), and (c) your consent (for optional analytics cookies and marketing communications).

5. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with the following categories of third parties, strictly for the purposes described:

  • Stripe — payment processing. Stripe receives your billing data to process subscription payments and client payments. See Stripe's Privacy Policy.
  • Resend — transactional email delivery. Resend processes email addresses and email content to deliver invoices, reminders, and account notifications.
  • Sentry — error monitoring. Sentry receives anonymized error reports and crash data to help us fix bugs and maintain Service reliability.
  • Hosting provider — infrastructure. Our hosting provider stores and processes data as part of running the Service.

All third-party providers are bound by data processing agreements and are required to handle your data in compliance with applicable data protection laws.

6. Data Retention

  • Account data — retained for the duration of your account, plus 30 days after deletion
  • Business data (invoices, clients, projects) — retained for the duration of your account, then deleted within 30 days of account closure
  • Billing records — retained for 10 years as required by French tax law
  • Usage data — anonymized and aggregated after 90 days; raw logs deleted after 90 days
  • Error logs — retained for 30 days

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Secure password hashing
  • Two-factor authentication (optional)
  • Regular security audits and dependency updates
  • Access control and authentication within the Service
  • Rate limiting and abuse prevention

While we take reasonable measures to protect your data, no system is 100% secure. We will notify you promptly in the event of a data breach affecting your personal data, as required by law.

8. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:

  • Right of access — request a copy of your personal data
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your personal data ("right to be forgotten")
  • Right to restriction — request restriction of processing in certain circumstances
  • Right to data portability — receive your data in a structured, machine-readable format (CSV, PDF)
  • Right to object — object to processing based on legitimate interest
  • Right to withdraw consent — withdraw consent for optional data processing at any time

To exercise any of these rights, contact us at privacy@chaseless.dev. We will respond within 30 days.

9. International Data Transfers

Your data may be processed in countries outside the EEA. Where this occurs, we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the service provider's adherence to recognized data protection frameworks.

10. Your Clients' Data

When you use Chaseless to store your clients' contact information and send them invoices or reminders, you act as the data controller for your clients' data. Chaseless acts as a data processor on your behalf.

You are responsible for:

  • Having a lawful basis to store and process your clients' data
  • Informing your clients about how their data is processed
  • Responding to your clients' data subject requests

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least 30 days before they take effect. The "Last updated" date at the top of this page indicates the most recent revision.

13. Contact

For questions, concerns, or requests related to this Privacy Policy or your personal data, contact us at:

Email: privacy@chaseless.dev

You also have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. In France, the supervisory authority is the CNIL (Commission Nationale de l'Informatique et des Libertés).