Privacy Policy
Last updated: January 2026
At Floatless, we believe that your data belongs to you. We are an infrastructure company, not an ad-tech company. We make money by charging you a subscription fee for our software, not by selling your information.
Here is our transparent guide to how we handle your data.
1. Information we collect
TL;DR: We collect your business details to set up your account, and we process your customers' details so you can send them invoices.
Your Account Data (The "Merchant")
To provide our service, we collect information about you and your business:
- Identity: Your name, email address, and password.
- Business Info: Company name, address, tax IDs (e.g., VAT/EIN), and banking details for payouts.
- Usage Data: Logs of how you use our dashboard to help us improve usability.
Your Customers' Data (The "End-Customer")
As a billing platform, you entrust us with personal data about your customers. We act as a Data Processor for this information:
- Contact Info: Names and emails of the people you are billing.
- Billing details: Addresses and tax status required for compliant invoices.
- Payment Tokens: We do not see raw credit card numbers. These are securely tokenized via Stripe.
2. How we use this data
TL;DR: We use data to generate PDF invoices, calculate taxes, and collect money. We don't train public AI models on your private revenue data.
We use your data solely to fulfill our contractual obligation to you:
- Core Service: Generating invoices, calculating tax liabilities, and facilitating payments.
- Notifications: Sending invoice emails to your customers on your behalf.
- Compliance: Performing KYB (Know Your Business) checks to prevent money laundering.
- Support: Helping you debug billing errors when you contact us.
We strictly DO NOT:
- Sell your data to third parties.
- Share your customer lists with competitors.
- Use your private financial data to train public AI models.
3. Sub-processors
TL;DR: We run on Render and Supabase, protect traffic with Cloudflare, and process money with Stripe.
To provide a secure and reliable service, we use a select group of trusted sub-processors. We have Data Processing Agreements (DPAs) in place with each.
| Provider | Purpose | Location |
|---|---|---|
| Render | Cloud Hosting | USA |
| Supabase | Database Storage | USA |
| Stripe | Payment Processing & Identity Verification | USA |
| Cloudflare | DNS, CDN, and DDoS Protection | Global |
4. Data Retention & Deletion
TL;DR: We keep data while you remain a customer. If you leave, we delete it after a grace period. Since we are a financial tool, some laws require us to keep tax records for a set number of years.
- Active Accounts: We retain your data for as long as your account is active.
- Deletion: If you cancel your account, you can request full data deletion. We will purge your data within 60 days, except for specific financial records we are legally required to retain by tax authorities (e.g., for 7 years).
- Backups: Encrypted backups are retained for 30 days for disaster recovery purposes.
5. Security Measures
TL;DR: We use bank-grade encryption. We don't store credit card numbers.
We implement industry-standard security measures to protect your data, including:
- Encryption in Transit: All data sent between your browser and our servers is encrypted via TLS 1.3.
- Encryption at Rest: Sensitive database fields and backups are encrypted on disk.
- Access Controls: Internal access to customer data is restricted to employees with a specific business need (e.g., Support Engineers).
- No Raw Cards: We never touch or store raw credit card numbers. They go directly to Stripe.
Contact Us
If you have questions about this policy or want to exercise your GDPR/CCPA rights, please contact our Data Protection Officer at privacy@floatless.com.