PolishedPay

Privacy Policy

Effective June 18, 2026

This Privacy Policy explains how PolishedPay LLC (“PolishedPay,” “we,” “our”) collects, uses, and shares information when you use the PolishedPaymobile and web applications and related services (the “Service”).

1. Information we collect

1.1 Account information

When you create an account we collect your email address and a hashed password. We do not store your password in plain text.

1.2 Information you put into the app

The Service is designed to help you track your business activity. You may enter and we will store:

  • appointments, services rendered, prices, tips, and payment methods;
  • expenses, recurring costs, and notes;
  • tax-profile details such as filing status, state of residence, and dependents;
  • preferences such as pay-period frequency and time zone.

We do not request or knowingly store Social Security numbers, bank-account numbers, or government-issued IDs.

1.3 Subscription & payment information

Subscriptions are processed by RevenueCat and Stripe. When you purchase a subscription, your card details are entered directly into Stripe's payment form — we never see or store your full card number. We receive a transaction identifier, the plan you purchased, your subscription status, and the renewal / expiration timestamps.

1.4 Device & usage information

We collect basic technical information needed to operate the Service: IP address, browser or device type, operating system, and app version. We use this to debug errors, prevent abuse, and maintain security.

1.5 Waitlist signups

If you join our pre-launch waitlist we collect your email address, the page you signed up from, your IP address, and your browser's user-agent string. We use this only to email you when early access opens.

2. How we use information

  • To provide, maintain, and improve the Service;
  • To authenticate your account and keep it secure;
  • To process subscription payments and manage entitlement;
  • To respond to support requests and contact you about your account;
  • To detect, investigate, and prevent fraud or abuse;
  • To comply with legal obligations.

We do not sell your personal information, and we do not use your business data to train machine-learning models.

3. Third-party processors

We use the following service providers to operate the Service. Each processes only the data necessary for its function:

  • Supabase — application database and authentication (account, app data).
  • RevenueCat — subscription management (purchase and entitlement state).
  • Stripe — payment processing (card data, billing address, transaction history).
  • Apple — App Store delivery and (where you choose it) Sign in with Apple.
  • Google Workspace — outbound email from our support and notification addresses.
  • Vercel — web hosting and edge delivery.

We do not authorize these processors to use your information for their own purposes beyond providing the contracted service.

4. Data retention

We retain your account and application data for as long as your account is active. If you delete your account, we delete or anonymize personal information within 30 days, except where we are required to retain it for legal, tax, or fraud-prevention purposes. Subscription transaction records are retained for at least seven years to satisfy financial-records requirements.

5. Your rights

Depending on where you live, you may have the right to:

  • access the personal information we hold about you;
  • correct inaccurate information;
  • delete your account and associated data;
  • export a copy of your data in a portable format;
  • object to or restrict certain processing;
  • withdraw consent where processing is based on consent.

To exercise any of these rights, email privacy@polishedpay.com. We will respond within 30 days.

6. Security

We use industry-standard safeguards including TLS for data in transit, encryption at rest for our database, hashed passwords, and least-privilege access for staff. No system is perfectly secure, but we work hard to keep yours safe and will notify affected users in the event of a breach as required by law.

7. Children

The Service is not directed to children under 13 (or under 16 in jurisdictions where that is the minimum age). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

8. International transfers

We are based in the United States, and our processors operate servers in the United States and other countries. By using the Service you understand that your information may be transferred to, stored, and processed in countries other than your own.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective” date at the top and, for material changes, notify you by email or in-app notice before the changes take effect.

10. Contact us

Questions about this policy or our data practices? Reach us at privacy@polishedpay.com. Postal mail can be sent to the address on our contact page.