Privacy Policy

At Vendor Ghosted, we are committed to protecting your privacy. This Privacy Policy describes how we collect, use, and safeguard your personal information when you use our invoice follow-up service.

1. Information We Collect

To provide our services, we collect information that you explicitly share with us, as well as data from integrated services:

• Account Information: When you sign up via Clerk, we collect your name, email address, and billing information.
• Google API and Gmail Data: When you connect your Gmail account via OAuth 2.0, we request permission to send emails and read messages. We store encrypted OAuth tokens to access the Gmail API on your behalf. We only read emails within threading contexts to map replies to your invoice sequences and prevent sending subsequent chaser emails when a client replies.
• Invoice Details: We store details of invoices you add manually or forward, including client names, email addresses, payment due dates, currencies, and invoice amounts.
• Tone Samples: We store sample emails you voluntarily upload to guide our AI (Claude Haiku) in matching your natural writing style.

2. How We Use Your Information

We use the information we collect for the following business purposes:

• To construct, customize, schedule, and send follow-up emails on your behalf.
• To customize the tone of chaser drafts based on your provided tone samples.
• To identify when a client has replied to an invoice chaser in order to automatically pause or skip subsequent follow-up steps.
• To manage and process subscription payments through Stripe.
• To improve the quality, accuracy, and reliability of our follow-up extraction tool.

3. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We only share data with trusted third-party subprocessors necessary to deliver our application:

• Clerk: For secure user authentication and identity management.
• Stripe: For secure billing and subscription handling. We do not store or process card numbers on our servers.
• Anthropic: To generate personalized chaser drafts via the Claude API. Your data is sent as context for prompt generation and is not used to train Anthropic's public models.
• Database and Hosting Providers: To store app state and deliver services securely.

4. Gmail Data Protection and Policies

Vendor Ghosted's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use your Gmail content to target advertisements, compile user profiles for marketing, or share with brokers.

5. Data Security

We implement robust security measures to protect your credentials and private information. All Google refresh tokens are stored encrypted at rest. Communication between our services, our database, and external APIs is fully encrypted in transit using SSL/TLS.

6. Your Rights and Data Deletion

You have the right to access, modify, or delete your account data at any time. You can disconnect Gmail in your settings, which will immediately delete your encrypted tokens from our database. If you delete your account, all associated invoices, sequences, chasers, and tone samples are permanently purged from our active systems.