← Back to ChaseAI

Privacy Policy

Last Updated: February 05, 2026

ChaseAI ("we", "us", "our") is a global SaaS platform for accounts receivable management, accessible worldwide. We prioritize your privacy and comply with key laws, including Nigeria's NDPA 2023, California's CCPA/CPRA, EU GDPR (where applicable), and equivalents in other jurisdictions.

1. Information We Collect

We collect:

  • Personal Information: Email, phone, business name (for auth/reminders). [US CCPA Category: Identifiers]
  • Financial/Invoice Data: Amounts, descriptions, due dates, client details (anonymized/hashed for AI processing). [US CCPA Category: Commercial information]
  • Sensitive Data: None directly (e.g., no health/racial data), but inferred from invoices (handled securely). [US CCPA: Sensitive personal info – opt-out available]
  • Usage Data: Login times, interactions, IP addresses (for security). [US CCPA Category: Internet activity]
  • No Children's Data: We do not knowingly collect data from under-13s (US COPPA compliance).

Sources: Directly from you (sign-up/invoices), automatically (logs), or third parties (Stripe for payments).

2. How We Use Your Information

  • Core services: Invoice creation, AI-personalized reminders (via LLM like Groq/OpenAI).
  • Analytics: Improve predictions (anonymized data to separate microservice).
  • Legal basis: Consent (marketing), contract (services), legitimate interests (fraud prevention).
  • Automated decisions: AI models use your data for risk/timing predictions; you can request human review.

3. Sharing & Disclosures

  • Third parties: Supabase (hosting – US/EU servers), Twilio/Resend (messaging – global), Stripe (payments – US), Groq/OpenAI (AI – US).
  • No selling/sharing for ads: [US CCPA: We do not "sell" or "share" personal info as defined; opt-out link below.]
  • Cross-border transfers: Data may go to US/EU (e.g., AI providers). We use Standard Contractual Clauses (SCCs) or equivalents for adequacy.

In the last 12 months (US CCPA disclosure): We disclosed identifiers/commercial info to service providers for business purposes.

4. Your Privacy Rights

  • Global: Access, correct, delete data; object to processing; withdraw consent.
  • US CCPA/CPRA: Right to know (categories/sources), delete, opt-out of sales/sharing, limit sensitive data use. Non-discrimination for exercising rights.
  • EU GDPR (if applicable): Portability, automated decision explanations.
  • Exercise rights: Email privacy@yourdomain.com (response within 45 days, extendable).

Opt-out of "sales/sharing" (US): [Link to opt-out form or email].

5. Security

Encryption (AES-256), access controls (Supabase RLS), hashing for AI data, regular audits. We report breaches per NDPA/CCPA timelines.

6. Retention & Deletion

Data retained for service needs + legal (e.g., 7 years for financials). Delete on request unless required by law.

7. Cookies & Tracking

We use essential cookies only (no tracking pixels yet). Opt-out via browser settings.

8. Changes & Contact

We notify of material changes. Questions? Email us at:

privacy@yourdomain.com

You may also contact NDPC (Nigeria) or CA AG (US CCPA complaints).