PolicyGen PolicyGen Try the generator →

Legal

Privacy Policy

Effective date: March 24, 2026 · Last updated: March 24, 2026

PolicyGen ("we", "our", or "us") operates policygen.app (the "Service"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

By using the Service you agree to the collection and use of information described here.

1. Information We Collect

Account information

When you create an account or sign in, we collect your email address. This is managed by Supabase (our authentication provider) and is used solely to identify your account and send transactional emails (e.g. email confirmation, password reset).

Payment information

If you purchase a Pro licence, your payment is processed by Stripe. We do not store your card number, CVV, or full payment details. Stripe provides us with a confirmation of payment and a customer reference. See Stripe's Privacy Policy.

Document form data

The answers you enter in the policy generator (company name, website URL, contact email, etc.) are processed entirely in your browser. We do not transmit or store your form inputs on our servers.

Usage data

We may collect standard server logs including IP address, browser type, pages visited, and timestamps. This data is used to maintain the security and reliability of the Service and is not used for advertising profiling.

2. How We Use Your Information

  • To create and manage your account
  • To process your Pro purchase and verify payment status
  • To send transactional emails (account confirmation, password reset)
  • To respond to support requests
  • To maintain the security and operation of the Service
  • To comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising.

3. Third-Party Service Providers

We share data with the following providers only to the extent necessary to operate the Service:

Provider Purpose Privacy Policy
Supabase Authentication & database supabase.com/privacy
Stripe Payment processing stripe.com/privacy
Vercel Web hosting & CDN vercel.com/legal/privacy-policy
Resend Transactional email resend.com/legal/privacy-policy

4. Cookies

We use only functional cookies necessary to maintain your login session (set by Supabase). We do not use advertising or tracking cookies. You may disable cookies in your browser settings, but this will prevent you from staying signed in.

5. Data Retention

We retain your account data (email address and Pro status) for as long as your account is active. If you delete your account or request deletion, we will remove your personal data within 30 days, except where we are required by law to retain it (e.g. payment records for tax purposes, which are retained for 7 years).

6. Your Rights

GDPR (EEA/UK residents)

If you are located in the European Economic Area or United Kingdom, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Portability — receive your data in a machine-readable format
  • Restriction — request that we limit processing of your data
  • Objection — object to processing based on legitimate interests

Our legal basis for processing your data is contract performance (providing the Service) and legitimate interests (service security and fraud prevention).

CCPA (California residents)

California residents have the right to know what personal information we collect, to request deletion, and to opt out of the sale of personal information. We do not sell personal information.

7. Data Security

We use industry-standard security measures including HTTPS encryption, secure authentication via Supabase, and access controls. However, no method of transmission over the internet is 100% secure.

8. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you become aware that a child has provided us with personal data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email if changes are material. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes constitutes acceptance.

10. Contact

To exercise your rights, ask questions, or request account deletion, contact us at:

Email: privacy@invoicebench.com

We will respond within 30 days.