Privacy Policy

1. What we collect

From you (the merchant):

• Account info — email, password hash, business name.
• North credentials — API key, checkout ID, profile ID. Encrypted before storage; see Security.
• Settings — language, brand color, default invoice terms, logo URL.

From your customers:

• Name, email, phone, company, preferred language, and the transactions you create for them.

2. How we use it

• To send checkouts and invoices on your behalf.
• To poll North for transaction status updates.
• To deliver the AI features that power the chat.
• To fix bugs and improve the product.

We do not sell personal information. We do not use customer email addresses for marketing.

3. AI processing

When you send a chat message, we forward the conversation context and a redacted version of your customer list to Anthropic for inference. API keys, secrets, and your password are never sent to the model. Anthropic does not retain or train on this data per our agreement.

4. Sub-processors

• Firebase (Google) — authentication and database.
• Vercel — hosting and edge delivery.
• Resend — outbound branded email delivery.
• Anthropic — AI inference for the chat copilot.
• North — payment processing.

5. Cookies and storage

We use a single first-party cookie to keep you signed in. The marketing site stores your theme preference (dark or light) in browser localStorage. We do not use third-party tracking cookies.

6. Your rights

You can export or delete your data at any time from settings. To request data on a customer's behalf or for any other privacy question, email privacy@vibeandpay.com. We respond within 30 days.

7. Retention

We keep account and transaction data for as long as your account is active, plus seven years for financial recordkeeping. Closed accounts are anonymized, except where law requires retention.