Privacy Policy
Privacy for
DueKind.
Last updated June 8, 2026
What DueKind stores
DueKind stores workspace profile data, clients, invoices, reminder drafts, payment promises, activity events, subscription state, and usage events needed to operate the product. This data is scoped to your workspace and used to help you track receivables and send approved follow-ups.
Connected accounts and OAuth tokens
When you connect Gmail or Outlook, DueKind stores OAuth access and refresh tokens so integrations can continue working. Gmail and Outlook access is limited to sending approved reminders. OAuth tokens are encrypted at rest and excluded from workspace exports.
AI-assisted drafting
AI drafting uses invoice and client context to generate editable reminder drafts. DueKind does not send messages automatically. Users remain responsible for reviewing every draft before sending.
Payment links and client views
Hosted invoice summary links are tokenized and revocable. When a client opens a payment link, DueKind records a payment-seen signal for your workspace so you can follow up at the right time.
Cookies, analytics, and monitoring
DueKind sets a session cookie through Better Auth to keep you signed in, and remembers your active workspace and theme preference. To understand how the product is used and to fix problems, we use privacy-respecting product analytics (PostHog, proxied through our own domain), a lightweight Vercel Web Analytics beacon, and — in production — Cloudflare Web Analytics. Errors are captured with Sentry, and sign-up may be protected by Cloudflare Turnstile, a bot check. These services may set cookies or collect device and usage data needed to run; none of them are used for advertising, and several are optional and only run when configured.
Third-party services we use
To run DueKind we rely on a few trusted providers, each receiving only the data needed for its job: Google (Gemini) generates reminder drafts from invoice and client context, only when you ask for a draft; Gmail and Microsoft Outlook send the reminders you approve from your own mailbox; QuickBooks and Xero provide read-only invoice import if you connect them; Lemon Squeezy processes payments and subscriptions (we do not store card details); Resend delivers system emails such as password resets; and Vercel and Cloudflare provide hosting and edge delivery. We do not sell your data.
Your choices and data rights
Workspace data can be exported from Settings anytime. Account deletion removes the user and cascades workspace data from the application database. For privacy questions or data requests, email support@eastbase.studio.
Note. This policy describes how the product works today. Have counsel review it before relying on it for formal compliance obligations.