Privacy Policy

Last updated: June 12, 2026

1. Introduction

Welcome to Run Business Smartly. We are committed to protecting the privacy of our customers and visitors. This Privacy Policy describes how we collect, use, process, and protect your information when you use our SaaS platform, free online invoice builder, and related services.

2. Information We Collect

We collect information to provide better services to all of our users. The types of information we collect depend on how you interact with our platform:

  • Account Information: When you register for an account (Sign Up), we collect your name, email address, password, company name, and company slug.
  • Billing & Invoicing Information: When you create invoices, we store company details (address, email, phone, logo, bank details), customer details (name, email, address), and invoice transaction details (amounts, item descriptions, payment links).
  • Usage Data: We log system metadata, page views, rate-limiting parameters, and security events to maintain the safety, performance, and stability of our services.

3. How We Use Your Information

We use the collected information for the following purposes:

  • To provide, operate, and maintain the invoicing features.
  • To allow you to export and download invoices in PDF and CSV format.
  • To process email notifications and SMTP credentials you link to your account.
  • To monitor API traffic, prevent rate-limiting abuse, and protect against brute-force DDoS attempts.
  • To comply with regulatory and legal obligations.

4. Data Isolation & Security

We implement a strict database multi-tenant design: your records, including customers, client profiles, and historical invoices, are securely isolated from other organizations using the compound unique organization identifier (`orgId`). We encrypt passwords using standard cryptographic hashing functions (bcrypt) and leverage security firewalls to guard against SQL injection, data leakage, and cross-site scripts.

5. Third-Party Integrations

We do not sell, rent, or trade your personal data. We utilize third-party database engines and in-memory caches (such as Upstash Redis for rate limiting) to guarantee reliable system operation. These processors only receive scoped metadata necessary to check and execute requests.

6. GDPR and CCPA Compliance

If you reside within the European Union (EU) or California, you are granted specific rights under the GDPR and CCPA. These rights include:

  • The right to access and receive copies of the personal data we hold about you.
  • The right to rectify inaccurate billing or profile details.
  • The right to request deletion of your account and related cascade records.
  • The right to data portability.

To exercise any of these rights, please contact our data team through our support portal.

7. Changes to this Policy

We reserve the right to modify this Privacy Policy at any time. Changes take effect immediately upon their publication on this page. We encourage you to review this page periodically to stay informed about how we safeguard your data.