Account data: your name, email, company name, and password (stored as a hash by our authentication provider — we never see it).
Business data you enter: projects, contract values, pay applications, change orders, retainage figures, and documents (PDFs) you upload. This is your data; we process it solely to provide the Service.
Billing data: handled by Stripe. We store only your Stripe customer and subscription identifiers and status — never card numbers.
When you use Smart Import, the PDF you drop is sent to Anthropic's Claude API to extract fields (document type, amounts, dates) for you to review. Documents are transmitted securely and are not used by Anthropic to train models under our API terms. If you prefer not to have a document processed by AI, enter it manually instead.
We use a small set of infrastructure providers to run the Service:
Each receives only what it needs to perform its function. We do not sell your data, ever.
We use only the cookies required to keep you signed in and remember your theme preference. No advertising or cross-site tracking cookies.
Your data is retained while your account exists — including through lapsed subscriptions, so you never lose your records over a billing hiccup. You can export your data at any time and request full deletion of your account and associated data by emailing support@subpay.ai; we complete deletion requests within 30 days.
Data is encrypted in transit and at rest. Every organization's data is isolated — queries are scoped to your organization at the application layer, with database-level protections behind it. Report security concerns to support@subpay.ai.
We'll notify you of material changes to this policy through the Service or by email. Questions: support@subpay.ai. See also our Terms of Service.