Privacy Policy

Last updated: January 6, 2026

Overview

DuePilot ("we", "us", "our") provides time tracking, approval, and invoicing software. This Privacy Policy explains how we collect, use, and protect your personal data.

Data We Collect

Account Information

  • Email address
  • Name
  • Password (hashed)
  • Organization name

Usage Data

  • Timesheets you create
  • Projects you manage
  • Invoices you generate
  • Approval actions

Technical Data

  • IP address
  • Browser type
  • Device information
  • Login timestamps

How We Use Your Data

  • Provide and improve the DuePilot service
  • Process timesheets, approvals, and invoices
  • Send transactional emails (password resets, verifications)
  • Detect and prevent abuse or fraud
  • Comply with legal obligations

We do not sell your data to third parties.

Data Sharing

We share data only in these limited circumstances:

  • With your team: Timesheets and projects are visible to your organization members
  • Service providers: Email delivery (see Subprocessors)
  • Payment processors: Stripe or PayPal (if you choose to use them)
  • Legal requirements: If required by law or to protect rights

Data Retention

We retain your data:

  • As long as your account is active
  • For 30 days after account deletion (for recovery)
  • Audit logs: Up to 90 days for compliance
  • Financial records: As required by law

Your Rights

You have the right to:

  • Access: Request a copy of your data
  • Correction: Update incorrect data
  • Deletion: Request account deletion (see Data Deletion)
  • Export: Download your data in CSV/JSON format
  • Portability: Transfer data to another service

To exercise these rights, contact privacy@duepilot.com.

GDPR Compliance (European Users)

If you're in the European Union, you have additional rights under GDPR:

  • Right to object to data processing
  • Right to restrict processing
  • Right to lodge a complaint with your data protection authority

Our lawful basis for processing your data is contract performance (to provide the service you signed up for).

Security

We protect your data with:

  • Encrypted connections (HTTPS/TLS)
  • Encrypted database storage
  • Password hashing
  • HTTP-only session cookies
  • Regular security updates

See our Security page for more details.

Cookies

We use cookies for:

  • Authentication: Keep you logged in (essential)
  • Analytics: Understand how DuePilot is used (optional, no personal data)

You can disable cookies in your browser, but authentication will not work without them.

Children's Privacy

DuePilot is not intended for users under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately.

Changes to This Policy

We may update this policy. If we make significant changes, we'll notify you via email or in-app notification. Continued use after changes means you accept the updated policy.

Contact Us

Email: privacy@duepilot.com

Support: support@duepilot.com

Terms of ServiceData DeletionSubprocessorsSecurity