Privacy Policy
Effective date: May 4, 2026
The short version: We collect only what we need to run Scribblix. We do not sell your data or share it with third parties for marketing or advertising — ever.
1. What we collect
Account information
When you create an account we collect your name, company name, email address, and password. After signup you may optionally add a phone number, license number, and company logo.
Job and client data
When you create a job you provide a client name, client email address, and property address. As you complete a job, the inspection responses you enter are stored against that job record.
Billing information
We do not store credit or debit card details. Payments are processed directly by Stripe, which holds payment information under its own privacy policy. We retain your subscription plan tier and billing status only.
Usage data
We track operational metrics such as the number of reports exported per billing period to enforce plan limits. We do not use analytics trackers, advertising pixels, or session recording tools on the application.
2. How we use your information
We use the information we collect solely to:
- Provide, operate, and improve the Scribblix service
- Generate and deliver PDF reports to your clients
- Send transactional emails (account confirmation, password reset)
- Process subscription payments and enforce plan limits
- Respond to support requests
We do not use your data or your clients' data for marketing, profiling, or advertising of any kind.
3. Third-party services
To deliver the service, your data is processed by the following third parties on our behalf. Each is bound by a data processing agreement and may only use your data to provide services to us — not for their own purposes.
| Service | Purpose | What they receive |
|---|---|---|
| Supabase | Database & authentication | Account data, job data, inspection responses |
| Stripe | Payment processing | Billing identity and subscription status |
| Resend | Email delivery | Client name, client email address, report PDF attachment |
| Browserless | PDF rendering | Report HTML (includes inspector and client details) — processed transiently, not retained |
| Amazon Web Services (S3) | File storage | Uploaded logo images |
| Google Maps Platform | Address autocomplete | Address strings typed during job creation |
| Vercel | Hosting | Standard HTTP request metadata (server logs) |
4. Data retention
We retain your account data and job records for as long as your account is active. When you delete your account, we delete your personal data within 30 days, except where we are required by law to retain it (for example, billing records required for tax compliance).
5. Your rights
You may at any time:
- Update or correct your account information in Settings
- Request a copy of your personal data by contacting us
- Request deletion of your account and associated data by contacting us
We will respond to all requests within 30 days.
6. Security
All data is transmitted over HTTPS. Authentication is managed by Supabase using industry-standard encryption for passwords and session tokens. We follow security best practices and periodically review our controls.
7. Changes to this policy
If we make material changes to this policy, we will notify you by email or by displaying a notice within the application before the changes take effect.
8. Contact
Questions about this policy? Email us at support@scribblix.com.