AR
AR2EZ
Stop chasing. Get paid.

Draft v1 · privacy policy

AR2EZ Privacy Policy

Last updated: April 30, 2026. This draft is adapted from open-source privacy notice patterns and customized for AR2EZ. It should be reviewed before relying on it as legal advice.

AR2EZ is an invoice follow-up SaaS operated under the AR2EZ DBA unless a separate legal entity is later confirmed. For privacy requests, contact support@ar2ez.com.

Data we collect

  • Account data: name, email address, workspace name, subscription tier, and support messages.
  • Invoice data: uploaded PDFs/images, parsed invoice fields, invoice amounts, due dates, customer names, and customer contact information you enter.
  • OAuth data: Gmail OAuth tokens and, when launched, Outlook OAuth tokens used to send approved follow-up emails on your behalf.
  • Payment data: Stripe customer, subscription, checkout, and payment status identifiers. AR2EZ does not store full card numbers.
  • Essential technical data: session cookies, security logs, IP-derived request metadata, and device/browser information needed to operate and secure the service.

How we use data

We use data to provide AR2EZ, create invoice records, parse invoice content, connect your email account, send only the reminders you approve, process billing, prevent abuse, maintain security, and respond to support/data requests.

GDPR lawful basis

Where GDPR applies, our lawful bases include contract performance for providing AR2EZ, legitimate interests for service security and improvement, consent for OAuth/email-account connection where required, and legal obligations for billing, tax, and compliance records.

Subprocessors

  • Vercel: hosting, deployment, request handling, and application logs.
  • Supabase: database storage for account, workspace, invoice, customer, upload, extraction, and subscription records.
  • Google Cloud: Document AI/OCR processing and Google OAuth/Gmail API access.
  • Stripe: checkout, subscription, customer, invoice, and payment processing.
  • Microsoft: Outlook OAuth and email API access when Outlook support launches.

Retention and deletion

Active account data is retained while your account is active. If you request account deletion, AR2EZ will delete or de-identify active account, workspace, invoice, upload, token, and customer records, then retain backup copies for up to 90 days before purge. Some billing/security records may be retained longer where required by law or necessary to resolve disputes.

Delete-account flow: email support@ar2ez.com from your account email with “Delete my AR2EZ account.” We will verify the request, delete active records, revoke stored OAuth tokens where possible, and confirm completion. This is the Article 17 right-to-erasure and CCPA right-to-delete path until self-serve deletion ships.

Your rights

Depending on where you live, you may request access, correction, deletion, export, restriction, objection, or withdrawal of consent. California residents may exercise CCPA/CPRA rights to know, access, correct, delete, and opt out of sale/share. AR2EZ does not sell personal information or track users across sites.

Cookies

AR2EZ currently uses essential session cookies for sign-in and security. We do not use analytics cookies or third-party advertising trackers.

International transfers and security

AR2EZ and its subprocessors may process data in the United States and other locations where they operate. We use reasonable administrative, technical, and organizational safeguards, including access controls and encrypted service providers, but no system is perfectly secure.

Contact

For privacy, deletion, or data-access requests: support@ar2ez.com.