Privacy Policy

Name: SuiteZai
Availability: InStock
Rating: 4.9 (1250 reviews)
Author: SuiteZai

Last updated: February 24, 2026 · Effective: February 24, 2026

SuiteZai ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoice management platform at suitezai.com.

Please read this policy carefully. If you disagree with its terms, please stop using the service.

1. Information We Collect

1.1 Information You Provide

When you create an account or use our service, we may collect:

Email address and password (for account creation)
Business name, address, phone number, and logo (for your invoice templates)
Client information you enter (names, emails, addresses) for invoice generation
Payment information (processed by Stripe — we never store raw card data)
Feedback and support communications you send us

1.2 Information Collected Automatically

When you use the service, we automatically collect:

IP address and approximate location (country/city)
Browser type, operating system, and device information
Pages visited, features used, and time spent on the platform
Usage counts (invoices created, OCR scans used) for plan enforcement

1.3 Free Plan: Local Storage

Free plan users' invoice data is stored locally in your browser using IndexedDB and is never uploaded to our servers. This is intentional — we call it "privacy-first" mode. If you clear your browser data, this information will be lost.

1.4 Paid Plans: Cloud Storage

Pro and Business plan subscribers' invoice, client, and company data is stored securely on Supabase (hosted on AWS), a SOC 2 Type II certified platform, with row-level security and encryption at rest.

2. How We Use Your Information

We use collected information to:

Provide, operate, and maintain the SuiteZai platform
Process payments and manage subscriptions via Stripe
Enforce plan usage limits (invoice counts, OCR scans)
Send transactional emails (account confirmation, password reset, payment receipts)
Respond to your support requests and feedback
Improve the platform based on aggregated usage patterns
Comply with legal obligations

We do not sell your personal data to third parties. We do not use your invoice data to train AI models. Your business and client data is yours.

3. Third-Party Services

We share data with the following third parties to operate the service:

Service	Purpose	Data Shared
Supabase	Database & authentication	Account data, invoices (paid plans)
Stripe	Payment processing	Email, subscription status
OpenAI	AI features (OCR, chat assistant)	Text you submit for AI processing
Vercel	Hosting & deployment	Web request logs (IP, headers)

4. Cookies & Tracking

We use essential cookies to maintain your authenticated session and remember your theme preference. We do not use advertising cookies or cross-site tracking.

Cookies we use:

sb-access-token — Supabase session token (authentication)
sb-refresh-token — Session refresh token
theme — Your light/dark mode preference (localStorage)

You can disable cookies in your browser settings, but this will prevent you from signing in.

5. Data Retention

Free plan users: Data is stored locally in your browser only. We have no server-side copy.
Paid plan users: Your data is retained for the duration of your subscription plus 90 days after cancellation, to allow data export.
Deleted accounts: We permanently delete all personal data within 30 days of account deletion request.
Payment records: Retained for 7 years as required by financial regulations.

6. Your Rights (GDPR & CCPA)

Depending on your location, you have the following rights regarding your personal data:

Access: Request a copy of your personal data
Correction: Request correction of inaccurate data
Deletion: Request deletion of your account and data ("right to be forgotten")
Portability: Export your invoice data in a machine-readable format
Objection: Object to certain types of data processing
Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, email us at privacy@suitezai.com. We will respond within 30 days.

California residents may also submit requests under the CCPA by the same method. We do not sell personal information as defined by the CCPA.

7. Data Security

We implement industry-standard security measures to protect your data:

All data transmitted over HTTPS/TLS encryption
Database encrypted at rest (AES-256)
Row-level security (RLS) ensuring users can only access their own data
Service role keys never exposed to the browser
Stripe handles all payment data under PCI DSS compliance

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Children's Privacy

SuiteZai is not directed at children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us immediately and we will delete it.

9. International Transfers

Our servers are located in the United States (via Supabase/AWS). If you are located in the European Economic Area (EEA), your data is transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) with our sub-processors (Supabase, Stripe, OpenAI) to ensure adequate protection for EEA data.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by emailing your registered address or by posting a notice in the app at least 14 days before the change takes effect. Your continued use of the service after the effective date constitutes acceptance of the revised policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy:

SuiteZai

Email: privacy@suitezai.com

General: hello@suitezai.com

Website: suitezai.com

Home Terms of Service Support Pricing