Privacy Policy

We collect only what is necessary to operate the Service:

• Email address — used for authentication and account communications.
• Items you track — type, last service date or install year, optional custom name, and usage intensity.
• Account metadata — when your account was created, household ID.

We do not collect payment details directly (handled by Stripe, if applicable), device fingerprints, browsing history, or any data beyond what you explicitly enter into the Service.

We use your data exclusively to:

• Display your asset tracking dashboard.
• Calculate lifespan estimates and reserve amounts.
• Send reminders about items approaching end-of-life (future feature, opt-in).
• Improve the Service using aggregate, non-identifiable usage patterns.

We do not use your data for advertising, profiling, or any purpose not listed above.

We use Supabase as our authentication provider and database. Supabase processes your data on our behalf under a data processing agreement and does not use your data for their own purposes.

We do not sell, rent, or share your personal data with any other third party. No advertising networks. No data brokers. Ever.

If we are acquired or merge with another company, your data will be subject to the acquiring company's privacy policy and you will be notified in advance.

We use only essential session cookies required to keep you logged in. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your account and all associated data.
• Export your data in a portable format (JSON export, available on request).
• Opt out of non-essential communications at any time.

GDPR users (EEA/UK) have additional rights including the right to object to processing and the right to lodge a complaint with a supervisory authority. CCPA users (California) have the right to know what data is collected and the right to opt out of sale — we do not sell data.

To exercise any right, contact us. We will respond within 30 days.

Your data is retained for as long as your account is active. When you delete your account, all personal data is removed from our systems within 30 days. Aggregate, non-identifiable usage statistics may be retained indefinitely.

All data is encrypted at rest and in transit via Supabase's infrastructure. Access to production data is restricted to authorized personnel only. No employee at Gold Bird Group accesses individual user data except to investigate a reported technical issue, and only with the affected user's awareness.

While we take security seriously, no system is perfectly secure. You are responsible for keeping your account credentials confidential.

Is It Due is not intended for users under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with data, use our contact form and we will delete it promptly.

If we make material changes to this Privacy Policy, we will notify you by email or in-app notification at least 14 days before the changes take effect. The updated date at the top of this page reflects the most recent revision.

For privacy-related questions or data requests, contact us

Gold Bird Group, incorporated in Delaware, United States.