Privacy Policy

Effective May 28, 2026

Dispach (“we”) takes your privacy seriously. This policy explains what data we collect, how we use it, where it goes, and the choices you have.

1. What we collect

Account data

When you create an account via Clerk, we receive your email address, name (if provided), and a unique user ID. If you sign in with Apple or Google, we receive a verified email and OAuth identity token from that provider. We store your business name, city, default currency, tax rate, and contact preferences in your settings.

Organization data (Teams)

Every Dispach workspace is a Clerk Organization. Solo users get a personal organization that no one else can see. Studio (Teams) customers can invite collaborators; we store org membership, role, and invite records. Each workspace's data is scoped to the organization — other workspaces cannot read it.

Customer relationship data

Information you enter about your clients, leads, projects, proposals, contracts, estimates, invoices, time entries, tasks, expenses, and bookings. This is your data — you control it. We host it so you can use it.

Client-payment data (Stripe Connect)

We do not store payment card details. Stripe processes payments your clients send to you and stores card data according to their privacy policy. We store the payment metadata (amount, currency, method, timestamp, status, last 4 of card if provided by Stripe) for your records and tax exports.

Subscription billing data (Stripe Billing)

Your own subscription to Pro or Studio (or a one-time lifetime purchase) is processed by Stripe Billing as a separate flow from Stripe Connect. We store your subscription status, plan, renewal date, and a Stripe customer ID. Card data lives at Stripe. We receive your billing email and country for tax compliance.

iOS app data

When you use the iOS app, your device may register an Apple Push Notification service (APNs) token with us so we can send you notifications for events you opted into (overdue invoices, payments received, etc.). The token does not identify you to third parties. You can revoke notifications in iOS Settings at any time. We may also receive your iOS app version and SwiftData schema version for compatibility checks.

Guest mode (iOS) — local only

If you tap “Explore as a guest” on iOS, the app seeds sample data into local storage on your device and does not create an account, contact our servers, or transmit any data. Guest mode is offline-by-design.

Operational data

Server logs (IP, user agent, request path, response code) are retained for 30 days for debugging and security. We use Cloudflare Workers and inherit their privacy posture.

2. How we use your data

• To provide the Service — render your dashboard, sync data between web and iOS, send invoices, process payments
• To send transactional emails to you and your clients (sent via Resend on our behalf): invoice send confirmations, overdue reminders, late-fee notices, booking confirmations, contract-signed receipts, subscription receipts
• To send iOS push notifications you opted into
• To diagnose errors, monitor reliability, and prevent abuse
• To enforce our Terms and respond to legal requests
• To bill you for your subscription (Pro / Studio) and process refunds where applicable

We do not sell your data. We do not use your data to train AI models. We do not run ads. We do not embed third-party advertising pixels or analytics trackers.

3. Cross-device sync

Dispach is a web app and a native iOS app sharing a single backend. When you sign in on either surface, your profile (name, business name, email, default currency, tax rate) and customer relationship data sync automatically so the two stay consistent. The web app holds the source of truth for your account; iOS pulls on sign-in and pushes when you edit Settings. Local-only fields (e.g. iOS biometric lock preferences) never leave your device.

4. Third-party services we use

Dispach relies on a small set of third-party service providers to operate. When you use Dispach, data necessarily flows to these providers so they can perform their function (authentication, payment processing, email delivery, hosting, push notifications). Each provider has its own privacy practices and may also collect data on their own platforms — for example, IP addresses, device fingerprints, fraud-prevention signals, or product analytics — that Dispach does not see or control. We strongly recommend reviewing each provider's privacy policy.

Clerk — authentication

Handles sign-up, sign-in, password storage, second-factor email verification, OAuth (Sign in with Apple, Google), session management, and Organizations (Teams). Clerk receives your email, name, IP address, browser fingerprint, and any OAuth identity tokens you choose to connect. Clerk may collect device and behavioral signals on its own platform for security and fraud prevention. Clerk privacy policy.

Stripe Connect — client payments

Processes the payments your clients send to you. When a client pays you, their card number, billing address, email, IP, and device data are collected and stored by Stripe — never by Dispach. When you onboard as a freelancer, Stripe collects identity verification data (legal name, date of birth, last 4 of SSN or full SSN/EIN, bank account details) to satisfy KYC requirements. Stripe uses this data for payments, fraud detection, regulatory compliance, and its own product improvement. Stripe privacy policy · Connected Account Agreement.

Stripe Billing — your subscription

Processes your own subscription to Pro or Studio (and one-time lifetime purchases). Card details are stored at Stripe; we store subscription metadata only. Stripe Services Agreement.

Resend — transactional email

Sends outgoing emails on our behalf — proposal/contract/invoice notifications, overdue reminders, late-fee notices, booking confirmations, subscription receipts. Outbound mail is sent from notifications@dispach.co; that address is not monitored for replies — use hello@dispach.co for support or privacy@dispach.co for privacy questions. Resend receives recipient email addresses, message content, and may log delivery, open, and click events for diagnostic purposes. Resend privacy policy.

Cloudflare — hosting & infrastructure

Runs the Dispach web app (Workers), database (D1 — SQLite replicated at the edge), R2 storage, and the rate-limiting layer. Cloudflare receives all incoming HTTP requests including IP addresses, user-agent strings, and geolocation inferred from IP. Cloudflare may collect data for DDoS protection, network analytics, and its own platform operations. Cloudflare privacy policy.

Apple — push notifications & Sign in with Apple

When you enable iOS notifications, your device registers an Apple Push Notification service (APNs) token with us. We use it solely to send the notifications you opted into. If you sign in with Apple, Apple provides us with a verified email (which may be a relay address you control) and a stable user identifier. Apple privacy notice (Sign in with Apple).

Embedded media — Loom, YouTube, Vimeo

Dispach lets you embed Loom, YouTube, and Vimeo URLs in proposals and contracts. When you or your client views a page containing an embed, the browser loads content directly from that provider, which means they can set cookies and collect their own analytics (playback events, IP, user-agent, referrer) independent of Dispach. We do not control or have visibility into the data these providers collect. Loom · YouTube (Google) · Vimeo.

We share data with these providers strictly on a need-to-know basis to operate the Service. We do not share your customer data with third parties for marketing, and we do not permit any of these providers to use your data for their own advertising purposes (per their respective data processing agreements with us).

5. Client data on the portal

When you send a proposal, contract, estimate, or invoice to a client, the document is accessible via a unique guest-token URL (256-bit random token, scoped per resource). No client account is required. Anyone with the link can view the document. We capture the client's IP address and timestamp on audit-relevant actions (proposal acceptance, contract signature, payment confirmation) so you have a defensible record.

6. Cookies

We use a minimal set of first-party cookies — a session cookie set by Clerk for authentication, and Cloudflare's security cookies (e.g. __cf_bm) for bot mitigation. We do not use third-party advertising cookies, cross-site tracking pixels, or analytics that build a profile across sites.

7. Data retention & deletion

Your data is retained while your account is active. When you delete your account from Settings (one tap, requires typing “DELETE” to confirm), we:

• Cancel any active Pro or Studio subscription with Stripe so you're not billed again
• Delete every row of your data from our production database within 30 days
• Delete your Clerk identity so the email is fully released
• Roll off backups within 90 days

Server logs (IP, request path) roll off after 30 days regardless of account status. We may retain a minimal record of the deletion event itself (timestamp, anonymized) to defend against future claims.

8. Your rights

You can export your data (income CSV, expense CSV, Schedule C summary, full account export), modify it, or delete it from within the app at any time. EU/UK residents have additional rights under GDPR (access, rectification, erasure, portability, objection, withdrawal of consent). California residents have rights under the CCPA/CPRA (right to know, delete, correct, opt out of sale — though we do not sell). Email privacy@dispach.coto exercise any of these rights and we'll respond within 30 days.

9. Security

Data is encrypted in transit (TLS) and at rest. Authentication is handled by Clerk with second-factor email verification and Sign in with Apple. SQL queries are always parameterized — we don't do string concatenation. The iOS app supports optional Face ID / Touch ID lock that gates access to the app on your device. We follow industry best practices for access control and secret management. Every change to production is logged.

10. Children

Dispach is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has provided us with personal information, email privacy@dispach.coand we'll remove it.

11. International transfers

Cloudflare D1 replicates data across Cloudflare's global edge network for read performance; writes are processed in the primary region. Stripe, Clerk, and Resend are US-based with their own subprocessor networks. If you access Dispach from outside the US, your data may be transferred to, processed in, and stored in the United States and other countries where our providers operate.

12. Changes

We'll notify you of material changes via email or in-app notice at least 14 days before they take effect. Continued use after changes constitutes acceptance.

13. Subprocessors at a glance

We'll publish material changes to this list at least 14 days before any new subprocessor takes effect.

14. Contact

Privacy questions, data-rights requests, or notice of a concern? Email privacy@dispach.co. We aim to respond within 5 business days.