Legal

Privacy Policy

Effective Date: June 1, 2025

This Privacy Policy describes how StubVision LLC (“StubVision,” “we,” “us,” or “our”) collects, uses, stores, and shares information about you when you use the StubVision website and web application (the “Service”). By using the Service, you agree to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

When you create an account or use the Service, we may collect:

• Account information: your name, email address, and password (stored as a secure hash).
• Payment information: billing name, last four digits of your card, and billing address. Full card numbers are handled exclusively by Stripe and are never stored on our servers.
• Uploaded files: paystub images and PDF documents you upload for processing.
• Corrections and preferences: edits you make to extracted fields and your in-app settings.

1.2 Information Collected Automatically

When you use the Service, we automatically collect:

• Usage data: pages visited, features used, actions taken within the application, and timestamps.
• Device and browser information: IP address, browser type and version, operating system, and referring URL.
• Authentication logs: sign-in events, session tokens, and account activity for security purposes.

1.3 Information from Third Parties

If you sign in using Google OAuth, we receive your name, email address, and profile picture from Google, subject to the permissions you grant. We do not receive your Google password.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service, including processing your uploaded paystubs and generating income reports.
• Process subscription payments and manage your billing relationship.
• Send transactional emails such as account confirmation, password reset, and billing receipts.
• Respond to your support requests and communications.
• Monitor and analyze usage patterns to improve the Service’s features and performance.
• Detect, investigate, and prevent fraudulent activity, abuse, and security incidents.
• Comply with applicable legal obligations.

We do not sell your personal information to third parties. We do not use your paystub data or extracted financial figures for advertising purposes.

3. Paystub Files and Extracted Data

3.1 Original File Handling

When you upload a paystub file, it is stored temporarily in a private, encrypted cloud storage bucket while the AI extraction process runs. By default, the original file is permanently deleted from storage immediately after extraction is complete. You may change this default in your account settings.

3.2 Extracted Data

The numerical field values extracted from your paystub (such as gross pay, tax withholdings, and deduction amounts) are stored in our database to enable the report generation and history features. These values are associated with your account and protected by row-level security — no other user can access your data.

3.3 AI Processing

Uploaded paystub files are sent to Anthropic, Inc. for AI-powered text and data extraction. Anthropic processes this data as a subprocessor on our behalf. Data sent to Anthropic is subject to their data processing terms. Anthropic does not use your data to train its models under our current data processing agreement. For more information, see Anthropic’s privacy documentation at anthropic.com/privacy.

4. How We Share Your Information

We share your information only in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who help us operate the Service, including:

• Supabase (Supabase, Inc.) — database, authentication, and file storage.
• Stripe (Stripe, Inc.) — payment processing and subscription management.
• Anthropic (Anthropic, PBC) — AI-powered paystub data extraction.
• Vercel (Vercel, Inc.) — web hosting and serverless function execution.

These providers are permitted to use your information only as necessary to perform services on our behalf and are bound by appropriate data processing agreements.

4.2 Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of StubVision, our users, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of substantially all of our assets, your information may be transferred to the acquiring entity. We will notify you by email or prominent notice on the Service prior to your information becoming subject to a different privacy policy.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Retention

We retain your account information for as long as your account is active. If you delete your account, we will delete your personal information and associated documents within 30 days, except where retention is required by applicable law or for legitimate business purposes such as resolving disputes or enforcing our agreements.

Usage event logs and billing records may be retained for up to seven years for legal and financial compliance purposes.

6. Security

We implement industry-standard technical and organizational security measures to protect your information, including:

• Encryption of data in transit using TLS/HTTPS.
• Encryption of data at rest for database storage and file storage.
• Row-level security policies that ensure each user can only access their own data.
• Secure, hashed password storage. We never store your plaintext password.
• Access controls limiting employee access to production data.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

7. Your Rights and Choices

7.1 Account Information

You may review and update your account information at any time through your account settings page.

7.2 File Deletion Preference

You may control whether original uploaded paystub files are deleted after extraction via your account settings.

7.3 Access and Portability

You may request a copy of the personal information we hold about you by contacting us at hello@stubvision.com. We will respond within 30 days.

7.4 Deletion

You may request deletion of your account and associated personal data by contacting us at hello@stubvision.com or through your account settings. We will process deletion requests within 30 days, subject to retention obligations described above.

7.5 Opt-Out of Non-Essential Communications

You may opt out of non-transactional marketing emails by clicking the unsubscribe link in any such email or by contacting us directly. You cannot opt out of transactional emails (such as billing receipts or security alerts) while your account is active.

7.6 California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, disclose, and sell (we do not sell your personal information), the right to request deletion, and the right not to be discriminated against for exercising these rights. To exercise these rights, contact us at hello@stubvision.com.

7.7 EEA, UK, and Swiss Residents (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) including the right to access, rectify, erase, restrict processing of, and port your personal data. The legal basis for our processing is: (a) performance of a contract for providing the Service; (b) our legitimate interests in operating and improving the Service; and (c) your consent where required. To exercise your rights or lodge a complaint with your supervisory authority, contact us at hello@stubvision.com.

8. Cookies and Tracking

We use cookies and similar technologies to maintain your authentication session and remember your preferences. We do not use third-party advertising cookies or behavioral tracking for advertising. You may configure your browser to refuse cookies, but some features of the Service may not function properly without them.

9. Children’s Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us at hello@stubvision.com and we will promptly delete it.

10. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a notice within the Service before the changes take effect. The date of the most recent revision is shown at the top of this document. Your continued use of the Service following the effective date of any changes constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

StubVision LLC
Email: hello@stubvision.com
Website: https://stubvision.com

We will respond to all inquiries within 30 days.

© 2026 StubVision LLC. All rights reserved.