Privacy Policy

Effective date: 2026-04-10 · Last updated: 2026-04-10

This Privacy Policy describes how PaidUp ("PaidUp", "we", "us", or "our") collects, uses, stores, and shares personal information when you use the PaidUp mobile application (the "App") and the website at paidupnow.app (the "Site"). PaidUp is operated by Elias Gomez, a sole proprietor based in the United States.

If anything in this policy is unclear or you want to exercise your rights, contact us at [email protected].

Plain-English summary. PaidUp stores the small debts you log between yourself and people you personally know. In the free tier everything lives only on your phone and we never see it. In the paid tier we sync it to our servers so you can use multiple devices and send automated text and email reminders to the people who owe you money. We require your explicit consent for every recipient before any message goes out, and recipients can opt out at any time by replying STOP.

1. Information we collect

1.1 Information you enter into the App

When you use PaidUp, you create records representing debts between yourself and people you know. These records include:

Folder names you create to organize debts.
Names, optional phone numbers, and optional email addresses of people you add to track debts with ("contacts").
Debt amounts, descriptions, due dates, and direction (who owes whom).
Payment history you log against each debt.
Optional payment handles you save for each contact (Venmo, Cash App, PayPal, Zelle, Apple Pay Cash).
Reminder schedule preferences, tone selection, and quiet-hour settings (Pro tier).

1.2 Account information (Pro tier only)

Email address, used for sign-in via magic link.
RevenueCat subscription entitlement identifier.
Device identifiers provided by the operating system for push notification delivery and anti-abuse.

1.3 Information about people you add (contacts)

To send automated reminders on your behalf, PaidUp processes phone numbers and email addresses of the contacts you add. This information is provided by you, not collected from the contact directly. By adding a contact, you confirm that:

You have a personal, pre-existing relationship with that person.
You have their permission to share their phone number and email address with PaidUp for the purpose of sending payment reminders.
You are not using PaidUp for commercial debt collection, marketing, or any business-to-consumer messaging.

1.4 Information collected automatically

The App uses standard crash-reporting and diagnostic tools (Sentry, Expo Application Services) which may collect anonymized device model, operating system version, app version, and stack traces when errors occur. This information is not linked to your identity unless you are signed in to the Pro tier.

The Site does not use tracking cookies or third-party analytics.

2. How we use your information

To provide the core ledger functionality of the App.
To sync your data between devices (Pro tier).
To send scheduled SMS and email reminders to contacts who have confirmed consent (Pro tier).
To authenticate your account and manage your subscription.
To detect and prevent fraud, abuse, and violations of our Terms of Service.
To comply with legal obligations and respond to lawful requests.

3. Consent, opt-in, and opt-out for messaging

3.1 Double opt-in for SMS (TCPA compliance)

PaidUp will never send an automated text message to one of your contacts without their explicit confirmation. The full opt-in flow, the exact message templates, and how to opt out are documented on our Messaging Consent & Opt-In Policy page. In summary: the first time you schedule a reminder for a contact, PaidUp sends a one-time confirmation SMS to that contact reading, in substance:

"[Your name] is using PaidUp to send you a reminder about a debt. Reply YES to receive reminders, or STOP to opt out. Reply HELP for info. Msg & data rates may apply."

No further messages are sent unless the contact replies YES. Contacts who reply STOP, UNSUBSCRIBE, CANCEL, END, or QUIT are added to a global opt-out list within 24 hours and will never receive another message from PaidUp, regardless of which user scheduled it.

3.2 Email opt-out (CAN-SPAM compliance)

Every reminder email includes:

A clear indication that it is a reminder from a PaidUp user.
The sender's name and contact information.
A one-click unsubscribe link.
PaidUp's physical mailing address: 2500 Heather Ln, Evans, CO 80620.

Unsubscribe requests are honored within 10 business days, as required by CAN-SPAM.

3.3 Quiet hours

By default, reminders are sent only between 9:00 AM and 8:00 PM in the sender's local timezone. Users can narrow this window per contact but cannot widen it beyond 8:00 AM–9:00 PM.

4. Who we share information with

PaidUp does not sell your personal information. We share it only with the following categories of service providers ("subprocessors"), and only for the purposes listed:

Supabase (database and authentication) — stores your ledger data and authentication session for the Pro tier.
Twilio (SMS delivery) — delivers reminder text messages to contacts who have confirmed consent.
Resend (email delivery) — delivers reminder emails with unsubscribe links.
RevenueCat (subscription management) — tracks your Pro subscription entitlement.
Apple (in-app purchases) — processes subscription billing through the App Store. PaidUp never receives your payment card details.
Expo / Expo Application Services (build, OTA updates, push notifications) — delivers app updates and push notifications.
Sentry (error monitoring) — receives anonymized crash reports and stack traces.
Cloudflare (website hosting and DNS) — serves this Site and the paidupnow.app domain.

We may also disclose information when legally required, to protect the rights or safety of PaidUp users, or in connection with a merger, acquisition, or sale of assets (in which case you will be notified).

5. How we protect your information

All data in transit is encrypted with TLS (HTTPS).
Supabase data is protected with row-level security policies so that each user can only access their own records.
We use magic-link email authentication rather than passwords, so no password is stored that could be leaked.
Authentication sessions on your device are stored in iOS Secure Enclave-backed keychain storage.

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data retention

We retain your personal information for as long as your account is active. If you delete your account in the App, we purge your ledger data from Supabase within 30 days. Backup copies may persist for up to 90 days before being permanently overwritten.

If you cancel your Pro subscription, your local data on your device is unaffected. Cloud-synced data is retained for 12 months of inactivity before being purged.

Contact opt-out records (the global STOP list) are retained indefinitely, as required to honor ongoing opt-outs.

7. Your rights

Depending on where you live, you may have some or all of the following rights regarding your personal information:

Access — request a copy of the personal information we hold about you.
Correction — request that we correct inaccurate information.
Deletion — request that we delete your information. This is available in-app at any time.
Portability — request a machine-readable export of your data.
Objection — object to certain types of processing.
Withdraw consent — at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

California residents have additional rights under the CCPA/CPRA. Residents of the European Economic Area, United Kingdom, and Switzerland have rights under GDPR. PaidUp does not sell or "share" (as those terms are defined under the CCPA) personal information.

8. Account deletion (App Store Guideline 5.1.1(v))

You can delete your PaidUp account at any time from within the App: Settings → Account → Delete Account. This action permanently removes your ledger data, subscription entitlement, and authentication session from our servers within 30 days. It cannot be undone.

9. Children's privacy

PaidUp is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at [email protected] and we will delete it.

10. International users

PaidUp is operated from the United States. If you use the App from outside the United States, your information will be transferred to, stored, and processed in the United States, where privacy laws may differ from those in your jurisdiction.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced in the App and by email (if you have provided one) at least 7 days before taking effect. Continued use of the App after the effective date constitutes acceptance of the updated policy.

12. Contact

Elias Gomez
Email: [email protected]
Mailing address: 2500 Heather Ln, Evans, CO 80620