QuickPayStub

Privacy Policy

Last updated: January 1, 2025

1. Information We Collect

Information you provide directly:

  • Account email address and password (stored via Supabase Auth)
  • Pay stub form data: employer name/address, employee name/address, pay amounts, state
  • Last 4 digits of SSN (optional, for display only — never stored in full)
  • Payment information (processed entirely by Stripe — we never see card numbers)

Information collected automatically:

  • IP address (used for rate limiting — not stored long-term)
  • Browser type and operating system (via analytics)
  • Pages visited, time on site, and conversion events (via Google Analytics 4 and PostHog)
  • Referral source (which ad campaign or search query brought you here)

2. How We Use Your Information

  • Generate and store your pay stub PDFs
  • Process payments and manage subscriptions via Stripe
  • Send transactional emails (payment confirmation, PDF delivery)
  • Provide customer support
  • Improve the Service through analytics
  • Comply with legal obligations and prevent fraud

3. Data Storage and Security

Your data is stored on Supabase (PostgreSQL with Row Level Security). PDF files are stored in a private Supabase Storage bucket — files are not publicly accessible. Download links are signed URLs with a 24-hour expiry (30 days for paid stubs).

We implement industry-standard security measures including: TLS encryption in transit, AES-256 encryption at rest (via Supabase), Row Level Security ensuring users can only access their own data, and Stripe's PCI-compliant payment processing.

We do not store full Social Security Numbers. If you enter your SSN, only the last 4 digits are retained in your form data; the full number is never written to our database.

4. Third-Party Services

We share data with the following third parties to operate the Service:

  • Stripe — Payment processing. Stripe is PCI-DSS Level 1 certified. We share your email and purchase amount. Their privacy policy: stripe.com/privacy.
  • Supabase — Database and file storage. Data is hosted on AWS us-east-1. Their privacy policy: supabase.com/privacy.
  • Google Analytics 4 — Website analytics. We use IP anonymization. You can opt out via your browser settings or Google's opt-out tools.
  • Meta (Facebook) Pixel — Advertising analytics. We track conversion events (page views, checkouts, purchases). You can opt out via Meta's ad settings.
  • PostHog — Product analytics and session recording. Data is anonymized where possible.
  • Anthropic — AI autofill feature. When you use AI autofill, your description is sent to Anthropic's API. No personally identifiable information is retained by Anthropic for this feature.

5. Data Retention

  • Account data: retained while your account is active
  • Pay stub records: retained for 3 years after generation
  • Payment records: retained for 7 years (legal requirement)
  • Free preview stubs (unregistered users): deleted after 30 days
  • Rate limit records: deleted after 2 hours

6. Your Rights

Depending on your location, you may have rights to:

  • Access — request a copy of the personal data we hold about you
  • Deletion — request deletion of your account and associated data
  • Correction — request correction of inaccurate data
  • Portability — receive your data in a machine-readable format
  • Opt-out — opt out of marketing communications at any time

To exercise these rights, email privacy@stubfast.com. We will respond within 30 days.

7. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell your personal information. To exercise your CCPA rights, contact us at privacy@stubfast.com.

8. Cookies

We use cookies to maintain your login session (Supabase auth cookies) and to power analytics (GA4, Meta Pixel, PostHog). You can disable cookies in your browser settings, but this may affect functionality.

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered users of material changes by email. The “Last updated” date at the top reflects the most recent revision.

11. Contact

For privacy questions or requests, contact privacy@stubfast.com. For general support, support@stubfast.com.