Privacy policy

What we collect

Document data. The JSON you send to our API or MCP tools (names, addresses, line items, amounts) is processed in memory to render your PDF. Documents generated through the MCP server are stored encrypted at our infrastructure provider for up to 24 hours so the download link works, then deleted automatically. Documents generated through the REST API are returned in the response and not stored.

Account & usage data. API keys, plan, and monthly document counts, kept to enforce quotas and billing. Anonymous/demo usage is metered by IP address with a daily counter.

Billing data. Payments are processed by Stripe; we never see or store full card numbers. We store the Stripe customer reference and subscription status.

How we use it

Only to provide the service: rendering documents, serving downloads, enforcing quotas, billing, and responding to support requests. We do not sell data, share it with advertisers, or use your document contents to train models.

Retention

MCP-generated documents: 24 hours. Usage counters: 13 months (for billing history). Account records: for the life of the account plus what tax law requires for invoices we issue you.

Sharing

Subprocessors: Vercel (hosting), Upstash (storage), Stripe (payments). Each receives only what is needed to run the service. We disclose data otherwise only if required by law.

Your choices

You can stop using the service at any time; deleting your account removes your keys and account records. To request deletion or export, or for any privacy question, contact support@slipstack.dev.