Duezy

Legal

Privacy Policy

Effective date: 2026-05-18

Last updated: 2026-05-18

1. Who we are

Duezy is operated by Drew Conrad as a sole proprietorship. We are the data controller for the data described in this policy. You can reach us at tigercubs113@gmail.com.

2. What we collect from treasurers

When you sign up as a group treasurer, we collect:

  • Your name and email address from your Google account, through Google's OAuth sign-in. We request only the basic profile and email scope. We do not receive your Google password.
  • Information about your group that you enter, including group identifier, type, and contact details you add.
  • Ledger entries, payment descriptions, and other content you create inside the application.
  • Your Stripe account ID and the status of your Stripe Connect onboarding, once you connect a Stripe account. We do not see or store your Stripe password or your bank-account numbers. That information stays with Stripe.
  • Your IP address and basic request metadata, for rate limiting and for diagnosing problems.

3. What we collect from parents

Parents do not create accounts. When a treasurer adds a parent to a member, we collect:

  • The parent's email address, entered by the treasurer.
  • Records of the magic-link emails we send the parent and the pages the parent loads when they click a link.
  • Records of payments the parent makes to the group through Stripe. The parent enters payment details directly with Stripe. We do not see or store card numbers, bank-account numbers, or other payment credentials. We receive the result of the payment, the amount, the date, and a Stripe transaction identifier.

4. What we collect about members

Members do not have accounts on Duezy. They do not sign in. We collect only what a treasurer enters about each member:

  • The member's name.
  • External member ID, if the treasurer adds it.
  • Group role, sub-group, and join date, if the treasurer adds them.
  • Ledger entries and balance tied to that member.

We do not collect member contact information. We do not collect a member email address, a member phone number, or a member home address. The only adult contact tied to a member is the parent email the treasurer enters for billing.

5. Children's privacy and COPPA

Many members may be under thirteen years old. We treat all member data with that in mind. Children do not interact directly with Duezy. Children do not sign in, do not click links, and do not see any pages. All data about a member is entered by the treasurer, who is an adult acting on behalf of the group.

A parent or legal guardian can ask us to delete a member's record or to export the data we hold about that member. We will verify the request through the treasurer, then act within thirty days.

If you are a parent or legal guardian and you have questions about how Duezy handles your child's data, email us at tigercubs113@gmail.com.

6. How we use the data

We use the data above to:

  • Run the service and keep your group's ledger.
  • Send treasurers messages about their account, security alerts, billing notices if a paid tier applies, and material changes to the terms or this policy.
  • Send parents balance reminders and payment receipts.
  • Investigate errors, prevent abuse, and improve the service.
  • Comply with the law and respond to lawful requests.

We do not sell your data. We do not use it for advertising.

7. How we share data

We share data only with the service providers we need to operate Duezy, and only for that purpose. Today those providers are:

  • Supabase, for database hosting and authentication.
  • Vercel, for application hosting and serverless functions.
  • Stripe, for payment processing through Stripe Connect.
  • Resend, for transactional email delivery.
  • Upstash, for rate limiting through a Redis store.
  • Sentry, for error and crash tracking.
  • Google, as the identity provider for treasurer sign-in.

Each provider operates under its own privacy policy and data agreements. Links are in section 14.

We may also share data if the law requires it, in response to a valid legal request, or if we need to protect users from harm. We will tell you about a legal request when we are allowed to.

We will never sell your data. We will never share your data with advertisers or data brokers.

8. Cookies and tracking

Duezy uses a session cookie set by Supabase Auth so that you stay signed in. We also use a short-lived key in our rate-limit service to count requests. That is all.

We do not run analytics tracking pixels. We do not run advertising networks. We do not run third-party trackers. Sentry runs server-side and does not place a tracking cookie in your browser.

9. Data retention

We keep your group's data while your account is active. If you close your account or stop using the service, we will delete your data within ninety days.

Some records must be kept for longer to meet legal or financial rules. Payment records held by Stripe are kept under Stripe's own retention rules, which include IRS and Stripe-mandated periods. Logs and backups roll off on their own schedules, usually within ninety days.

10. Data export

A treasurer can request a full export of the data their group holds in Duezy at any time. Email us and we will deliver an export within thirty days.

11. Data deletion

A treasurer can request deletion of their group's data, and a parent or guardian can request deletion of a member's record. We will act within thirty days. We may keep limited records to meet our retention obligations in section 9, but those records will not be used for any other purpose.

12. Security

We use TLS for data in transit. Supabase encrypts the database at rest. Each tenant's data is isolated through row-level security, so one group cannot read another group's data through the application.

No system is perfectly secure. We do not claim that Duezy cannot be breached. If we discover a breach that affects your data, we will tell you within the time the law requires and we will tell you what we know.

13. Your rights

Depending on where you live, you may have additional rights over your data.

If you are a California resident, you can ask us what personal information we hold about you, ask us to delete it, and ask us not to sell it. We do not sell personal information.

If you are in the European Economic Area or the United Kingdom, you can ask us to give you a copy of your data, correct it, delete it, restrict how we use it, or object to how we use it. You can also complain to your local data-protection authority.

To exercise any of these rights, email us at tigercubs113@gmail.com. We will respond within thirty days.

14. Third-party services

For details on how our service providers handle data, see their policies:

15. Changes to this policy

We may update this policy. When we do, we will post the new version here with a new effective date. For material changes, we will send treasurers an email or show an in-app banner before the change takes effect.

16. Contact

Drew Conrad, dba Duezy
Email: tigercubs113@gmail.com
Mailing address:
Duezy
226 N. 5th Avenue, SW
Rome, GA 30165

Privacy questions or requests? tigercubs113@gmail.com