APSTACKBack to dashboard

Privacy Policy

Effective date: April 18, 2026

1. Overview

APStack, Inc. ("APStack," "we," "our," or "us") operates an accounts payable automation platform accessible at apstack.ai (the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using the Service you agree to the practices described here.

2. Information We Collect

2.1 Account Information

When you sign up we collect your name, email address, and authentication credentials managed by our identity provider (Clerk). We do not store raw passwords.

2.2 Invoice and Financial Data

You upload invoice documents (PDFs and images) for processing. We extract and store structured data from those documents including vendor names, invoice numbers, dates, line items, and totals. This data is associated with your account and used solely to provide the Service.

2.3 QuickBooks Connection Data

If you connect your QuickBooks account, we store OAuth tokens and your QuickBooks realm ID to enable posting approved invoices on your behalf. We do not store your QuickBooks password. You may disconnect at any time from within the Service.

2.4 Usage Data

We automatically collect standard log data including IP addresses, browser type, pages visited, and timestamps. This helps us diagnose issues and improve the Service.

2.5 Text Intake and Mobile Messaging Data

If you link a mobile phone number for text intake, send APStack an SMS/MMS message, or choose to receive text workflow updates, we collect your mobile phone number, message metadata, message contents, attachments you send, consent status, and related delivery or support information. We use this information to provide text intake, account notifications, AP workflow updates, and help or opt-out handling.

3. How We Use Your Information

We use the information we collect to:
  • Extract, validate, and present invoice data for your review
  • Post approved invoices to your connected QuickBooks account
  • Detect duplicate invoices and flag low-confidence extractions
  • Provide customer support and respond to your inquiries
  • Send transactional emails related to your account activity
  • Send transactional SMS/MMS messages when you opt in to text intake or workflow updates
  • Improve the accuracy of our AI extraction models (using de-identified data only)
  • Comply with applicable legal obligations

We do not sell your personal information or financial data to third parties, and we do not use your invoice data for advertising purposes.

4. Third-Party Services

APStack uses the following sub-processors to deliver the Service:
ClerkUser authentication and session management. Privacy policy →
SupabaseDatabase storage for invoice and account data. Privacy policy →
Intuit / QuickBooksAccounting integration (only when you explicitly connect your account). Privacy policy →
TwilioSMS/MMS delivery for text intake confirmations and workflow updates. Privacy policy →
VercelApplication hosting and CDN. Privacy policy →
OpenAIAI-based invoice data extraction (data is not used to train OpenAI models per our agreement). Privacy policy →

5. Data Retention

We retain your account data and invoice records for as long as your account is active. If you delete an invoice within the Service, it is permanently removed from our database and storage within 30 days. If you close your account, we will delete all associated data within 60 days unless we are required to retain it by law.

6. Security

We implement industry-standard security measures including encryption at rest and in transit (TLS 1.2+), access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. To exercise any of these rights, contact us at info@apstack.ai. We will respond within 30 days.

8. Mobile Messaging Privacy

APStack sends text messages only to users who opt in by linking their mobile phone number in APStack settings and checking an optional, unchecked SMS/MMS consent checkbox. Messages may include document intake confirmations, processing updates, review reminders, support responses, workspace alerts, and account workflow updates. Consent to receive SMS/MMS messages is optional and is not required to create an account or use APStack. Message frequency varies based on your APStack activity. Message and data rates may apply. You can reply STOP to opt out or HELP for help.

APStack does not sell, rent, or share mobile phone numbers, SMS opt-in data, or SMS consent information with third parties or affiliates for marketing or promotional purposes.

We may share mobile messaging information with service providers only as needed to deliver APStack messages, operate the Service, comply with law, or protect APStack and its users.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at: info@apstack.ai