Privacy Policy

1. Introduction

Reeve Inc. ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the Reeve platform ("the Service").

2. Information We Collect

Account information: Your name, email address, workspace/business name, role, and billing details (processed by our payment provider; we do not store full card numbers).

QuickBooks Online data (read-only): We access your QuickBooks Online company via Intuit's authorized OAuth integration with the com.intuit.quickbooks.accounting scope. We do not write to, modify, or delete any data in your QuickBooks account. Specifically, we read:

Invoices: invoice number, issue date, due date, total amount, outstanding balance, payment status, and associated customer reference.
Customers: display name, first/last name, company name, primary email address, primary phone number.
Payments: payment events and the invoices they apply to, used to detect when a follow-up should stop.
Company info: the company name associated with your QuickBooks realm, for display within the Service.
Invoice PDFs and pay links: fetched on-demand when a follow-up email is sent, so the client can pay from the email.

We do not read or store QuickBooks data outside these categories (no vendor, employee, payroll, tax, or banking information).

Email provider data: When you connect Gmail or Microsoft Outlook, we store OAuth tokens and your sending address/display name. We read only messages that are direct replies to follow-ups the Service sent, so we can classify them (for example, as a payment promise or dispute) and pause the follow-up sequence. We do not read other messages in your inbox, and we do not store your inbox contents.

Communications: Copies of follow-up emails we send on your behalf, the text of replies we receive, and Reeve's classification of those replies.

Usage data: Information about how you interact with the Service, including pages visited, features used, and actions taken, for product analytics and security monitoring.

3. How We Use Your Information

We use your information to:

Operate and maintain the Service
Generate and send follow-up emails to your clients on your behalf
Monitor your QuickBooks account for invoice and payment activity
Detect payments and automatically stop follow-up sequences
Provide analytics and reporting on collection activity
Process billing and manage your subscription
Communicate with you about the Service
Improve and develop new features

4. Subprocessors and Data Sharing

We do not sell your personal information. We share data only with the subprocessors needed to operate the Service, and with third parties you have explicitly authorized (for example, Intuit via OAuth):

Supabase, Inc. (U.S.) — managed PostgreSQL database and authentication; stores all application data (accounts, workspaces, invoices synced from QuickBooks, follow-up history, OAuth tokens).
Vercel, Inc. (U.S.) — application hosting and edge delivery.
Intuit Inc. — QuickBooks Online API; data flows both directions via OAuth with your authorization.
Google LLC and Microsoft Corporation — Gmail and Outlook APIs, used only when you connect one of those providers as your sending mailbox.
Anthropic, PBC — the model we use to draft follow-up copy, classify replies, and summarize conversations. We send the minimum text needed (the client name, the invoice context, and the reply body). Anthropic does not train its models on our API traffic under its business terms.
Resend, Inc. — transactional email delivery for product notifications (e.g., account verification, system alerts). Not used to send follow-ups to your clients — those go through your own Gmail/Outlook account.
Stripe, Inc. — subscription billing and card processing. We do not store full card numbers.
Legal: When required by law, court order, or to protect our rights, safety, or property.

5. Data Security

We take appropriate technical and organizational measures to protect your data:

All traffic is encrypted in transit using TLS 1.2+.
Database storage is encrypted at rest.
QuickBooks, Gmail, and Outlook OAuth tokens are stored in a database secured by row-level access controls scoped to your workspace.
Incoming webhook payloads from QuickBooks are verified with an HMAC-SHA256 signature against Intuit's verifier token; unverified payloads are rejected.
OAuth callbacks use cryptographically random state parameters verified against a per-session cookie to prevent CSRF.

No method of transmission or storage is 100% secure. If we become aware of a security incident affecting your data, we will notify you as required by applicable law.

6. Data Retention and Deletion

While your account is active: We retain the data described above for as long as needed to operate the Service.

When you disconnect QuickBooks: We immediately revoke the OAuth tokens at Intuit and delete them from our database. Historical invoice and client records synced from QuickBooks remain in the Service so analytics and past follow-up history stay intact. You may request deletion of that historical data at any time.

When you disconnect Gmail or Outlook: We immediately delete the OAuth tokens and stop the inbound reply subscription at the provider.

When you close your account: We revoke all OAuth connections and delete your workspace data within 30 days, except where retention is required by law or for legitimate business records (e.g., billing records kept by our payment processor).

7. Your Rights

Depending on your location, you may have the right to:

Access, correct, or delete your personal information
Export your data in a portable format
Opt out of certain data processing activities
Withdraw consent where applicable

To exercise these rights, contact us at hello@getreeve.ai.

8. Cookies

We use essential cookies to operate the Service and analytics cookies to understand usage patterns. You can control cookie preferences through your browser settings.

9. Third-Party Services

The Service integrates with QuickBooks Online, Gmail, and Microsoft Outlook. Connecting any of these services is your choice; you may disconnect at any time from Settings → Integrations. Your use of those services is governed by their own privacy policies:

Follow-up emails are sent from your own connected mailbox, using your own name and address. Recipients of those emails see them as coming directly from you, not from Reeve. You remain the sender of record and the data controller with respect to your clients.

9a. Google API Services — Limited Use

Reeve's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, when you connect Gmail, Reeve uses the gmail.send scope to send invoice follow-up emails on your behalf and the gmail.readonly scope to read direct replies to those follow-ups so the agent can classify intent (promise to pay, dispute, payment confirmation, request for more time) and pause or resume sequences accordingly. We do not read messages outside of replies to Reeve-sent threads, we do not store the contents of your inbox, we do not transfer Gmail data to any third party other than the subprocessors listed above (and only for the purpose of operating the Service for you), we do not use Gmail data for serving advertising, and we do not allow humans to read Gmail data except (a) with your explicit consent for support troubleshooting, (b) for security investigations or to comply with applicable law, or (c) where the data has been aggregated and anonymized and is used for internal operations in accordance with the Limited Use exceptions.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service. The "Last updated" date at the top reflects the most recent revision.

12. Contact

Questions about this Privacy Policy? Email us at hello@getreeve.ai.