Privacy Policy

Privacy Policy for Get Paid App

Last updated: March 2026

At Get Paid App, operated by SERENAI Ltd in the United Kingdom, your privacy is extremely important to us.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Get Paid App, our website (https://get-paid.app), and related services including in-app support, feedback, and diagnostic features.

We comply fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are

This website and app are owned and operated by SERENAI Ltd, trading as Get Paid App.

Our registered office is based in North London, United Kingdom.

If you have any questions about this Privacy Policy or how we handle your data, please contact us through our contact page.

Data Controller

The Data Controller responsible for your information is SERENAI Ltd.

We determine the purposes and methods of processing any personal data collected through this website or the Get Paid App.

As a small business, we are not required to appoint a Data Protection Officer (DPO) under UK GDPR. However, we take our data protection responsibilities seriously and any privacy-related queries will be handled directly and promptly by our team.

What Data We Collect

On Our Website

When you use our website we may collect:

  • Contact information – such as your name, email address, and business details when you submit our contact form.
  • Technical data – including your IP address, browser type, and device information, collected automatically for analytics and security.
  • Usage data – such as the pages you visit and how you interact with our website.

In the Get Paid App

The Get Paid App is a local-first application. The vast majority of your data never leaves your device. Below is a full description of every category of data the App may access or store.

Information you enter directly

  • Business name, address, phone number, email address, and logo (displayed on invoices).
  • Customer names, addresses, phone numbers, and email addresses.
  • Invoice details: line items, quantities, prices, tax rates, discounts, deposits, due dates, payment status, and notes.
  • Products and service descriptions saved for reuse.
  • Payment records and payment method preferences.

This information is stored exclusively on your device using Apple’s CoreData framework. It is never uploaded to our servers.

Location data
If you enable the Mileage Tracker or “Save Location on Invoice” feature, the App requests access to your device location.

  • Mileage Tracker: GPS coordinates are used to calculate travel distance and time for job costing. This data is stored locally and can be added to an invoice as a line item.
  • Invoice location stamp: your approximate location at the time of creating or completing an invoice may be recorded on that invoice for your own records.

Location data is never transmitted to our servers and is never shared with third parties. You can disable location access at any time in your device Settings.

Camera and photo library
The App may request access to your camera or photo library solely to allow you to add your business logo to invoices. The image is stored on your device only and is never uploaded to our servers.

Contacts
If you use the “Import Customer” feature, the App requests read-only access to your Contacts to allow you to quickly populate customer details. Contact data is copied into the App’s local database and the original contact is not modified. We do not sync, upload, or share your contacts.

Face ID / Touch ID (biometric data)
If you enable the Biometric Lock feature, the App uses Apple’s LocalAuthentication framework to verify your identity using Face ID, Touch ID, or your device passcode before unlocking the App. We do not access, store, or transmit your biometric data at any time. Authentication is handled entirely by iOS.

App preferences (UserDefaults)
The App stores your preferences and settings (such as theme colour, notification preferences, and enabled features) locally in iOS UserDefaults. This data never leaves your device.

Device storage information
The App periodically checks available storage on your device to warn you if storage is running low. This check is performed locally — the result is displayed to you only and is never transmitted.

In-App Support and Feedback Features

The App includes the following optional features that may involve sharing data with us. None of these features are automatic — they only transmit data if you explicitly choose to use them.

Get Support
If you tap “Get Support”, the App opens your device’s Mail app with a pre-addressed email to our support team. Any information you include in that email (such as your name, email address, or a description of your issue) is sent to us and used solely to respond to your support request. This data is retained for up to 12 months and then deleted.

Send Us an Idea
If you tap “Send Us an Idea”, the App opens your device’s Mail app so you can submit a feature suggestion. Any personal information you include (such as your name or email address) is used only to respond to your idea and improve the App. This data is retained for up to 12 months.

Contact Us
The “Contact Us” option directs you to our website contact form or opens your Mail app. Any information submitted is handled in accordance with this Privacy Policy and used solely for responding to your query.

Send a Diagnostic Report
If you choose to send a Diagnostic Report (Settings → Support → Send Diagnostic Report), the App generates a plain-text log of recent app events, errors, and technical performance data. Before sending, you can review the full contents of the report. The log contains no personal information, no customer names or details, and no invoice content. It is only sent if you explicitly tap Send and share it via your email app. We use diagnostic reports solely for the purpose of identifying and fixing technical issues. Diagnostic data is retained for up to 90 days.

Data We Do NOT Collect

Get Paid does not collect, process, or store any of the following:

  • Advertising identifiers (IDFA) or any tracking identifiers.
  • Behavioural analytics or usage telemetry.
  • Financial account numbers, bank details, or payment card numbers.
  • Passwords or authentication credentials.
  • Any data from third-party data brokers.

We do not track you across other apps or websites. We do not sell, rent, or trade your personal information to any third party, ever.

Legal Basis for Processing Data

We process your personal data under the following legal bases as defined by the UK GDPR:

  • Consent – when you voluntarily submit your information (e.g. via our contact form, Get Support, Send Us an Idea, or Contact Us features). You may withdraw your consent at any time by contacting us.
  • Contractual necessity – when data is required to provide the App’s invoicing functionality or to support you as a user.
  • Legal obligation – when we are required to retain information for tax, record-keeping, or legal purposes.
  • Legitimate interest – for improving user experience, website security, service reliability, and responding to technical issues reported via diagnostic reports.

Third-Party Services

Get Paid integrates with the following third-party services. These are all optional and only active if you choose to use the relevant feature.

Apple App Store and StoreKit (subscriptions)
Subscription payments are processed entirely by Apple via the App Store. We never receive or handle your payment card details. Apple’s privacy policy governs how subscription data is handled: https://www.apple.com/legal/privacy/

Payment processing (Square, PayPal, Stripe)
If you enable the “Pay Now” button on invoices and configure a payment provider, your customers are directed to that provider’s own payment page. Get Paid does not process or store any payment card information. Each provider’s own privacy policy applies to transactions completed on their platform.

Email (Mail app)
When you send an invoice, a support request, a feature idea, or a backup file, the App opens your device’s Mail app (or another email app you have configured). The email is composed and sent by your email client — Get Paid does not have access to your email account credentials or your email history.

Your Responsibilities as a Business User (Data Processor Notice)

The Get Paid App is designed for business owners and sole traders to manage their own invoicing. When you use the App to store your customers’ personal data (such as names, addresses, phone numbers, and email addresses), you are acting as a Data Controller for that data under UK GDPR.

This means you are responsible for ensuring you have a lawful basis for storing your customers’ data, that you handle it securely, and that you respond to any requests your customers make regarding their personal data.

SERENAI Ltd, as the App developer, acts as a Data Processor only in limited circumstances (such as when you send a support email or diagnostic report). We do not access, control, or process your customers’ data stored on your device.

Cookies

Our website uses cookies to enhance functionality and security. Cookies are small files stored on your device to help our site remember your preferences and provide a better experience.

If you leave a comment on our site, you may choose to save your name, email, and website in cookies for convenience. These cookies last for one year.

You can disable cookies in your browser settings, but doing so may affect website functionality. For full details, see our Cookie Policy.

Please note: the Get Paid App itself does not use browser cookies. As a native iOS application, it uses iOS UserDefaults for storing preferences, not cookies.

Embedded Content from Other Websites

Pages on this site may include embedded content (e.g. videos, images, or articles). Embedded content from other websites behaves exactly as if you had visited that website directly. These sites may collect data about you, use cookies, or monitor your interaction with the content.

How We Use Your Data

We use your information for the following purposes:

  • To respond to contact form enquiries, support requests, feedback, or feature ideas.
  • To provide customer and technical support.
  • To diagnose and fix technical issues using anonymised diagnostic reports.
  • To improve our website and app performance.
  • To process App Store subscriptions via Apple.
  • To comply with UK legal and regulatory obligations.
  • To ensure security and prevent spam or abuse.

We will never use your data for automated decision-making or profiling that produces legal or similarly significant effects on you.

Who We Share Your Data With

We do not sell, rent, or trade your personal information.

We may share limited data with trusted third-party services strictly for operational purposes, such as:

  • Our web hosting provider, for secure storage of website data.
  • Email service providers, for delivering messages and notifications.
  • Apple Inc., solely in connection with App Store subscription billing.
  • Analytics providers (e.g. basic server logs) to monitor traffic and improve performance.

All third-party services we use comply with UK GDPR and maintain appropriate security standards.

Data Storage and Security

We take data protection seriously and have implemented appropriate technical and organisational measures to protect your data.

In the App: all data you enter is stored locally on your device in Apple’s CoreData database. We do not operate any servers that store your personal invoicing data.

  • Device encryption: your data benefits from iOS device encryption when your device is locked.
  • Biometric lock: you can add an additional layer of protection by enabling Face ID / Touch ID lock in the App settings.
  • Backups: if you use the built-in backup feature, backup files are sent to your own email address and stored by your email provider. Security of that storage is governed by your email provider.

On our website: all website data is stored on secure UK or EU servers protected by firewalls and SSL encryption (HTTPS). Access is restricted to authorised personnel only. Data is never shared with third parties for marketing purposes.

Despite our best efforts, no method of electronic transmission or storage is 100% secure. If you have any security concerns, please contact us immediately.

Data Breach Notification

In the unlikely event of a personal data breach affecting data held by SERENAI Ltd (for example, data submitted through our website contact form or support email), we will:

  • Notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach, where required by law.
  • Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms.

Because your invoicing data is stored locally on your device and never transmitted to our servers, a breach of our systems would not expose your invoice or customer data.

How Long We Retain Your Data

We only retain personal data for as long as necessary to fulfil the purposes outlined in this Privacy Policy.

  • Contact form submissions and support emails are stored for up to 12 months.
  • Feature ideas and feedback emails are stored for up to 12 months.
  • Diagnostic report data is retained for up to 90 days.
  • Analytics and server log data are retained for up to 90 days.
  • If you leave a comment on our website, the comment and metadata are stored indefinitely to help with spam detection.

In the App: your data remains on your device for as long as the App is installed. You can permanently delete all App data by going to My Account → Danger Zone → Reset All App Data. Uninstalling the App will also remove all locally stored data.

Your Rights Under UK GDPR

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights:

  • Right of access – to request a copy of the personal data we hold about you.
  • Right to rectification – to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data (“right to be forgotten”), where it is no longer necessary for the purpose for which it was collected.
  • Right to restrict processing – to ask us to pause processing your data in certain circumstances.
  • Right to object – to object to processing based on legitimate interests.
  • Right to data portability – to request a copy of your data in a commonly used, machine-readable format.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  • Rights related to automated decision-making – we do not carry out any automated decision-making or profiling, so this right is not applicable.

In the App, you have direct and immediate control: you can view, edit, and delete any record at any time, or use Reset All App Data to wipe everything instantly.

To exercise your rights in relation to our website or other data, please contact us through our contact page. We will respond within 30 days as required by law, and at no charge to you.

Right to complain: if you believe we have not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s independent data protection authority.

We would, however, appreciate the opportunity to address your concerns directly before you contact the ICO.

Apple Platform Privacy

Get Paid complies with Apple’s App Store Review Guidelines and includes a Privacy Manifest (PrivacyInfo.xcprivacy) declaring all privacy-sensitive API usage. The App declares the following required-reason APIs:

  • UserDefaults – used to store your app settings and preferences on-device only.
  • File Timestamps – used when managing backup files and diagnostic logs.
  • Disk Space – used to warn you when your device storage is running low.

The App does not use the Advertising Identifier (IDFA) and does not participate in Apple’s App Tracking Transparency framework.

International Data Transfers

We store and process website data within the United Kingdom or European Union.

Because all App data is stored locally on your device, no cross-border transfers to our servers take place in relation to your invoicing data. If you use a third-party payment provider (such as PayPal or Stripe), their respective data transfer and privacy policies apply.

If website data is ever transferred outside the UK or EU, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) are in place, in accordance with UK GDPR requirements.

Children’s Privacy

Get Paid is a professional invoicing tool intended for use by adults running a business. Our website and App are not designed for children under 16.

We do not knowingly collect personal information from minors. If you believe a child has provided data to us, please contact us immediately through our contact page and we will take appropriate steps to remove it promptly.

Policy Updates

We may update this Privacy Policy periodically to reflect legal changes, new features, or improvements to our services.

Any updates will be posted on this page with a revised “Last updated” date. Where changes are significant, we will make reasonable efforts to notify you (for example, via an in-app notice). Continued use of the App or website after changes are posted constitutes your acceptance of the updated policy.

We recommend reviewing this page periodically to stay informed about how we protect your data.

Contact for Data Requests

For privacy or data protection enquiries, please reach us via our contact page.

We do not display our email address publicly to reduce spam.

Alternatively, you can write to us at our registered business address in North London, UK.

We aim to respond to all privacy-related requests within 30 days as required by UK GDPR.

Summary

Your privacy matters to us. We collect only what is necessary, store it securely, and give you full control over your data.

The Get Paid App stores all your invoicing data locally on your device only — it is never sent to our servers.

In-app features such as Get Support, Send Us an Idea, Contact Us, and Send a Diagnostic Report only transmit data if you actively choose to use them, and only the minimum data necessary.

We comply with the UK GDPR and the Data Protection Act 2018. If you ever have a concern about your data, we want to hear from you first — but you also have the right to contact the ICO at any time.
 

Scroll to Top