Privacy Policy

Effective date: April 23, 2026 · Last updated: April 26, 2026

This policy explains what information YardBill (“we”, “us”) collects, how we use it, and the choices you have. It applies to the YardBill website at yardbill.app, the authenticated app, customer-facing quote and invoice links (the /q/… and /i/… pages), and any email we send on your behalf.

If anything here is unclear, email support@yardbill.app and we'll explain in plain terms.

Who's covered by this policy

Two different people interact with YardBill:

• Landscapers (our direct customers). You sign up for an account, subscribe, create quotes and invoices, and run your billing through YardBill.
• Your customers (usually homeowners). They receive quotes and invoices from you via YardBill-generated links and emails. They don't sign up for anything; they just click a link to approve a quote or pay an invoice.

This policy covers both groups. Where something applies to one and not the other, we say so.

Information we collect

From landscapers

• Account info: email address, password (hashed), business name, contact email, phone, and any logo or address you upload for invoices.
• Business settings: default tax rate, payment instructions, invoice footer, payment link (Stripe / PayPal / Square, if configured).
• Your customer records: name, email, phone, address, notes, and service history — the information you type into YardBill about your own customers.
• Quotes and invoices you create, including line items, totals, and any messages.
• Onboarding survey answers (optional): previous tool, crew size, payment method.
• Usage analytics: pages viewed, features used, time spent. We use this to improve the product. See Analytics and cookies below.
• Billing info: processed by Lemon Squeezy (our payment partner) — we never see your card number. We store which plan you're on, status (active / cancelled / past due), the last four digits of your card, and the card brand for display purposes only.

From your customers (homeowners)

• What you provided: their name, email, and anything else you entered when you created the quote or invoice.
• Approval or payment actions: the IP address and user agent of the device used to approve a quote or view an invoice. Captured for anti-fraud only.

We do not ask your customers to create accounts, and we do not share their contact information with anyone outside the service.

Technical information

• IP address, browser type, device type, and referring URL — standard server-side logs.
• Session cookies to keep you signed in.

How we use the information

• To run the service — show you your data, render your quotes and invoices, send customer emails on your behalf, process subscriptions.
• To communicate with you — product updates, billing receipts (via Lemon Squeezy), critical security notices. We don't send marketing email unless you've explicitly opted in.
• To improve the product — understand which features get used, find bugs, measure activation.
• To keep the service safe — detect abuse, rate-limit attacks, investigate fraud.

We do not sell your data. We do not share your customer data with advertisers or third-party marketers.

Subprocessors (who we share with)

We use a handful of specialized providers to run YardBill. Each one has its own privacy policy and security practices. We only share the data needed for them to do their job.

• Vercel — hosting for the website and app (United States).
• Supabase — database and authentication (United States).
• Lemon Squeezy — merchant of record for subscriptions. When you subscribe, Lemon Squeezy is the legal seller of the YardBill plan and handles your payment, tax, and card data. We never see your card.
• Resend — delivery of transactional emails (quote sent, invoice sent, trial emails).
• PostHog — product analytics. We self-identify your account to PostHog by your user ID only; we don't pass your business name or customer lists.
• Google Analytics and Google Ads — landing-page measurement and ad attribution. We send page views and a "purchase" event when a subscription activates, plus your YardBill user ID so the same person showing up on different devices counts as one customer instead of three. We never send your email, name, business name, or customer lists.

If you'd like the full list of what each subprocessor can see, email us and we'll send you a data-processing summary.

Analytics and cookies

We use session cookies to keep you signed in and remember your Supabase session. These are essential — the app won't work without them.

We use PostHog to understand how the product is used. PostHog drops a cookie to link page views within a session.

We use Google Analytics to measure how people find the landing page and which channels lead to a paid trial, and Google Ads conversion tracking to know when a click on a Google ad turned into a subscription. Both set cookies on yardbill.app. We do not run retargeting campaigns, build audience lists, or sell or share your activity with third-party marketers.

You can opt out of any of the above by enabling "Do Not Track" in your browser, using a tracker-blocking extension, or emailing us — we'll exclude your account by user ID.

How long we keep data

• Active accounts — we keep your data as long as you're a customer.
• Cancelled or expired accounts — we retain your data for 90 days after cancellation in case you change your mind. After 90 days, we delete it (business profile, customers, quotes, invoices). Aggregated, anonymized usage data may be retained.
• Email records — Resend keeps delivery logs per its own retention policy (generally 30 days).
• Payment records — Lemon Squeezy retains these per its own policy for tax and compliance reasons, regardless of what we do.

Your rights

Wherever you're based, you can:

• Ask what we have on you. Email us and we'll send an export.
• Correct it. Most fields are editable in-app; for everything else, email us.
• Delete it. Close your account in Settings, or ask us to. See retention above.
• Object to analytics. Ask us and we'll exclude your user ID from PostHog and Google Analytics.

If you're in the EU / UK / California and have additional rights under GDPR or CCPA (data portability, opt-out of "sale" — we don't sell, but the regulatory definition is broad), email us and we'll handle the request manually. We don't have volumes that require a formal DSAR system yet.

Your customers' data

When your customers interact with the quote or invoice links you send, they're interacting with software you control. The data they see and the actions they take belong to your landscaping business. If one of your customers asks about their data, direct them to you — you're the "data controller" in that relationship; we're the "data processor" helping you run the service.

Children

YardBill is a business tool for US-based landscaping contractors. It's not directed at anyone under 18, and we don't knowingly collect information from children.

International transfers

Your data is stored in the United States (Supabase, Vercel, Lemon Squeezy all operate US infrastructure by default). If you're outside the US, using YardBill means your data will be transferred to and stored in the US.

Security

• All traffic is HTTPS-encrypted.
• Passwords are hashed (we never see them in plaintext).
• Database access is gated by row-level security policies — you can only read and write your own data.
• Customer-facing quote and invoice links use time-limited, signed tokens.

No system is impenetrable. If we ever have a breach affecting your data, we'll email you within 72 hours of discovery.

Changes to this policy

If we make material changes, we'll email active customers and update the "Last updated" date at the top. Minor clarifications may happen without notice.

Contact

Privacy questions, data requests, or anything else: support@yardbill.app. We typically respond within one business day.