BUSINESSILY
Legal

Your data, handled honestly

This policy explains exactly what Businessily collects, what it never collects, where your information lives, and the rights you have over it. Written in plain English, because privacy you can't understand isn't really privacy.

Effective date: June 2, 2026

This document is a general template provided for transparency. It is not legal advice. If you have specific legal or regulatory needs, please consult a qualified attorney before relying on it.

1. Who we are

Businessily is a free, privacy-first business-management app for U.S. solopreneurs, freelancers, and small teams. It is independent and bootstrapped — there are no advertisers, no venture investors, and no business model that depends on your data. The web app is live at businessily.app; native iPhone, iPad, Mac, and Android apps are coming soon. You can reach us anytime at honorius@neogy.dev.

2. Our privacy-first model

Businessily is built so that, by design, we hold as little of your data as possible. How that works depends on the platform you use.

On Apple devices (iPhone, iPad, Mac)

Your data is stored fully on your device using SwiftData, and the app works offline. Nothing is sent to Businessily servers unless you choose to turn on cross-platform sync. Sync is opt-in: you can use Apple's iCloud (CloudKit), which stores data in your own iCloud account encrypted by Apple, or an optional cross-platform private cloud. If you don't enable sync, your records never leave your device.

On the web app

Your data lives in a private cloud — a PostgreSQL database (hosted by Supabase) protected by Row-Level Security (RLS). RLS means the database itself enforces that only your authenticated account can read your rows; no other user can reach them. Data is encrypted in transit (HTTPS/TLS) and encrypted at rest by the cloud provider. You can start anonymously and, if you like, add an email magic-link or password later.

Things we never store

  • Full Social Security Numbers or EINs. Full tax IDs are never stored in the cloud — only a masked last-4. This is enforced by the database schema itself: there is no column for the full value. It's architecture, not just a promise.
  • Bank login credentials. We do not use Plaid or any bank-login aggregator. When you import a bank statement (CSV, OFX, or QFX), the file is parsed and auto-categorized locally — in your browser or on your device — before anything is saved. Your banking credentials never touch Businessily.

3. What data we collect

  • Account information. If you choose to add one, your email address (used for magic-link sign-in or password recovery). You can use the web app anonymously without providing an email.
  • Business records you enter. The information you put into Businessily to run your business — clients, invoices, income, expenses, mileage, appointments, and the masked last-4 of any tax IDs. On Apple devices this stays on-device unless you enable sync; on the web it lives in your RLS-isolated private cloud.
  • Minimal technical logs. The basic, short-lived operational data needed to keep the service running and secure (for example, error and request logs from our hosting providers). We keep these to the minimum required to operate reliably.

4. What we do not collect or do

  • We do not show ads.
  • We do not sell, rent, or share your data for marketing, advertising, or profiling.
  • We do not embed third-party advertising SDKs or cross-site trackers.
  • We do not build advertising profiles about you.

For more on how this all fits together, see our security & architecture page and our comparison with other tools.

5. Legal bases and your rights

We process your information to provide the service you've asked for (performing our agreement with you), to keep that service secure and reliable (our legitimate interest in running it safely), and to comply with applicable law. Where consent is the appropriate basis — for example, connecting an optional integration — we ask for it and you can withdraw it.

You have the right to:

  • Access the data associated with your account.
  • Export your records — invoices, mileage logs, and other data can be exported (for example as CSV or PDF).
  • Delete your data or your entire account at any time. On Apple devices, deleting the app or your records removes on-device data; in the cloud, you can delete your account and the data tied to it.

To exercise any of these rights, contact us at honorius@neogy.dev.

6. Data retention

We keep your business records for as long as your account is active so the service works for you. When you delete your data or account, it is removed from the active database; backups and operational logs age out on a short, routine cycle. Minimal technical logs are kept only as long as needed to operate and secure the service.

7. Sub-processors

We use a small number of trusted infrastructure providers, and only the ones genuinely needed to run the service:

  • Supabase and Cloudflare — cloud hosting for the web app's database, auth, serverless functions, and site delivery.
  • Stripe — only if you connect your own Stripe account to accept card payments on invoices. Payments go directly to you via Stripe Connect; Businessily never holds your funds and never stores your Stripe secret keys.
  • Google Calendar — only if you connect it for two-way scheduling sync.
  • Apple iCloud — only if you enable iCloud sync on an Apple device, in which case data is stored in your own iCloud account and encrypted by Apple.

The optional integrations above are exactly that — optional. They are only active if you connect them.

8. Children

Businessily is a tool for running a business and is not directed to children. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us information, contact us and we will delete it.

9. Security

We protect your data with TLS encryption in transit, encryption at rest, and Row-Level Security that isolates each account's data at the database level. Full tax IDs are kept out of the cloud entirely by schema design. To be honest with you: Businessily is early and independent. We do not yet hold SOC 2 or ISO 27001 audits, and the web tier is not end-to-end ("zero-knowledge") encrypted — the cloud can technically process your non-secret business records in order to sync them, though it cannot see full tax IDs and RLS prevents anyone else from reading your rows. No system is ever perfectly secure, and we won't pretend otherwise. Read the full, plain breakdown on our security page.

10. International note

Businessily is built for U.S. solopreneurs and operated from the United States. If you access the service from outside the U.S., your information may be processed in the United States, where data-protection laws may differ from those in your location. By using Businessily you understand this processing may occur.

11. Changes to this policy

If we make a meaningful change to this policy, we'll update the effective date above and, where appropriate, let you know in the app. Continued use of Businessily after an update means you accept the revised policy.

12. How to contact us

Questions, requests, or concerns about your privacy? Email honorius@neogy.dev — a real person reads it. See also our contact page, our terms of service, our FAQ, and our accessibility statement.

Reminder: this policy is a general template and not legal advice. If your situation has specific legal requirements, please have it reviewed by counsel.

Privacy that's built in, not bolted on

Start in your browser in seconds — no credit card, no ads, no data selling. Native iPhone, iPad, Mac, and Android apps are coming soon.

Open the free web app See how the architecture works