Rivetbook
Privacy Policy
Last updated: 13 June 2026
Rivetbook is an invoicing app for tradespeople. This policy explains what personal data we process, why, and the rights you have over it. We designed Rivetbook to keep your data on your device wherever practical and to store as little as possible on our servers.
Who we are
The data controller responsible for your personal data is:
WorkersLab LLC
30 N Gould St STE N, Sheridan, WY 82801, USA
Email: [email protected]
What we collect, why, and our legal basis
Where the EU/UK General Data Protection Regulation applies, our legal bases are shown in brackets.
- Account & device. A random device identifier, an Ed25519 device key, and (only if you choose to add one) your email address. We use these to create your account, sync your data across your devices, and let you recover access by email. (Performance of our contract with you.)
- Your business & billing data. Your business profile, customers, invoices, line items, payments, and payment methods. This is the content you create to run your business. (Performance of our contract with you.)
- Photos. Photos you attach to invoices. We strip GPS location data from photos on your device before they are uploaded; location is never sent to our servers. (Performance of our contract with you.)
- Voice notes. On supported devices, voice-to-invoice runs entirely on your device and your audio never leaves it. If your device cannot do this and you explicitly opt in, the typed transcript (no audio) may be sent to our AI provider to extract line items. (Your consent.)
- Product analytics. If you consent, we collect pseudonymous usage data to improve the app. Analytics are off by default until you opt in. (Your consent.)
- Purchases. If you subscribe, our payments provider processes your subscription status. We never see your card details. (Performance of our contract; compliance with legal obligations.)
- Error monitoring. Crash and error reports, with personal data redacted, to keep the app reliable and secure. (Our legitimate interest in a secure, working product.)
Service providers (sub-processors)
We share data with the following providers only as needed to run Rivetbook. Each processes data on our behalf under a data processing agreement.
| Provider | Purpose | Location |
|---|---|---|
| Hetzner | Server hosting | EU (Germany) |
| Cloudflare R2 | Photo & export file storage | EU |
| Sentry | Error monitoring | EU (Germany) |
| PostHog | Product analytics (with consent) | EU |
| RevenueCat | Subscription management | USA (SCCs / DPF) |
| Apple | Push notifications, in-app purchases | USA (SCCs / DPF) |
| Push notifications, in-app purchases, optional cloud voice extraction | USA (SCCs / DPF) |
Where your data is stored
Your account, business data, photos, and exports are hosted and stored in the European Union by default. WorkersLab LLC, as controller, is based in the United States. Where a provider processes data outside the EU/UK (for example, our payments and platform providers in the USA), that transfer is covered by Standard Contractual Clauses and/or the EU-US and UK-US Data Privacy Framework.
How long we keep your data & deleting your account
You can request a copy of your data at any time from the app. We assemble a ZIP containing your profile, business details, customers, invoices, line items, payments, payment methods, and the photos attached to your invoices, in machine-readable CSV and JSON formats. We email you a secure download link that expires after 7 days. You can request a new export once every 24 hours.
When you delete your account, we immediately and permanently delete your login identity, devices, photos, analytics data, draft invoices, and any customers you never billed on a sent invoice. You can never sign back into the account. You can delete your account from inside the app, or from the web at rivetbook.com/data-deletion.
As a business, you are legally required to keep the invoices you issue for several years (for example, around 6 years in the UK, and longer in some countries). So that you can meet those obligations and so we can resolve any disputes, when you delete your account we do not erase the invoices you have already sent. Those records (their line items and payments, the customers they were billed to, and the business details shown on them) are locked and retained for up to 8 years (counted from the end of the calendar year of the latest invoice), excluded from all normal use, and then permanently deleted. We keep them on the basis of our legitimate interest in supporting your record-keeping and defending legal claims. They are not anonymized, because the records must remain intact and verifiable to serve as valid tax documents.
Your rights
Depending on where you live, you have the right to access, correct, export, delete, restrict, or object to the processing of your personal data, and to withdraw consent at any time. To exercise these rights:
- Access & export: use “Export my data” in the app.
- Deletion: use “Delete account” in the app, or rivetbook.com/data-deletion.
- Correction: edit your business and customer details in the app.
- Withdraw consent: turn Analytics or Cloud voice off at any time in the app’s Privacy settings. It is as easy to withdraw as it is to give.
- Anything else: email [email protected].
If you are in the EU or UK, you also have the right to lodge a complaint with your local data protection authority.
On-device voice processing
On supported hardware, Rivetbook transcribes your voice notes and extracts invoice line items entirely on your device. Your audio is never uploaded, and the recording is deleted after transcription. Cloud voice extraction is used only on unsupported devices, only if you opt in, and only the typed transcript (never audio) is sent. Extracted line items are suggestions you review and edit before sending an invoice; nothing is decided automatically.
Children
Rivetbook is a tool for businesses and is not directed to children under 16. We do not knowingly collect personal data from children.
How we protect your data
We encrypt data in transit (TLS 1.3) and at rest, separate access by role, keep an audit log of invoice and payment changes, take encrypted backups, and redact personal data from our error logs. Authentication is password-less, using device-bound keys and email magic links.
Changes to this policy
We may update this policy as Rivetbook evolves. We will revise the “Last updated” date above and, for material changes, notify you in the app.
Contact
Questions about this policy or your data? Email [email protected].