Duebox

Privacy Policy

Privacy Policy

Last updated: 18 June 2026

Duebox is a financial document management platform that helps customers capture, review, organise and track bills, invoices, receipts, contracts, renewals and related obligations.

This Privacy Policy explains how Fitness Investments Pty Ltd trading as Duebox collects, uses, discloses and protects personal information.

1. Who operates Duebox

Duebox is operated by Fitness Investments Pty Ltd trading as Duebox.

You can contact us at support@duebox.app.

2. Information we collect

We collect:

Account information:

  • Name, email address and sign-in details
  • Account, workspace, team and user role details
  • Settings, preferences and support communications

Document data:

  • Files uploaded, scanned or forwarded, such as bills, invoices, receipts, contracts, policies and renewal notices
  • Extracted document data, including supplier names, invoice or bill numbers, references, amounts and dates
  • Due dates, scheduled payment dates, paid dates, notes, tags, document types and review status
  • Inbound or forwarded email content and metadata needed to receive, process and route documents

Billing information:

  • Billing contact details
  • Subscription status, plan, billing period and Stripe customer or subscription metadata
  • Payment method and card details are processed by Stripe and are not stored directly by Duebox

Technical and security data:

  • Log data, device and browser information, IP address and usage events
  • Security, rate-limit, error, diagnostic and audit information
  • Emails sent to and from Duebox, such as service, verification, account and notification emails

3. How we use information

We use your information to:

  • Provide and operate the Duebox service
  • Receive, upload, extract, organise and display documents in Review Queue, Dashboard, Calendar, Reports and Archive
  • Extract and organise document data, including amounts, dates, references, suppliers, tags and notes
  • Maintain audit history and activity logs
  • Send transactional, verification, service and account-related emails
  • Provide support and respond to requests
  • Manage subscriptions, billing, plan limits and account status
  • Secure the service, prevent abuse, apply rate limits and diagnose failures
  • Improve the product and reliability of the service
  • Comply with legal obligations

4. Automated extraction and AI/OCR processing

Uploaded and forwarded documents may be processed by automated extraction systems, OCR tools and AI providers, including Google/Gemini or similar extraction providers.

Automated extraction can be inaccurate, incomplete or fail. You are responsible for reviewing extracted supplier details, references, amounts, due dates, scheduled payment dates, paid dates and other document information before relying on it.

5. Third-party providers

We use third-party service providers to operate Duebox, including:

These providers process information only as needed to provide, secure and support the service.

  • Supabase for database and authentication
  • Vercel for hosting and application infrastructure
  • Postmark for email delivery
  • Stripe for billing, subscriptions and payment processing
  • Google/Gemini or other AI/OCR providers for document extraction
  • Upstash/Redis for rate limiting and operational controls

6. Sharing and disclosure

We may share information:

  • With service providers that help us operate Duebox
  • With users in your workspace according to workspace roles and permissions
  • When you choose to forward, export or share documents or data
  • When required for legal, compliance, security, safety or fraud-prevention reasons
  • As part of a business transfer, merger, restructuring or similar transaction, subject to appropriate protections

7. International processing and storage

Duebox and its service providers may process and store information in Australia and other countries. Those countries may have privacy laws different from your location.

By using Duebox, you understand that information may be transferred and processed internationally as needed to provide the service.

8. Security and retention

We take reasonable steps to protect information, including access controls, secure infrastructure and operational safeguards.

No system is completely secure. You are responsible for keeping your account credentials safe and for managing access to your workspaces.

We keep information for as long as needed to provide Duebox, comply with legal obligations, resolve disputes, maintain security, preserve audit history and support legitimate business needs. You can delete documents and account data where the product allows, subject to operational, legal and backup retention requirements.

9. Access, correction and deletion

You may request access to, correction of or deletion of personal information by contacting support@duebox.app.

We may need to verify your identity before responding. Some information may be retained where required for legal, security, billing, audit or operational reasons.

10. Cookies and similar technologies

Duebox uses cookies and similar technologies where needed for authentication, security, preferences and core application functionality.

We do not claim to use advertising analytics unless and until such tooling is implemented and disclosed.

11. Email communications

If you create an account, you may receive service-related, transactional and account emails.

You can unsubscribe from non-essential communications using the unsubscribe link where provided. Service, security and billing-related emails may still be sent where necessary.

12. Australian privacy context

Duebox is operated from Australia. We handle personal information in a practical, privacy-conscious way and aim to align with applicable Australian privacy obligations where they apply.

This policy is a general explanation of our privacy practices and does not limit any rights you may have under applicable law.

13. Changes

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised date.

Your continued use of Duebox after an update means you accept the updated policy to the extent permitted by law.

14. Contact

support@duebox.app