Privacy Policy
Effective Date: July 2, 2026
Last Updated: July 2, 2026
1. Introduction
Slate Platform LLC ("Slate," "we," "us," or "our") is a limited liability company organized under the laws of the State of Florida. We operate the financial management platform available at slatedash.io (the "Platform" or the "Service").
This Privacy Policy describes how we collect, use, store, disclose, and protect information in connection with your use of the Service. It also explains the choices you have regarding your information and the rights you may exercise.
We designed Slate for owners and operators of creative service businesses — including video production companies, photographers, event professionals, and freelancers — who use the Platform to manage invoices, payments, expenses, jobs, clients, and financial reporting. Because the Service handles sensitive financial information, we take privacy and security seriously, and we have written this policy to be as clear and transparent as possible.
The Service is intended for businesses and individuals in the United States. It is not designed for, or directed to, individuals in the European Union, the United Kingdom, or other jurisdictions outside the United States, and it does not purport to comply with the GDPR, the UK GDPR, or similar non-U.S. data-protection laws.
By creating an account or otherwise using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.
2. Scope of This Policy
This Privacy Policy applies to information we process about:
- Account holders and authorized users who register for and use the Platform;
- Visitors to slatedash.io; and
- Individuals whose information appears within the financial data you import or enter — for example, your clients, customers, and subcontractors (including any tax-identification information contained in documents you upload, such as IRS Form W-9).
This Privacy Policy does not apply to the practices of third parties that we do not own or control, including Stripe, Plaid, QuickBooks (Intuit), Supabase, Vercel, or Postmark. Your use of those services, and the data your clients provide directly to them, are governed by their own privacy policies and terms.
3. Information We Collect
We collect information in three ways: information you provide directly, information we receive from third-party integrations you authorize, and information generated automatically through your use of the Service.
3.1 Information You Provide Directly
- Account and profile information: your name, email address, business name, business type or industry, business address, time zone, business logo, invoice preferences, and invoice numbering.
- Authentication information: the email and password you use to access your account and, if you enable it, multi-factor authentication (time-based one-time passcode) enrollment and one-time backup recovery codes (which we store only in hashed form).
- Financial data you enter or upload: revenue and job records, expense records, invoices and estimates, clients and customers, subcontractors and subcontractor payments, assets and depreciation, mileage and travel records, and tax configuration settings.
- Uploaded documents: files you upload to the Platform, including your business logo, expense receipts, generated invoice PDFs, and subcontractor tax documents (IRS Form W-9), which may contain a contractor's Social Security Number or Employer Identification Number. These files are stored in our file storage (see Section 10) within your isolated tenant space.
- Communications: information you provide when you contact us for support or otherwise correspond with us.
3.2 Information You Import From Connected Services
When you connect a third-party service or upload an export file, we ingest the financial data contained in that source so that we can populate your dashboard. This may include:
- Bank and credit card data (via Plaid): account balances and transaction history for the accounts you choose to connect.
- QuickBooks data (via Intuit's API, when connected): Profit & Loss reports, invoice lists, customer lists, balance sheets, transaction dates, invoice numbers, amounts, and payment status.
- Uploaded files: the contents of CSV exports you upload from QuickBooks, Wave, HoneyBook, FreshBooks, or similar sources.
3.3 Information Collected Automatically
- Usage data: features you use, actions you take, and the dates and times of your activity.
- Device and technical data: IP address, browser type and version, operating system, and similar technical identifiers, including as used for security and rate-limiting.
- Cookies and session data: see Section 11 (Cookies and Tracking Technologies).
3.4 Information We Do Not Collect or Store
- We do not store full payment card numbers, card verification values (CVV), or bank login credentials. Payment card data is handled entirely by Stripe; your bank login credentials are entered directly into Plaid and are never transmitted to or stored by Slate.
4. Stripe, Payments, and the Connected-Account Relationship
Slate uses Stripe, Inc. ("Stripe") for two distinct purposes, and it is important to understand the difference.
- Your subscription to Slate. Your $20/month subscription to the Platform is billed by Slate through Stripe. Stripe collects and processes your payment card information for that subscription; Slate does not store your full card number, expiration data, or CVV.
- Payments you collect from your clients (Stripe Connect). If you choose to accept invoice payments, you connect or create a Stripe Express connected account and complete Stripe's identity verification. Payments your clients make on your invoices are processed as direct charges on your connected account. You are the merchant of record for those transactions; Slate is not a party to them and charges no platform fee on your invoices. We receive limited transaction metadata from Stripe (such as payment status, amount, and identifiers) to update your invoices and financial records.
- Stripe's role. Stripe's collection and use of payment information — including information your clients provide at checkout — is governed by Stripe's own privacy policy, available at stripe.com. Your connected account is additionally subject to Stripe's Connected Account Agreement.
5. Plaid and Bank Account Data
Slate uses Plaid Inc. ("Plaid") to let you connect your bank and credit card accounts.
- You authenticate directly with Plaid. When you link an account, you enter your financial institution credentials into Plaid's interface — not into Slate. Slate never sees, receives, or stores your bank login credentials.
- Access tokens are encrypted. The access tokens Plaid issues so we can retrieve your data are encrypted at rest using AES-256-GCM encryption and are never exposed to your browser or to any other tenant.
- What we retrieve. Through Plaid, we retrieve transaction history and account-balance information for the accounts you connect, which we use to populate your expense tracking and financial dashboard.
- Your control. You may disconnect any linked account at any time from Settings — Connected Banks. When you disconnect an account or delete your Slate account, we instruct Plaid to remove the corresponding connection so that no further data is retrieved.
- Plaid's role. Plaid's collection and use of your information is governed by Plaid's own end-user privacy policy, available at plaid.com. By connecting an account, you also agree to that policy.
6. QuickBooks Data
Slate offers an optional integration with QuickBooks Online through Intuit's authorized OAuth 2.0 connection, designed around the principle of least privilege.
- Read-only access. When you connect QuickBooks, Slate requests read-only access. We do not write to, modify, or delete anything in your QuickBooks account.
- What we pull. We retrieve Profit & Loss reports, the invoice list, the customer list, and the balance sheet for the date range you select, solely to populate and maintain your Slate dashboard.
- How we store it. Imported data is stored within your isolated tenant space. The OAuth access and refresh tokens that authorize the connection are encrypted at rest using AES-256-GCM encryption and are never exposed to your browser or any other tenant.
- How we use it. We use QuickBooks data only to provide the Service to you. We do not sell QuickBooks data, and we do not use it for advertising, profiling, or any purpose unrelated to providing the Service.
- Your control. You may disconnect QuickBooks at any time from Settings. Disconnecting revokes Slate's token with Intuit and stops further data retrieval. Previously imported data remains in your account unless you delete it or close your account.
- Compliance. Our access to and use of information received from Intuit APIs adheres to the Intuit Developer terms and applicable API policies, including limitations on use and disclosure.
7. How We Use Your Information
We use the information we collect to:
- Provide, operate, maintain, and secure the Service;
- Import, organize, and display your financial data;
- Generate financial reports, projections, tax estimates, and related insights;
- Create and send invoices and process payments you initiate;
- Synchronize and reconcile data across your connected services;
- Authenticate your identity and protect your account, including through multi-factor authentication and rate limiting;
- Provide customer support and respond to your requests;
- Send transactional messages, such as email verification, invoices, and payment receipts;
- Monitor, troubleshoot, and improve the performance and features of the Platform;
- Detect, investigate, and prevent fraudulent, unauthorized, or unlawful activity; and
- Comply with our legal obligations and enforce our agreements.
We do not use your financial data to serve advertising, and we do not sell your personal information.
8. How We Share and Disclose Information
We do not sell your personal information. We disclose information only in the limited circumstances described below.
8.1 Service Providers and Subprocessors
We share information with vendors that perform services on our behalf, bound by obligations to protect your information and to use it only to provide their services to us. These include:
- Supabase — our database, authentication, and file storage provider; hosts your account data, financial records, and uploaded documents.
- Vercel — application hosting and content delivery for the Platform.
- Stripe — subscription billing (your payment to Slate) and payment processing for invoices you collect through your Stripe connected account.
- Plaid — bank and credit-card account connectivity for the accounts you link.
- Postmark — delivery of transactional email (email verification, invoices, payment receipts, and team invitations).
- Intuit / QuickBooks — accounting data import, only when and while you authorize the QuickBooks connection.
Email verification, password-reset, and similar account-security messages are sent through Supabase's authentication system using Postmark for delivery.
8.2 At Your Direction
We share information with third parties when you direct us to — for example, when you connect an integration, send an invoice to a client, or generate a payment link.
8.3 Legal and Safety
We may disclose information if we believe in good faith that disclosure is necessary to: comply with applicable law, regulation, legal process, or governmental request; enforce our Terms of Service; detect, prevent, or address fraud, security, or technical issues; or protect the rights, property, or safety of Slate, our users, or others.
8.4 Business Transfers
If Slate is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of its assets, your information may be transferred as part of that transaction, subject to the protections of this Privacy Policy.
9. How We Use Cookies, Sessions, and Authentication
Slate uses cookies and similar technologies that are strictly necessary for the operation of the Platform — primarily for authentication and session management. When you sign in, we set secure, HTTP-only session cookies (marked Secure in production) that keep you logged in and are refreshed as you use the Platform. We do not use advertising cookies, and we do not sell information collected through cookies. Because these cookies are essential to providing the Service, disabling them may prevent the Platform from functioning.
10. Data Storage, Security, and Tenant Isolation
We implement administrative, technical, and organizational measures designed to protect your information, including:
- Tenant isolation. The Platform is multi-tenant, and each customer's data is logically isolated. We enforce database row-level security so that one tenant cannot access another tenant's data.
- Encryption in transit. Data is transmitted over encrypted HTTPS/TLS connections.
- Encryption at rest for sensitive credentials. Third-party connection tokens — including Plaid bank-connection tokens and QuickBooks OAuth tokens — are encrypted at rest using AES-256-GCM encryption and are accessible only to secured server-side processes.
- File storage. Uploaded documents (logos, receipts, invoice PDFs, and W-9 documents) are stored in access-controlled storage buckets scoped to your organization and served only through short-lived signed links.
- Authentication controls. We support multi-factor authentication (time-based one-time passcodes). One-time backup recovery codes are stored only as salted hashes, never in plain text.
- Abuse and rate controls. We apply application-level rate limiting to sensitive operations to help prevent abuse.
- Access controls and review. We restrict internal access to data and review our security practices from time to time.
No method of transmission or storage is completely secure. While we use reasonable security measures designed to safeguard your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for activity that occurs under your account.
10.1 Data Breach Notification
In the event of a data breach affecting your personal information, we will take reasonable steps to investigate and address the incident. Where required by applicable law, we will notify affected users and the appropriate authorities without undue delay and in accordance with the requirements of such laws. Please keep your contact information current so we can reach you if necessary.
11. Data Retention and Deletion
We retain your information for as long as your account remains active or as needed to provide the Service, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
You can delete your account at any time from your Settings. Because account deletion is designed to be thorough, it is permanent and cannot be undone — we recommend you export any records you wish to keep before deleting. When you delete your account, we:
- Instruct Plaid to remove each connected bank Item, invalidating the connection upstream;
- Revoke Slate's QuickBooks authorization with Intuit, if connected;
- Delete your uploaded files from storage — including logos, receipts, invoice PDFs, and W-9 documents (which may contain a contractor's Social Security Number or EIN);
- Delete your account and organization data from our database, which cascades to your financial records, clients, invoices, expenses, jobs, and related data; and
- Delete your authentication record, including any multi-factor enrollment and hashed backup codes.
The external revocation and file-deletion steps are performed on a best-effort basis; a temporary outage at a third-party provider will not prevent the deletion of your account and database records. We may retain limited information where we are required or permitted by law to do so (for example, records necessary for tax, accounting, or fraud-prevention purposes), and residual copies may persist in routine backups for a limited period before being overwritten.
12. Your Privacy Rights and Choices
Depending on your jurisdiction, you may have some or all of the following rights with respect to your personal information:
- Access — request a copy of the personal information we hold about you;
- Correction — request that we correct inaccurate or incomplete information;
- Deletion — request that we delete your personal information, or delete your account directly from Settings;
- Portability — export your data from the Platform, or request a copy in a portable format;
- Withdrawal of consent — disconnect third-party integrations (Plaid, QuickBooks, Stripe) at any time from your Settings; and
- Objection or restriction — where applicable law provides, object to or request restriction of certain processing.
To exercise any of these rights, contact us at privacy@slatedash.io. We may need to verify your identity before fulfilling your request, and we will respond within the timeframe required by applicable law. We will not discriminate against you for exercising any of your privacy rights.
13. California Privacy Rights
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), may provide you with specific rights regarding your personal information, to the extent it applies to us. We include this section as a matter of prudence; whether Slate meets the CCPA/CPRA's applicability thresholds in a given period depends on our size and data practices at that time.
- Right to know the categories and specific pieces of personal information we have collected, the sources, the business purpose, and the categories of third parties with whom we share it.
- Right to delete personal information we have collected from you, subject to certain exceptions.
- Right to correct inaccurate personal information.
- Right to opt out of sale or sharing. We do not sell your personal information, and we do not share it for cross-context behavioral advertising. Because we do not engage in these activities, there is nothing to opt out of — but you retain the right to direct us not to do so.
- Right to limit use of sensitive personal information. We use sensitive personal information (such as financial-account information) only to provide the Service and as otherwise permitted by the CCPA/CPRA.
- Right to non-discrimination for exercising any of your rights.
To exercise these rights, contact us at privacy@slatedash.io. You may designate an authorized agent, subject to our verification. The categories of personal information we collect, our purposes, and the parties with whom we share it are described in Sections 3, 7, and 8.
14. Other U.S. State Privacy Rights
If you reside in Virginia, Colorado, Connecticut, Utah, or another U.S. state that has enacted a comprehensive consumer privacy law, you may have rights similar to those above — including to access, correct, delete, and obtain a portable copy of your personal information, and to opt out of the sale of personal information or targeted advertising. As noted, we do not sell personal information or engage in targeted advertising. To exercise any applicable rights, contact us at privacy@slatedash.io. Where required by law, you may appeal a decision regarding your request by replying to our response.
15. Children's Privacy
The Service is intended solely for individuals who are at least eighteen (18) years of age using it in connection with operating a business. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a person under 18, we will delete it.
16. Third-Party Services and Pricing Dependencies
The Platform integrates with and depends on independent third-party services — including Stripe, Plaid, and QuickBooks (Intuit) — that are governed by their own privacy policies and terms. We are not responsible for the practices of those services, and a third party's change, suspension, or discontinuation of its service may affect corresponding functionality within the Platform. Any pricing figures or comparisons we present (including on our website) also depend on third-party pricing set by those companies, which may change at any time; see our Terms of Service for details.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date above and, where appropriate, provide additional notice (such as by email or a notice within the Platform). Your continued use of the Service after the changes take effect constitutes your acceptance of the revised policy.
18. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Slate Platform LLC
Privacy and data inquiries: privacy@slatedash.io
General support: support@slatedash.io
Website: slatedash.io
