Privacy policy

Last updated: 12 June 2026

Badger (badgerpay.co.uk) helps freelancers and small studios chase late invoices. This policy explains what data we hold, why we hold it, and the rights you have over it. We keep it short because we collect very little.

Who we are

Badger is operated from the United Kingdom. For anything related to your data, contact hello@badgerpay.co.uk. Badger is the data controller for your account information.

What we collect

• Account details - your name, email address, optional business name, and a password. Passwords are stored hashed (scrypt with a per-user salt); we cannot read them.
• Invoice data you add - client names, client email addresses, invoice references, amounts, due dates, and the reminder emails you schedule and send.
• Send records - a log of each reminder sent through Badger (when, to whom, and whether it was opened), so your dashboard and timelines work.
• Technical basics - standard server logs (IP address, request time) kept briefly for security and debugging.

We do not collect anything else. There is no advertising tracking, no analytics profile, and we never sell or rent data to anyone.

Your clients' data

The names and email addresses of the people you invoice belong to your business relationship, not ours. You are the controller of that data; Badger processes it only on your instructions, to send the reminders you set up. You are responsible for making sure you have a lawful basis to contact the people you add - in practice, chasing payment of a genuine invoice you issued is a textbook legitimate interest.

How we use your data

• To run the service: store your invoices, send your scheduled reminders, and show you what happened.
• To send you service emails about your own account (for example, a nudge awaiting your approval).
• To keep the service secure and diagnose problems.

Our lawful bases under UK GDPR are performance of a contract (providing the service you signed up for) and legitimate interests (keeping the service secure).

Who we share it with

Only the service providers needed to run Badger, acting on our instructions:

• Hosting - our application and database run on Railway's cloud infrastructure.
• Email delivery - when reminder emails go live, they are delivered through a transactional email provider.
• Payments - subscriptions are handled by Stripe. Your card details go directly to Stripe and never touch our servers.

We never share your data with anyone else unless the law requires it.

How long we keep it

For as long as you have an account. Deleting your account removes your profile, invoices, send history, and sessions from our systems. Routine server logs are kept only briefly.

Security

All traffic is encrypted over HTTPS. Passwords are hashed, sessions are scoped to your account only, and account deletion requires your password.

Cookies

Badger sets exactly one cookie: an essential session cookie that keeps you logged in. It is not used for tracking, advertising, or analytics, and no third-party cookies are set. Because it is strictly necessary to provide the service, no consent banner is required.

Your rights

Under UK GDPR you can ask us to access, correct, delete, or export the personal data we hold about you, and you can object to or restrict our processing of it. Most of this you can do yourself from your account settings, including full deletion. For anything else, email hello@badgerpay.co.uk and we will respond within a month.

If you are unhappy with how we handle your data, you can complain to the Information Commissioner's Office at ico.org.uk.

Changes

If this policy changes in a way that matters, we will tell you by email or in the app before the change takes effect.