Legal

Privacy Policy

Last updated: March 2026

1. What We Collect

When you create an account, we collect your name and email address through Clerk, our authentication provider. When you upload royalty statements, we store the files themselves and the structured data parsed from them. We also store AI-generated summaries and anomaly flags derived from your uploads.

We do not collect payment information directly — billing is handled by Stripe via Clerk. We do not have access to your full card details.

2. How We Store It

Uploaded statement files are stored in a private Supabase Storage bucket. Parsed results and account data are stored in Supabase Postgres. All data is encrypted in transit (TLS) and at rest. Authentication and session data is managed by Clerk. Billing records are managed by Stripe via Clerk.

Access to your data is restricted to your account. We use Row Level Security (RLS) policies on our database to enforce this at the data layer.

3. AI Processing

When you upload a royalty statement, the text content of that file is sent to the Google Gemini API for parsing and analysis. This is how Roy extracts structured data and generates plain-English summaries. The raw model response is stored in our database for debugging and quality review.

We do not use your data to train third-party models. Google's use of data submitted through the Gemini API is governed by their API terms of service. Roy does not opt in to any data sharing or training programs with Google.

4. Sharing and Third Parties

We do not sell your data. The subprocessors we use to operate Roy are:

  • Supabase — database and file storage
  • Clerk — authentication and user management
  • Stripe (via Clerk) — billing and subscription management
  • Google Gemini — AI parsing of uploaded statement text

We do not share your data with any other third parties except as required by law.

5. Your Rights

You have the right to access, correct, export, or delete your data at any time. To request any of these, email us at hello@roymetrics.com. We will respond within 30 days.

If you delete your account, all associated statement files and parsed results will be permanently deleted. This action cannot be undone.

6. Contact

For privacy questions or data deletion requests, contact us at hello@roymetrics.com.