Privacy Policy & Data Protection (2026 Update)

Last Updated: January 24, 2026

1. Data We Collect and Why

To provide our professional invoice service, we collect data under the legal basis of Contractual Necessity and Consent.

• Account Information: Email address and password (hashed) to secure your account.
• Billing Data: For paid subscriptions, we use Stripe/PayPal to process payments. We do not store full credit card numbers on our servers.
• Invoice Content: Business names, tax IDs (VAT/EIN), and line items. This is stored so you can reuse templates and track your financial history.
• Usage Data: IP addresses and browser types for fraud prevention and to ensure site "speedness."

2. International Compliance (UK, US, Ireland)

We align our data handling with global standards to ensure your business remains compliant when using our tool.

• UK & Ireland (GDPR): We act as the Data Controller for your account info and a Data Processor for the invoices you create. Our servers are located in Dublin, Ireland to ensure data residency compliance.
• United States (CCPA/CPRA): We honor "Do Not Sell" requests. Even though we don't sell data, we provide a one-click data deletion tool in your dashboard.

3. Data Retention & Deletion

• Active Accounts: We store your invoices as long as your account is active.
• Inactive Accounts: Accounts with no login for 24 months are flagged for deletion.
• Immediate Deletion: If you cancel your subscription and request "Account Deletion," all associated data is purged from our production databases within 30 days.

4. Security Measures

We use AES-256 encryption at rest and TLS 1.3 in transit. This ensures that even if a data packet is intercepted, your client’s sensitive billing information remains unreadable.