📖 Contents
1. What we collect
We only collect what we need to run the service.
Account information
- Email address (required for login)
- Password (encrypted — we never see it in plain text)
- Business name, address, phone, tax ID (optional, used on your invoices)
- Logo image (optional, displayed on your invoices)
Invoice data
- Customers you add (names, emails, addresses)
- Invoices, quotes, and credit notes you create
- Payment records you log
Technical data
- IP address (for security and fraud prevention)
- Browser type and device info
- Pages visited within the app (basic analytics)
💡 Free Invoice Generator & CV Maker: These tools work entirely in your browser. The data you enter is never sent to or stored on our servers. The PDF is generated locally on your device.
2. How we use your data
We use your data only to:
- Provide the invoicing service (create, send, and track your invoices)
- Send transactional emails (password resets, payment receipts, invoice notifications)
- Process payments through Stripe (subscription billing only)
- Improve the product (aggregate usage analytics)
- Prevent fraud and abuse
- Comply with legal obligations
We will never sell your data. We don't run ads. We don't share your data with marketing companies.
3. Who we share data with
We share data only with service providers we need to run the service:
- Hostinger — server hosting (servers in Europe)
- Stripe — payment processing (subscription billing only)
- Email service provider — transactional email delivery
All providers are contractually bound to protect your data and use it only for the services they provide to us.
4. Payments & Stripe
When you upgrade to a paid plan, payment is processed by Stripe, a PCI-DSS Level 1 certified payment processor. We never see or store your full card number — Stripe handles all card data directly.
What we receive from Stripe: a customer ID, the last 4 digits of your card, expiry date, and card brand (for displaying in your billing settings).
For your invoice payments (when your clients pay invoices through Stripe), payment goes directly to your own Stripe account. We never touch your money.
5. Cookies
We use the minimum cookies required to operate the service:
- Authentication cookies — to keep you logged in
- Session cookies — to remember your preferences during a visit
- CSRF tokens — security against form attacks
We do not use third-party tracking cookies, ad cookies, or cross-site analytics.
6. Security
We take security seriously:
- All data is transmitted over HTTPS (TLS encryption)
- Passwords are hashed with bcrypt (one-way encryption)
- Database backups are encrypted at rest
- Access to production data is limited and logged
If we ever suffer a data breach affecting your data, we'll notify you within 72 hours as required by GDPR.
7. Data retention
We keep your data only as long as needed:
- Active accounts: data is retained as long as your account is active
- Cancelled accounts: data is retained for 30 days, then permanently deleted
- Invoice data: if required by law (e.g. tax records), we keep anonymized records for the legally required period
- Backups: deleted from rolling backups within 90 days
8. Your rights (GDPR & CCPA)
If you're in the EU/UK (GDPR) or California (CCPA), you have the right to:
- Access — request a copy of all data we hold about you
- Correct — fix inaccurate data (most fields are editable in your account settings)
- Delete — request full deletion of your account and data
- Export — download your data in JSON/CSV format (built into the app)
- Restrict — limit how we process your data
- Object — object to specific processing
- Withdraw consent — at any time, for any consent-based processing
To exercise any of these rights, email support@invoicely.live. We'll respond within 30 days.
9. Contact us
Questions about this privacy policy or your data? Email us at support@invoicely.live.
This policy may be updated from time to time. We'll notify you of significant changes by email.
See also: Terms of Service