Privacy Policy for InvoiceAI

Last Updated: September 1, 2025

We are committed to protecting your privacy and handling your data transparently. This privacy policy explains how we collect, use, and protect your information when you use InvoiceAI.

1. Information We Collect

Account Information

  • Name, email address, business name
  • Password (encrypted, never stored in plain text)
  • Profile preferences and settings

Financial Data

  • Client details (names, addresses, emails, phone numbers)
  • Invoice information (items, amounts, tax rates, payment terms)
  • Expense records (categories, amounts, dates, descriptions)
  • Uploaded receipts and supporting documents

Usage and Technical Data

  • App interaction data (features used, time spent)
  • Device information and browser type
  • IP address and general location (country/city level)
  • Error logs and performance metrics

2. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain our services
  • Generate invoices, reports, and AI insights
  • Process your subscription and handle billing
  • Send important service notifications
  • Improve our application and user experience
  • Provide customer support
  • Comply with legal obligations

AI Processing: Your data is processed by our AI features to provide categorization, insights, and content generation. Your data is NOT used to train AI models or shared with AI providers for training purposes.

3. Data Storage and Security

Storage Infrastructure

  • Primary Database: Google Firebase (encrypted at rest and in transit)
  • File Storage: Cloudinary for receipt images (secure cloud storage)
  • Backups: Automated daily backups with encryption
  • Geographic Location: Data stored in secure data centers (specific locations available upon request)

Security Measures

  • End-to-end encryption for sensitive financial data
  • Regular security audits and vulnerability assessments
  • Access controls and authentication protocols
  • Employee access on need-to-know basis only

4. Third-Party Services

We use these trusted service providers:

Essential Services

  • Google Firebase: Authentication, database, hosting, analytics
  • Cloudinary: Image storage and processing
  • Google Generative AI (Gemini): AI features (data not used for training)

Payment Processing (when applicable)

  • Stripe/PayPal: Payment processing (PCI DSS compliant)

Communication

  • Email Service Provider: For service notifications and support

All third parties are contractually bound to protect your data and use it only for providing services to us.

5. Data Sharing and Disclosure

We DO NOT sell your data. We may share your information only in these limited circumstances:

  • Service Providers: With trusted partners who help us operate the service
  • Legal Requirements: When required by law or to protect rights and safety
  • Business Transfer: In the event of a merger or acquisition (with notice)
  • Your Consent: When you explicitly authorize sharing

6. Your Privacy Rights

Universal Rights

  • Access: Request a copy of your data
  • Correction: Update inaccurate information
  • Deletion: Delete your account and data
  • Export: Download your data in standard formats
  • Restrict Processing: Limit how we use your data

Regional Rights

  • EU Users (GDPR): Right to data portability, right to object, automated decision-making opt-out
  • California Users (CCPA): Right to know, delete, and opt-out of sale (though we don't sell data)
  • South African Users (POPIA): Right to access, correction, and objection

7. Data Retention

  • Active Accounts: Data retained while account is active
  • Cancelled Accounts: Data deleted within 30 days unless legally required to retain
  • Backups: May remain in encrypted backups for up to 90 days
  • Legal Hold: Some data may be retained longer if required by law

8. Cookies and Tracking

Essential Cookies Only

We use minimal cookies for:

  • User authentication and sessions
  • Security and fraud prevention
  • Basic app functionality

We do NOT use:

  • Advertising cookies
  • Third-party tracking cookies
  • Analytics cookies (without consent)

9. International Transfers

Your data may be transferred to and processed in countries other than your own. We ensure adequate protection through:

  • Standard Contractual Clauses (EU)
  • Adequacy decisions where applicable
  • Additional safeguards as required by law

10. Children's Privacy

Our service is not intended for users under 16 (or 13 in some jurisdictions). We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information immediately.

11. Changes to This Policy

We may update this policy to reflect service changes or legal requirements:

  • Material Changes: 30 days' advance notice via email
  • Minor Updates: Posted here with updated date
  • Legal Requirements: Immediate updates with notification

12. Contact Us

Privacy Questions: beconnected194@gmail.com

Data Requests: Include "Data Request" in subject line

EU Representative: (If applicable, add EU representative contact)

For specific privacy rights requests, please provide:

  • Full name and email associated with account
  • Specific request type
  • Identity verification (for security)

This policy complies with GDPR, CCPA, POPIA, and other applicable privacy laws. Last reviewed: September 1, 2025