invoicly

Privacy Policy

Last updated: January 30, 2025

1. Introduction

Invoicly ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoice management platform ("Service"). Please read this policy carefully to understand our practices regarding your personal data.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, and profile picture when you create an account
  • Invoice Data: Invoices, receipts, and financial documents you upload to the Service
  • Communication Data: Messages and files sent through integrated messaging platforms (Telegram, WhatsApp)
  • Payment Information: Billing details when you subscribe to paid features (processed by our payment provider)

2.2 Information Collected Automatically

  • Usage Data: Information about how you interact with the Service, including pages visited, features used, and actions taken
  • Device Information: Browser type, operating system, device identifiers, and IP address
  • Cookies: Small data files stored on your device to enhance your experience and analyze usage patterns

2.3 Information from Third Parties

  • OAuth Providers: When you sign in with Google or Microsoft, we receive your name, email, and profile picture
  • Email Services: If you connect your email account, we access emails containing invoice attachments
  • Messaging Platforms: Messages and files sent to our Telegram bot

3. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve the Service
  • Process and extract data from your invoices using AI technology
  • Authenticate your identity and manage your account
  • Send you transactional emails and important service updates
  • Respond to your inquiries and provide customer support
  • Analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

4. AI Processing and Data Analysis

Our Service uses artificial intelligence to process and extract information from your documents. This includes:

  • OCR Processing: Converting images and scanned documents to text
  • AI Extraction: Using machine learning to identify and extract invoice data (vendor, amounts, dates, line items)
  • Document Classification: Automatically categorizing documents as invoices, receipts, or other types

AI processing is performed using third-party services (OpenAI). Your document content may be sent to these services for processing. We do not use your data to train AI models.

5. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: Data is encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Secure Storage: Documents are stored on secure cloud infrastructure (Cloudflare R2)
  • Access Controls: Strict access controls and authentication mechanisms
  • Token Encryption: OAuth tokens and sensitive credentials are encrypted before storage
  • Regular Audits: Periodic security assessments and vulnerability testing

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

  • Service Providers: Third-party vendors who assist in providing the Service (cloud hosting, AI processing, email delivery)
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Legal Requirements: When required by law or to respond to legal process
  • Protection of Rights: To protect our rights, privacy, safety, or property
  • With Your Consent: When you explicitly authorize sharing (e.g., sharing invoices with your accountant)

7. Third-Party Services

Our Service integrates with the following third-party services:

  • Google: OAuth authentication and Gmail integration
  • Microsoft: OAuth authentication and Outlook integration
  • Telegram: Messaging bot integration for invoice uploads
  • OpenAI: AI-powered document processing and extraction
  • Cloudflare: Content delivery and file storage
  • Neon: Database hosting
  • Vercel: Application hosting

Each of these services has its own privacy policy governing their use of your data.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the Service. You may request deletion of your data at any time. After account deletion, we may retain certain data for a limited period to comply with legal obligations, resolve disputes, and enforce our agreements. Backup copies may persist for up to 90 days before being permanently deleted.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Portability: Request a copy of your data in a machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at privacy@invoicly.app.

10. GDPR Compliance (EEA Users)

If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Contract: Processing necessary to perform our contract with you
  • Legitimate Interests: Processing for our legitimate business interests
  • Consent: Processing based on your explicit consent
  • Legal Obligation: Processing required by law

You have the right to lodge a complaint with your local data protection authority.

11. Cookies and Tracking

We use cookies and similar tracking technologies to:

  • Essential Cookies: Required for the Service to function (authentication, security)
  • Analytics Cookies: Help us understand how users interact with the Service
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service.

12. Children's Privacy

The Service is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately, and we will take steps to delete such information.

13. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically for any changes.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: balint@invoicly.app

Terms of ServiceBack to Home