GDPR compliance
Invofyx is built by an EU-incorporated company (Ireland) and runs primarily on EU-resident infrastructure. We take GDPR seriously — not as a legal checkbox but as the baseline for how we treat customer data.
Data Processing Agreement
Customers on Pro and Studio plans can request a signed DPA at dpa@invofyx.com. Our standard DPA incorporates EU Standard Contractual Clauses (SCCs) for any transfers outside the EEA.
Data residency
By default, data for Pro and Studio plans is stored in the EU (Frankfurt primary, Paris failover). Free plan data may reside in the US — request EU migration any time at privacy@invofyx.com.
Sub-processor transparency
Our full sub-processor list, with jurisdictions and purposes, is maintained at /legal/privacy. We notify customers 30 days before adding or changing sub-processors; customers may object within that window.
Breach notification
In the unlikely event of a data breach affecting customer data, we notify affected customers and supervisory authorities within 72 hours, per GDPR Article 33.
Exercising your rights
Right of access, rectification, erasure, data portability, restriction of processing, and objection to processing are all available. Email privacy@invofyx.com; we verify your identity and respond within 30 days.
EU representative
Our EU representative under Article 27 GDPR is our own Irish entity: Invofyx Ltd., 12 Fitzwilliam Place, Dublin 2, Ireland. Contact: privacy@invofyx.com.