Privacy Policy
This policy describes what data we collect when you use Invofyx, why we collect it, and how we protect it. We don't sell your data. We don't share it with advertisers. Where we use sub-processors (like Stripe for payments), we list them below.
Data we collect
Account data (name, email, country, VAT number if provided). Invoice data (clients, line items, amounts, currencies, dates). Payment metadata from Stripe (not card numbers — Stripe stores those). Basic usage telemetry (anonymous, aggregated) to improve the product.
Why we collect it
To operate the service (generate invoices, send emails, reconcile payments), to meet our legal obligations (tax and anti-money-laundering), and in limited cases to improve the product via anonymous telemetry. We never use invoice data for advertising.
Where it's stored
On Supabase (Postgres), hosted in EU regions for Pro and Studio plans. Free-plan data may be stored in US regions. You can request EU residency at any time — we migrate on request with zero downtime.
Sub-processors
Stripe (payments), Supabase (database + auth), Resend (transactional email), Vercel (hosting), Cloudflare (edge caching). We maintain a current sub-processor list and notify you 30 days before adding new ones.
Your rights
Access, rectification, erasure, portability, restriction, and objection — all under GDPR, UK DPA, and equivalent frameworks. Exercise them at privacy@invofyx.com. We respond within 30 days.
Retention
We retain active-account data for the life of your subscription. On cancellation, data is deleted after a 30-day grace period, except for tax-relevant records (invoices, payments) which we retain for the jurisdictional minimum (typically 7 years).
Contact
Our Data Protection contact is privacy@invofyx.com. Our EU representative (where applicable) is listed at /legal/gdpr.