Skip to content
Invoice Master Logo

Privacy Policy

Last updated: October 20, 2025

1. Introduction

This Privacy Policy explains what we collect and why. It applies to the invoicemaster.org website and the Invoice Master app. We follow GDPR and other applicable laws.

2. Data we collect

  • Account data — name, email, password hash, company details, billing info.
  • Workspace content — invoices, quotes, contacts, items, and files you upload.
  • Support data — messages you send to our support channels (e.g., chat or email).
  • Technical data — IP address, device, browser, and basic event logs.

3. Why we use your data

  • Provide and secure the service (contract).
  • Billing, taxes, and account notices (contract and legal duty).
  • Fraud prevention and service integrity (legitimate interests).
  • Product analytics and experience improvements in the app (consent where required).
  • Support and troubleshooting (contract and legitimate interests).

4. Service providers

We use trusted providers to run the service:

  • Supabase (EU) — database, storage, authentication.
  • Stripe (EU/US) — payments.
  • SendGrid / Twilio (US) — transactional email.

We also use tools in the app for analytics and support: Google Analytics, Hotjar, Crisp chat, and ipapi.co for currency and region detection. These tools are documented here but are not part of our DPA with customers.

5. Cookies and consent

We show a consent banner in the app. We only run Google Analytics and Hotjar after you accept.

  • Essential — login, security, and load balancing.
  • Analytics (consent) — Google Analytics, Hotjar.
  • Support — Crisp chat may set cookies when you open chat.

6. Sharing

We do not sell personal data. We share data with our providers listed above only to deliver the service.

7. Security

We use TLS encryption in transit and role‑based access control for admin access. We monitor for abuse. Never share your password or 2FA codes with anyone.

8. Retention and deletion

  • We keep account data while your account is active.
  • Cancellation does not delete data. You can export at any time.
  • When you delete the account, we erase active data immediately after you confirm the export step. We do not keep backups after deletion.

9. Your rights

  • Access, correction, deletion.
  • Data export.
  • Withdraw consent for analytics at any time in the banner or by contacting support.
  • Complain to your local data protection authority.

10. International transfers

Some providers are outside the EEA. Where needed we rely on Standard Contractual Clauses approved by the European Commission (e.g., SendGrid in the US).

11. Contact and updates

Questions: support@invoicemaster.org. We update this page as needed and change the date above.