Invoice Master Logo
BlogPricingLog inSign up

Privacy Policy

Last updated: 5 May 2025

1. Introduction

Invoice Master ("we", "us", "our") respects your privacy. This Privacy Policy explains what personal data we collect, why we collect it and how we process it in accordance with the EU General Data Protection Regulation (GDPR).

2. Data We Collect

We collect and process:

  • Account data — name, email, password hash, phone, billing address.
  • Organisation & customer data — names, addresses, invoice details you enter.
  • Usage data — log files, IP address, browser type, device information, page interactions.
  • Cookies & tracking — first‑party cookies for login state; Hotjar cookies for anonymised usage analytics.

3. Purposes and Legal Bases

We use your data to:

  • Provide and secure the Service (Art. 6(1)(b) GDPR).
  • Send service emails and account notices (Art. 6(1)(b)).
  • Improve the Service through analytics (Art. 6(1)(f)).
  • Detect fraud and abuse (Art. 6(1)(f)).
  • Comply with legal obligations, e.g. tax law (Art. 6(1)(c)).

4. Sub‑processors

We use the following data processors:

  • Supabase Inc. (EU) — database, file storage, backups.
  • Stripe Payments Europe Ltd. (EU) — payment processing.
  • Hotjar Ltd. (EU/EEA) — usage analytics.
  • SendGrid / Twilio Inc. (US) — transactional email (SCCs).

All sub‑processors are bound by contractual data‑processing agreements and appropriate safeguards.

5. Security Measures

The Service uses TLS 1.2+ encryption in transit and AES‑256 encryption at rest. Access is protected by role‑based permissions and MFA for admin accounts. Supabase provides daily encrypted backups kept for seven (7) days.

6. Data Retention

We keep your account data while your account is active. If you delete your account the live records are removed immediately and persist only in encrypted backups for up to seven days. Invoice Master is not an archival service; please export any records you must keep before deletion.

7. Your Rights

You may at any time:

  • Access your personal data.
  • Correct inaccurate data.
  • Delete your account and data.
  • Export a machine‑readable copy.
  • Object to processing for analytics or marketing.

To exercise these rights email us at [email protected].

8. International Transfers

Personal data is stored in the EEA. Email metadata processed by SendGrid may be transferred to the US under Standard Contractual Clauses approved by the European Commission.

9. Cookies and Tracking

We use essential cookies for log‑in functionality. Hotjar sets analytics cookies; you can opt out via your browser settings or the cookie banner.

10. Contact

Questions about privacy? Email [email protected].