InvoiceAuto ("we", "us", or "our") operates the website https://invoiceauto.net (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
1. Information We Collect
We collect the following types of information:
- Account information: Name, email address, and profile photo when you register directly or sign in using a third-party provider (such as Google)
- Business information: Company name, address, logo, and bank details you provide for invoice generation
- Invoice data: Invoices, clients, products/services, and billing records you create within the Service
- Database integration data: If you connect an external database, we store encrypted connection credentials and execute queries you define to generate invoices
- Usage data: How you interact with the Service (page views, feature usage)
- Technical data: IP address, browser type, device information, and cookies
2. Information from Third-Party Sign-In
When you choose to sign in using Google or another third-party authentication provider, we receive limited profile information from that provider, which may include:
- Your name and email address
- Your profile photo
We use this information solely to create and manage your InvoiceAuto account. We do not request access to your Google Drive, Gmail, contacts, or any other Google services beyond basic authentication. We do not post to any social accounts on your behalf.
3. How We Use Your Information
We use collected information to:
- Provide, operate, and maintain the Service
- Authenticate your identity and manage your account
- Generate and send invoices on your behalf to your clients
- Process subscription payments and manage billing
- Improve and develop new features
- Send service-related notifications and updates
- Respond to support requests
- Comply with legal obligations
4. Data Storage and Security
Your data is stored on secure servers provided by Supabase (PostgreSQL). We implement industry-standard security measures including:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Database credentials and integration passwords encrypted using AES-256-GCM before storage
- Row-Level Security (RLS) ensuring each user can only access their own data
- Authentication sessions managed via secure, httpOnly cookies
5. Data Sharing
We do not sell, rent, or trade your personal information. We may share data with:
- Service providers: Infrastructure hosting (Railway, Supabase), payment processing (Paystack), and email delivery providers who process data on our behalf under strict confidentiality agreements
- Legal requirements: When required by law, court order, or governmental authority
Your invoice recipients (clients) receive only the invoice content you choose to send them.
6. Your Rights
You have the right to:
- Access: Request a copy of your personal data
- Correction: Update inaccurate information in your account settings
- Deletion: Request deletion of your account and all associated data
- Portability: Export your invoice and client data at any time
- Objection: Object to certain processing of your data
- Revoke third-party access: You can revoke InvoiceAuto's access from your Google account at any time via Google Account Permissions
To exercise these rights, contact us at [email protected].
7. Cookies
We use essential cookies for:
- Authentication and session management
- Remembering your active workspace preference
We do not use advertising, tracking, or third-party analytics cookies.
8. Data Retention
We retain your data for as long as your account is active. Upon account deletion, your personal information and invoice data are permanently deleted within 30 days, except where retention is required by law (e.g., financial record-keeping obligations).
9. Children's Privacy
The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly.
10. International Transfers
Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for any international data transfers in compliance with applicable data protection laws.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or a prominent notice in the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact
For privacy-related questions or requests, contact us at: