Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, company name, password
• Payment Information: Billing details processed through Stripe (we do not store credit card information)
• Invoice Data: Vendor information, invoice details, line items, amounts, dates
• Documents: Invoice files (PDF, PNG, JPG) uploaded or forwarded via email

1.2 Information Automatically Collected

• Usage Data: Pages visited, features used, time spent on the Service
• Device Information: IP address, browser type, operating system
• Cookies: Authentication cookies, session data, preferences
• Log Data: Access times, error logs, API requests

1.3 Information from Third Parties

• QuickBooks: Company information, vendor data, chart of accounts
• Google Document AI: Extracted invoice data and confidence scores
• Email Service: Invoice emails forwarded to your unique email address

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Process invoices, extract data, sync to QuickBooks
• Invoice Automation: Automatically extract and process invoice data using AI
• AP Automation: Streamline accounts payable workflows
• QuickBooks Integration: Sync approved invoices to QuickBooks Online
• Account Management: Create and maintain your account
• Billing: Process subscription payments and manage usage limits
• Communication: Send service updates, security alerts, and support messages
• Improvement: Analyze usage to improve features and performance
• Security: Detect and prevent fraud, abuse, and security incidents
• Legal Compliance: Comply with legal obligations and enforce our terms

3. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

3.1 Service Providers

• Supabase: Database and authentication services
• Google Cloud: Document AI for invoice data extraction
• Stripe: Payment processing
• QuickBooks (Intuit): Invoice synchronization
• Mailgun: Email forwarding and processing
• Hosting Provider: Application hosting and delivery

3.2 Business Transfers

If Invoice Email is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

3.4 With Your Consent

We may share your information with other parties when you explicitly consent to such sharing.

4. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest
• Access Controls: Role-based access and authentication required
• Row-Level Security: Database policies ensure users can only access their own data
• Secure Storage: Files stored in access-controlled cloud storage
• Regular Backups: Automated daily backups with point-in-time recovery
• Monitoring: Continuous security monitoring and logging
• Vendor Security: All third-party services are SOC 2 Type II certified or equivalent

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

• Account Data: Retained while your account is active
• Invoice Data: Retained while your account is active or as required by law
• Payment Records: Retained for 7 years for tax and accounting purposes
• Log Data: Retained for 90 days for security and debugging

When you delete your account, we will delete your data within 30 days, except where we are required by law to retain it longer.

6. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information
• Export: Export your invoice data in CSV or JSON format
• Opt-Out: Unsubscribe from marketing emails (service emails cannot be disabled)
• Data Portability: Receive your data in a machine-readable format

To exercise these rights, contact us at support@invoiceemail.com.

7. Cookies and Tracking

We use cookies and similar tracking technologies to:

• Essential Cookies: Required for authentication and security
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Understand how you use the Service (if enabled)

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

8. Third-Party Links

The Service may contain links to third-party websites (QuickBooks, Stripe, etc.). We are not responsible for the privacy practices of these websites. We encourage you to review their privacy policies.

9. Children's Privacy

Invoice Email is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction. By using the Service, you consent to such transfers.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know whether personal information is sold or shared
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to deletion
• Right to non-discrimination for exercising your rights

12. GDPR Rights (European Users)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email notification (for material changes)

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: support@invoiceemail.com
Website: https://invoiceemail.com
Data Protection Officer: privacy@invoiceemail.com