Privacy Policy

InvoiceFlow ("we", "us", "our") is an AI-powered invoice conversion service that transforms PDF and image invoices into structured Excel and CSV files. This Privacy Policy explains how we collect, use, store, and protect information about you when you use our service.

Account information: When you sign in with Google, we receive your name, email address, and profile photo from Google's OAuth service. We store this to identify your account.

Uploaded files: Invoice files (PDFs and images) you upload are stored in Google Cloud Storage and sent to our AI processing service for data extraction. Files are associated with your account.

Conversion results: Structured data extracted from your invoices and the resulting Excel/CSV files are stored in Google Cloud Storage.

Payment information: Subscription billing is handled entirely by DodoPayments. We never see, store, or have access to your credit card or payment details. DodoPayments may share a customer ID with us for account management.

Usage and technical data: We receive standard server logs including IP addresses, browser type, request timestamps, and error information. This data is used to maintain security and diagnose problems.

• To provide the service: authenticate your account, process your invoice files, and deliver conversion results.
• To operate billing: manage your subscription status via DodoPayments webhooks.
• To enforce limits: track your monthly page usage against your plan quota.
• To maintain security: detect abuse, investigate incidents, and protect other users.
• To communicate with you: send transactional emails about your account or subscription (no marketing without explicit consent).

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.

To provide the service, we work with the following sub-processors:

• Google Cloud Platform — cloud infrastructure, file storage (Google Cloud Storage), database (Firestore), and compute (Cloud Run). Data is processed within Google's infrastructure. See Google Cloud Privacy.
• AI processing service — your invoice files are sent to our AI provider for data extraction. Files are transmitted over encrypted connections and are deleted from the AI provider's storage immediately after processing.
• DodoPayments — payment processing and subscription management. Your payment card details are held exclusively by DodoPayments. See DodoPayments Privacy.

Each processor handles your data in accordance with their own privacy policies and applicable data protection laws.

• Account data (name, email): retained until you request account deletion.
• Uploaded invoice files and conversion results: retained in Google Cloud Storage until you delete them through the dashboard or request account deletion.
• AI processing: files are sent to our AI provider only during active processing and deleted immediately after extraction is complete. We do not retain files within the AI provider's service.
• Server logs: retained for up to 90 days for security and debugging purposes.

Regardless of where you live, you have the following rights with respect to your personal data. EU/EEA residents have additional rights under the GDPR; California residents have additional rights under the CCPA.

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate data.
• Deletion: request deletion of your account and all associated data. We will process deletion requests within 30 days.
• Portability: request an export of your data in a machine-readable format.
• Objection / Restriction: object to or request restriction of certain processing activities.

To exercise any of these rights, email us at contact@invoiceflow.io with "Data Request" in the subject line. We may ask you to verify your identity before processing the request.

You may also lodge a complaint with your local data protection authority if you believe we have not handled your data lawfully.

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit using TLS (HTTPS).
• Files stored in Google Cloud Storage are encrypted at rest using AES-256.
• Access to production systems is restricted to authorised personnel only.
• Authentication tokens are short-lived and stored securely.

However, no security system is impenetrable. If a data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable law.

We operate on third-party cloud infrastructure (Google Cloud Platform) and use third-party AI services. While we take all reasonable precautions, we cannot guarantee uninterrupted service or permanent data preservation.

If your data becomes inaccessible or is lost due to technical failures, infrastructure outages, accidental deletion, or third-party service disruptions beyond our reasonable control, InvoiceFlow's total liability to you shall not exceed the subscription fees you paid to us in the three (3) months immediately preceding the incident.

We strongly recommend maintaining your own copies of original invoice documents. Conversion results (Excel/CSV files) should be downloaded and stored locally; do not rely on InvoiceFlow as your sole archive.

InvoiceFlow does not use tracking cookies or third-party analytics services. Authentication state is maintained via a secure JWT token stored in your browser's local storage. We do not use cookies for advertising or cross-site tracking.

InvoiceFlow is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with their information, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 30 days before they take effect. The updated policy will be posted on this page with a revised effective date.

Your continued use of the service after a change takes effect constitutes acceptance of the updated policy.

For any privacy-related questions, data requests, or concerns, please contact us at: contact@invoiceflow.io