Privacy Policy

1. Data we collect

We collect the following categories of information:

• Account information: name, email address, and company details provided during registration.
• Document data: information you enter when creating invoices, quotes, receipts, and other documents (client names, addresses, line items, amounts).
• Usage data: pages visited, features used, browser type, device information, IP address, and referring URLs.
• Cookies and similar technologies: small data files stored on your device to enable core functionality and improve your experience.

2. How we use your data

• To provide and maintain our invoicing services.
• To generate and deliver documents you create on the platform.
• To send transactional emails (account confirmation, password reset, document delivery).
• To improve the Site's performance, features, and user experience.
• To detect and prevent fraud, abuse, or security incidents.
• To comply with legal obligations and respond to lawful requests.

3. Legal basis for processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases: (a) performance of a contract when providing our services, (b) your consent for optional cookies and marketing communications, (c) our legitimate interest in improving our services and preventing fraud, and (d) compliance with legal obligations. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

4. Cookies

We use the following types of cookies:

• Essential cookies: required for the Site to function (session management, security). These cannot be disabled.
• Analytics cookies: help us understand how visitors use the Site so we can improve it. These are only set with your consent.
• Preference cookies: remember your settings such as language and currency preferences.

You can manage your cookie preferences at any time through the cookie banner displayed on the Site or through your browser settings.

5. Data sharing and third parties

We do not sell your personal data. We may share data with trusted third-party service providers who assist in operating the Site, including hosting (Vercel), email delivery, and analytics. These providers are contractually bound to process data only on our behalf and in accordance with this policy. We may also disclose data when required by law or to protect our rights, safety, or property.

6. International data transfers

Your data may be transferred to and processed in countries outside your own, including the United States. When transferring data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or reliance on the recipient's participation in recognized data protection frameworks.

7. Data retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by law. Account data is retained while your account is active and for a reasonable period afterward to comply with legal obligations. You may request deletion of your account and associated data at any time.

8. Your rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your personal data ("right to be forgotten").
• Restriction: request that we limit the processing of your data in certain circumstances.
• Portability: receive your data in a structured, commonly used, machine-readable format.
• Objection: object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw consent: where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at contact@invoiceproforma.com. We will respond within 30 days. If you are in the EEA and believe your rights have been violated, you have the right to lodge a complaint with your local data protection authority.

9. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS/SSL), access controls, and regular security reviews. While we strive to protect your data, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Children's privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will promptly delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make significant changes, we will notify you by posting the updated policy on the Site with a revised "Last updated" date. We encourage you to review this page periodically.