Privacy Policy

1. Introduction

InvoiceKit ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoice generation and management service.

By using InvoiceKit, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using our Service:

• Account Information: Name, email address, password
• Business Profile: Business name, address, phone number, logo, tax ID, bank details
• Invoice Data: Client names, addresses, email addresses, invoice items, amounts, dates
• Payment Information: Processed securely through Stripe (we do not store credit card numbers)

2.2 Automatically Collected Information

When you access our Service, we automatically collect certain information:

• Log Data: IP address, browser type, operating system, pages visited, time spent
• Device Information: Device type, unique device identifiers
• Cookies: Session data, preferences, authentication tokens

3. How We Use Your Information

We use the collected information for the following purposes:

• Provide Services: Create, store, and manage your invoices and business data
• Account Management: Create and maintain your account, authenticate users
• Payment Processing: Process subscription payments and manage billing
• Communication: Send service updates, support responses, and important notices
• Improve Service: Analyze usage patterns to enhance features and user experience
• Security: Detect and prevent fraud, abuse, and security incidents
• Legal Compliance: Comply with legal obligations and enforce our Terms of Service

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who assist in operating our Service:

• Clerk: Authentication and user management
• Stripe: Payment processing
• Neon: Database hosting and management
• Vercel: Application hosting and deployment

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

4.2 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government agencies).

4.3 Business Transfers

If InvoiceKit is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to:

• Comply with legal obligations
• Resolve disputes
• Enforce our agreements
• Support business operations

When you delete your account, we will delete or anonymize your personal information within 30 days, unless we are required to retain it for legal purposes.

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data is encrypted in transit using SSL/TLS and at rest in our database
• Access Controls: Strict access controls and authentication mechanisms
• Secure Infrastructure: Hosted on secure, enterprise-grade cloud platforms
• Regular Audits: Periodic security reviews and vulnerability assessments

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate information through your account settings
• Deletion: Request deletion of your account and personal information
• Export: Download your data in a portable format
• Opt-Out: Unsubscribe from marketing communications (service emails are required)
• Object: Object to certain processing of your information

To exercise these rights, please contact us at the email address provided below or through your account settings.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your session and keep you logged in
• Remember your preferences and settings
• Analyze usage patterns and improve our Service
• Provide personalized features

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of the Service.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using InvoiceKit, you consent to the transfer of your information to these locations.

We ensure that such transfers comply with applicable data protection laws and that your information receives adequate protection.

10. Children's Privacy

InvoiceKit is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

11. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

12. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us using the information provided below.

13. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

We process your data based on the following legal grounds: consent, contract performance, legal obligations, and legitimate interests.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending you an email notification (for significant changes)

Your continued use of the Service after changes become effective constitutes your acceptance of the revised Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: