InvoiceAIInvoiceAI

Legal

Privacy Policy

Effective May 6, 2026

1. What We Collect

  • Account data — email address, name, and authentication credentials.
  • Invoice files — PDFs and images you upload for processing.
  • Extracted data — structured fields (vendor, date, amount, line items) produced by AI extraction.
  • Usage data — how many invoices you have processed, your subscription status.
  • Technical logs — server-side error logs for debugging; no personal data is retained in logs beyond 30 days.

2. How We Use It

We use your data to:

  • Provide and improve the Service
  • Process payments and manage your subscription
  • Send transactional emails (account activity, billing)
  • Respond to support requests

We do not sell your data. We do not use your invoice content to train AI models.

3. Third-Party Services

We share data with these processors only as needed to operate the Service:

  • Supabase — database and file storage (EU region).
  • Anthropic — AI extraction. Your invoice content is sent to their API for processing. Anthropic does not train on API inputs by default.
  • Polar.sh — subscription billing and payment processing for web users.
  • Google Play / RevenueCat — in-app subscription billing for Android users. Payments are processed by Google. RevenueCat manages entitlements and communicates subscription status to our servers.
  • Vercel — application hosting.

4. Data Security

All data is encrypted in transit (TLS) and at rest. Your invoices are isolated at the database level — row-level security ensures only you can access your data. We enforce strict Content Security Policy headers and validate all uploaded files by content rather than extension.

5. Data Retention

Your account data and invoices are retained as long as your account is active. When you delete your account, all associated data (invoices, extracted fields, storage files) is deleted within 24 hours. Billing records may be retained for up to 7 years as required by law.

6. Your Rights

You have the right to:

  • Access the data we hold about you
  • Export your invoice data (CSV export in the dashboard)
  • Delete your account and all associated data from Settings
  • Object to processing — contact us and we will respond within 30 days

7. Children's Privacy

InvoiceAI is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

8. Cookies

We use only necessary cookies: a session cookie for authentication. No tracking or advertising cookies are set. The mobile app does not use cookies.

9. Changes

We will notify you by email of material changes to this policy at least 14 days before they take effect.

10. Contact

Privacy questions or data requests: hello@invoiceai.app.