Privacy Policy
Effective 2026 · applies to invoex.app and the Invoex application
1. Who we are
Invoex ("we", "us") provides invoicing software at https://invoex.app. This policy explains what we collect and how we protect it.
2. What we collect
- Account data: your name, email address and a password hash (we never store your password itself).
- Business data you enter: company profile, clients, catalog items, documents, expenses and payments.
- Billing data: your plan, usage counters and payment references from Stripe or PayPal. Card and PayPal credentials are handled by the gateways and never touch our servers.
- Technical data: IP address and browser user-agent attached to sign-in sessions for security auditing.
3. How we protect it
- Personally identifiable information — client emails, phone numbers, tax IDs, addresses and bank details — is safeguarded using the latest industry-standard security measures and technologies.
- Account credentials are never stored in a readable form and are protected with modern, industry-recommended techniques.
- Sign-ups are verified with a one-time email code; sessions are httpOnly, secure cookies that we can revoke server-side.
- All traffic is served over TLS with strict security headers.
4. How we use data
To operate the service, meter plan allowances, process payments you initiate, send transactional email (verification codes, receipts) and respond to support requests. We do not sell personal data or use it for third-party advertising.
5. Cookies
We use a single strictly-necessary session cookie for sign-in. There are no third-party advertising or analytics cookies.
6. Data sharing
Payment processing is shared with Stripe and/or PayPal when you check out, transactional email is delivered through our SMTP provider, and hosting/database infrastructure runs on Railway. Each processor only receives what it needs for its function.
7. Retention & deletion
Your data is retained while your account is active. You may request export or deletion at any time via support@invoex.app; we delete personal data within 30 days except where invoicing records must be kept to meet legal obligations.
8. Your rights
Depending on your jurisdiction (including GDPR and similar laws) you may have rights to access, correct, export, restrict or delete your personal data. Contact us and we'll honour them.
9. Changes
We'll post any changes to this policy on this page with an updated effective date.
10. Contact
Questions? Email support@invoex.app or use the contact page.