Privacy Policy
Last updated: March 1, 2025
1. Information We Collect
We collect information you provide directly: account registration details (name, email, password), invoice files you upload, and workspace settings. We also collect usage data automatically: IP addresses, browser type, pages visited, and actions taken within the application. Invoice files are processed by our AI parsing system and the extracted structured data is stored in your workspace.
2. How We Use Your Information
We use your information to: provide and improve our invoice parsing service, authenticate your account and maintain session security, send transactional emails (verification, password reset, billing receipts), and respond to support requests. We do not sell your personal data or your invoice data to third parties.
3. Invoice Data
Invoice files you upload are processed by AI models to extract structured data. Uploaded files are stored in encrypted object storage. Extracted structured data is stored in your workspace. You can delete invoices at any time from the dashboard. Data retention periods depend on your plan (30 days for Free, 90 days for Starter, 365 days for Pro, indefinite for Enterprise).
4. Data Sharing
We share data with: AI providers (Anthropic, OpenAI) solely for invoice parsing — your data is not used to train their models under our enterprise agreements; cloud infrastructure providers (MongoDB Atlas, AWS S3, Cloudflare) that store and serve your data under data processing agreements; and billing processor (Freemius) for payment processing. We do not share your data with any other third parties without your explicit consent.
5. Security
We implement industry-standard security measures: HTTPS/TLS in transit, AES-256 encryption at rest for file storage, bcrypt password hashing, JWT-based session management with server-side revocation, and SHA-256 hashed API keys (raw keys are shown once and never stored). We conduct periodic security reviews.
6. Cookies
We use a single session cookie (invoicesparser_session) to maintain your login state. This cookie is HTTP-only, Secure, and SameSite=Lax. We do not use advertising or tracking cookies. We do not use third-party analytics trackers.
7. Your Rights
You have the right to: access the data we hold about you, correct inaccurate data, request deletion of your account and data, export your invoice data (via the Export feature), and withdraw consent at any time. To exercise these rights, email privacy@invoicesparser.com.
8. Data Retention
We retain your data for as long as your account is active and for the period required by your plan. After account deletion, we delete personal data within 30 days and invoice files within 7 days. Billing records are retained as required by law (typically 7 years).
9. International Transfers
Our services are hosted in the European Union (Hetzner, NBG1 data center). AI processing may involve data transfer to the United States (Anthropic, OpenAI). These transfers are made under standard contractual clauses in compliance with GDPR.
10. Contact
For privacy inquiries: privacy@invoicesparser.com. For data deletion requests: include your email address and workspace ID. We will respond within 30 days.