Privacy Policy

Invoice Relay ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoice management platform and related services (the "Service").

This Privacy Policy applies to our website, applications, and all related services. By using our Service, you consent to the data practices described in this policy.

2.1 Personal Information

We may collect personally identifiable information, such as:

• Name and email address
• Billing address and payment information
• Company name and business information
• Phone number (optional)
• Communication preferences

2.2 Document and Invoice Data

As part of our service, we collect and process:

• Invoice documents and attachments you upload
• Email forwards containing invoices
• Extracted data from invoices (amounts, dates, vendor information)
• Categorization and tagging information

2.3 Usage Information

We automatically collect certain information when you use our Service:

• Log data (IP address, browser type, pages visited)
• Device information (operating system, device identifiers)
• Usage patterns and feature utilization
• Performance and error data
• Cookies and similar tracking technologies

2.4 Communications

We collect information from your communications with us, including:

• Customer support inquiries
• Feedback and survey responses
• Marketing communication interactions

We use the information we collect for the following purposes:

3.1 Service Provision

• Process and organize your invoices
• Provide search and export functionality
• Generate cost analysis and reports
• Maintain and improve service performance

3.2 Account Management

• Create and manage your account
• Process payments and billing
• Provide customer support
• Send service-related notifications

3.3 Communication

• Send important service updates
• Respond to your inquiries
• Send marketing communications (with consent)
• Notify you of new features or changes

3.4 Legal and Security

• Comply with legal obligations
• Protect against fraud and abuse
• Enforce our Terms of Service
• Maintain service security

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contract: Processing necessary to perform our contract with you
• Legitimate Interest: Service improvement, security, and fraud prevention
• Consent: Marketing communications and optional features
• Legal Obligation: Compliance with applicable laws and regulations

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

5.1 Service Providers

We may share information with trusted third-party service providers who assist us in:

• Cloud hosting and data storage
• Payment processing
• Email delivery services
• Analytics and monitoring
• Customer support tools

5.2 Legal Requirements

We may disclose your information when required by law or in response to:

• Legal processes or court orders
• Government investigations
• Requests from law enforcement
• Protection of our rights and safety

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.

5.4 Consent

We may share your information with your explicit consent for specific purposes not covered in this policy.

We implement appropriate technical and organizational security measures to protect your information:

• Encryption in transit and at rest
• Regular security assessments and monitoring
• Access controls and authentication
• Employee training on data protection
• Incident response procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

• Account Data: Until account deletion or as required by law
• Invoice Documents: According to your subscription plan (up to 10 years for paid plans)
• Usage Data: Typically 24-36 months for analytics purposes
• Communication Records: 3-7 years for legal and support purposes

When data is no longer needed, we securely delete or anonymize it in accordance with our data retention schedule.

Depending on your location, you may have the following rights regarding your personal data:

8.1 GDPR Rights (EU Residents)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a structured format
• Restriction: Limit how we process your data
• Objection: Object to certain types of processing
• Withdraw Consent: Revoke consent for processing

8.2 Exercising Your Rights

To exercise these rights, please contact us at privacy@invoicerelay.com. We will respond to your request within 30 days and may require verification of your identity.

We use cookies and similar technologies to enhance your experience:

9.1 Types of Cookies

• Essential Cookies: Required for basic service functionality
• Performance Cookies: Help us understand how you use our service
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used for targeted advertising (with consent)

9.2 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our Service.

Our Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these external services. We encourage you to review their privacy policies.

10.1 Third-Party Integrations

• Payment processors (Stripe, PayPal)
• Email services (for forwarding invoices)
• Analytics services (Google Analytics)
• Cloud storage providers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Binding corporate rules
• Certification mechanisms

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Displaying prominent notices in our Service

Your continued use of our Service after any changes constitutes your acceptance of the updated Privacy Policy.

If you have any questions about this Privacy Policy or our data practices, please contact us:

14.1 Data Protection Authority

If you are in the EU and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.