Privacy Policy

Introduction

This Privacy Policy explains how InvoiceSnapp ("we," "us," or "our") collects, uses, and protects your personal information when you use our invoice generation service at https://app.invoicesnapp.com (the "Service").

Operator Information:

• Service operated by: Anton Buhryk
• Operating as: Einzelfirma (Sole Proprietorship)
• Location: Zurich, Switzerland
• Contact: support@invoicesnap.com

1. Information We Collect

1.1 Information You Provide Directly

When you use our Service, you provide us with:

• Account Information: Email address, password (stored encrypted), name
• Business Information: Company/business name, address, phone number, tax identification number (optional)
• Client Data: Names, email addresses, postal addresses, and other contact information of your clients that you choose to store in our system
• Invoice Data: Invoice details including line items, amounts, dates, payment status, and custom fields
• Uploaded Content: Business logos and any other files you upload

1.2 Information Collected Automatically

We automatically collect minimal technical information necessary for the Service to function:

• Session Data: Authentication tokens to keep you logged in
• Technical Data: Browser type, device type, IP address (temporarily for security purposes only)
• Usage Data: Actions taken within the Service (creating invoices, marking as paid, etc.) stored for functionality purposes only

1.3 Information We DO NOT Collect

• We do not use cookies for tracking or analytics
• We do not use third-party analytics tools (no Google Analytics, etc.)
• We do not track your behavior across other websites
• We do not collect payment card information (handled exclusively by Stripe)

2. How We Use Your Information

We use your information solely to provide and improve the Service:

• Service Delivery: To create your account, generate invoices, store your data, and provide core functionality
• Communication: To send essential service-related emails (account verification, password resets, critical service updates)
• Security: To protect your account from unauthorized access and prevent fraud
• Legal Compliance: To comply with applicable laws and regulations

We do NOT:

• Send you marketing or promotional emails
• Sell, rent, or share your data with third parties for their marketing purposes
• Use your data for advertising or profiling
• Track you across the internet

3. Data Storage and Security

3.1 Where Your Data is Stored

• Primary Storage: Your data is stored on secure servers operated by Hetzner Online GmbH (Germany)
• Geographic Location: EU/EEA (Germany)
• Uploaded Files: Logos and generated PDFs are stored on Hetzner servers with encryption

3.2 Security Measures

We implement industry-standard security measures:

• All data transmission uses HTTPS/TLS encryption
• Passwords are hashed using bcrypt (not stored in plain text)
• Regular security updates and patches
• Access controls and authentication mechanisms
• Automated backups (encrypted and stored securely)

3.3 Data Retention

• Active Accounts: We retain your data for as long as your account is active
• Deleted Accounts: When you delete your account, your data is retained for 30 days (grace period for recovery), then permanently deleted
• Deleted Invoices: Soft-deleted invoices are permanently removed after 30 days
• Backups: Backup copies are automatically purged within 30 days of data deletion

4. Third-Party Services

We use the following third-party services that may process your data:

4.1 Stripe (Payment Processing)

• Purpose: Processing subscription payments
• Data Shared: Email address, subscription plan information
• Payment Data: Credit card information is collected and stored exclusively by Stripe (we never see or store your payment card details)
• Privacy Policy: https://stripe.com/privacy
• Note: Stripe is PCI-DSS compliant and certified for secure payment processing

4.2 Resend (Email Delivery)

• Purpose: Sending transactional emails (account verification, password resets, critical service notifications)
• Data Shared: Email address, name (for personalization)
• Privacy Policy: https://resend.com/legal/privacy-policy

4.3 Hetzner (Infrastructure Hosting)

• Purpose: Server hosting and data storage
• Data Shared: All data stored within the Service
• Location: Germany (EU/EEA)
• Privacy Policy: https://www.hetzner.com/legal/privacy-policy

5. Your Data Rights (GDPR Compliance)

If you are located in the European Union, European Economic Area, or Switzerland, you have the following rights under GDPR and Swiss data protection law:

5.1 Right to Access

You can access all your personal data within the Service by logging into your account. If you need a copy of your data in a portable format, contact us at support@invoicesnap.com (processing fee of CHF 50 may apply for manual extraction).

5.2 Right to Rectification

You can update or correct your personal information directly within your account settings at any time.

5.3 Right to Erasure ("Right to be Forgotten")

You can delete your account at any time through your account settings. Upon deletion:

• Your data enters a 30-day grace period (for recovery in case of accidental deletion)
• After 30 days, all data is permanently and irreversibly deleted
• We cannot recover data after permanent deletion

5.4 Right to Restriction of Processing

You can request that we limit how we process your data by contacting support@invoicesnap.com.

5.5 Right to Data Portability

Upon request, we can provide your data in a machine-readable format (JSON or CSV). Contact support@invoicesnap.com. A processing fee of CHF 50 may apply for manual data extraction.

5.6 Right to Object

You can object to our processing of your data by deleting your account or contacting us.

5.7 Right to Withdraw Consent

You can withdraw consent for data processing by deleting your account at any time.

5.8 Right to Lodge a Complaint

If you believe we are not handling your data properly, you have the right to lodge a complaint with:

• Switzerland: Federal Data Protection and Information Commissioner (FDPIC) - https://www.edoeb.admin.ch
• EU: Your local data protection authority

6. Cookies and Tracking

We use only essential cookies:

• Session Cookies: Required for authentication and keeping you logged in (httpOnly, secure)
• Duration: Session cookies expire after 7 days of inactivity (or 30 days if "Remember Me" is selected)

We do NOT use:

• Analytics cookies
• Advertising cookies
• Third-party tracking cookies
• Social media cookies

Cookie Consent: Because we only use essential cookies necessary for the Service to function, no cookie banner is required under GDPR. However, by using the Service, you consent to our use of essential session cookies.

7. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If you are under 18, please do not use the Service or provide any personal information. If we discover that we have inadvertently collected data from a minor, we will delete it immediately.

8. International Data Transfers

• Primary Storage: All data is stored within the EU/EEA (Germany via Hetzner)
• Stripe: May process data in the United States under appropriate safeguards (Standard Contractual Clauses)
• Your Data: If you are outside the EU, your data may be transferred to and stored in the EU

9. Data Breaches

In the unlikely event of a data breach that affects your personal information:

• We will notify you via email within 72 hours of discovering the breach
• We will notify relevant data protection authorities as required by law
• We will provide details about the breach and steps you should take

10. Business Transfers

If InvoiceSnapp is sold, merged, or acquired by another company:

• Your data may be transferred to the new owner
• You will be notified via email at least 30 days before the transfer
• You will have the option to delete your account before the transfer
• The new owner must honor this Privacy Policy or provide you with notice and choice

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

• We will update the "Last Updated" date at the top
• We will notify you via email for material changes
• Continued use of the Service after changes constitutes acceptance
• You can review previous versions by contacting us

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data: