Privacy Policy - InvoiceApp

1. Introduction

InvoiceApp ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoicing application.

This policy applies to information we collect through the InvoiceApp web application and any related services, sales, marketing, or events.

2. Information We Collect

Account Information

When you create an account, we collect:

Email address (required for login)
Password (hashed before storage)
Optional notes (for invoice customization)
Account creation timestamp

Business Data

To provide invoicing services, we store:

Customer information: Name, email, phone, address
Product/Service catalog: Name, description, price
Invoice data: Invoice details, line items, totals, dates
Business notes: Custom notes for invoices

Technical Information

We automatically collect:

Session data: Authentication state, user ID
Usage data: Application interactions
IP address: For security and diagnostics

3. How We Use Your Information

We use your information to:

Provide and maintain the InvoiceApp service
Process your invoices and business data
Authenticate your account and secure your data
Generate PDF invoices for customer delivery
Improve application functionality and user experience
Comply with legal obligations

Data Isolation: Each user's data is strictly isolated. You can only access your own customers, products, and invoices. We implement technical measures to prevent unauthorized access between user accounts.

4. Data Security & Encryption

Encryption in Transit

All data transmitted between your web browser and InvoiceApp is encrypted using HTTPS/TLS 1.2+ protocols. Our application is deployed behind a reverse proxy server (such as nginx or Apache) that handles SSL/TLS termination, ensuring encrypted connections between your device and our infrastructure.

Note: SSL/TLS certificates are managed at the reverse proxy level. HTTPS encryption is maintained between your browser and the proxy server.

Security Measures

HTTPS Enforcement

Automatic redirect from HTTP to HTTPS for all connections

HSTS Protection

HTTP Strict Transport Security enabled in production

Password Security

BCrypt algorithm for password hashing (never stored plaintext)

Session Protection

HttpOnly cookies prevent client-side script access

Session Timeout

30 minutes of inactivity automatically logs you out

Data Isolation

Strict separation between user accounts and data

Important Security Note: While we implement HTTPS for web traffic and secure password storage, personally identifiable information (emails, addresses, phone numbers) is stored unencrypted in our database. We rely on database access controls and network security to protect this data at rest.

5. Data Retention & Deletion

Data Retention

We retain your data for as long as your account is active or as needed to provide you with services. You can manually delete your business data (customers, products, invoices) at any time through the application interface.

Data Deletion

You have control over your business data:

Delete customers: Through the Customers management page
Delete products: Through the Products management page
Delete invoices: Through the Invoices management page

Account Limitation: Currently, users cannot delete their accounts through the application interface. To request account deletion, please contact us at www.invoiceapp.com.

Data Backup & Recovery

We maintain regular database backups for disaster recovery purposes. Backups are retained for 30 days and are protected with the same security measures as our primary database.

6. Your Rights & Choices

Access

You can access all your data through the InvoiceApp interface. All your customers, products, and invoices are available for viewing and editing.

Correction

You can update or correct any inaccurate information through the respective management pages (Customers, Products, Invoices).

Deletion

You can delete your business data at any time. Note that deleting customers with existing invoices requires deleting the invoices first.

Export

You can download invoices as PDF files for your records. For bulk data export requests, please contact us.

7. Third-Party Services & Infrastructure

Infrastructure Providers

InvoiceApp uses the following infrastructure:

MySQL Database: For data storage (local or cloud deployment)
Reverse Proxy: For HTTPS termination and load balancing
QuestPDF Library: For local PDF generation (no data sent externally)

No External Data Sharing

We do not sell, trade, or otherwise transfer your personally identifiable information to external parties. All data processing occurs within our application infrastructure.

Local Processing: PDF invoice generation happens locally on our servers using the QuestPDF library. No invoice data is sent to external PDF generation services.

8. Children's Privacy

InvoiceApp is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete such information.

9. Policy Updates

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

10. Contact Information

If you have any questions about this Privacy Policy, please contact us:

Website: www.invoiceapp.com
Application: InvoiceApp by Theo Uys
Effective Date: April 11, 2026

For data deletion requests or privacy concerns: Please use the contact information above. We will respond to legitimate requests within 30 days.