Voltar

Privacy Policy

Last updated: 12/02/2026

1. Introduction

EU Invoice SaaS (“we”, “our”, the “Service”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the EU General Data Protection Regulation (GDPR).

2. Data We Collect

Account data:

  • Full name
  • Email address
  • Password (encrypted)
  • Company information (optional)
  • VAT number (optional)
  • Full address

Usage data:

  • Invoices created
  • Clients added
  • Access logs
  • Configuration preferences

3. How We Use Your Data

We use your personal data to:

  • Provide and maintain the Service
  • Process transactions and payments
  • Send service-related notifications
  • Provide customer support
  • Improve and personalize the Service
  • Comply with legal obligations

4. Legal Basis for Processing

We process your personal data based on:

  • Consent: when you give explicit permission
  • Contract performance: to provide the Service as agreed
  • Legal obligation: to comply with legal requirements
  • Legitimate interest: to improve our services

5. Data Sharing

We do not sell your personal data. We may share your data only with:

  • Service providers: Supabase (infra/auth/database — Ireland/EU), Vercel (infra/hosting — Ireland/EU), Stripe and Stripe Connect (payments and onboarding)
  • Legal authorities: when required by law
  • With your consent: in other situations with your explicit permission

6. Data Security

We implement technical and organizational security measures to protect your data:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest
  • Secure authentication (hashed passwords)
  • Row Level Security (RLS) in the database
  • Role-based restricted access
  • Regular, secure backups

7. Data Retention

We keep your personal data only for as long as necessary to:

  • Provide the Service
  • Comply with legal obligations
  • Resolve disputes
  • Enforce our agreements

When you cancel your account, we delete your personal data within 30 days, except when retention is required by law.

8. Your Rights (GDPR)

You have the following rights:

  • Access: request a copy of your personal data
  • Rectification: correct inaccurate data
  • Erasure: request deletion of your data
  • Restriction: restrict processing
  • Portability: receive your data in a structured format
  • Objection: object to processing
  • Withdraw consent: at any time

To exercise your rights, contact us through the ticket system.

9. Cookies and Similar Technologies

We use essential cookies for authentication and Service functionality. We do not use tracking or advertising cookies without your explicit consent.

10. International Transfers

Your data is processed and stored primarily in the European Union (Ireland) by our infrastructure providers (Supabase and Vercel). If, in the future, we use sub-processors outside the EU for a specific feature, we will adopt appropriate safeguards in compliance with the GDPR.

11. Minors

The Service is not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If we discover we have collected data from a minor, we will delete it immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes. The last updated date is shown at the top of this page.

13. Contact

For privacy questions or to exercise your rights, contact us via the ticket system in the dashboard or via the help page. You can also review this Policy at /privacy.