Privacy Policy

1 Who We Are

InvoicesFox is a free online invoice generator operated as a web application at invoicesfox.com. For the purposes of the General Data Protection Regulation (GDPR) and applicable data protection law, InvoicesFox is the data controller for the personal data we collect.

Contact: For any privacy-related queries, please email us at [email protected].

2 What Data We Collect

We collect the following categories of personal data:

• Account data: Name, email address, password (hashed), and company name when you register an account.
• Invoice data: Business names, addresses, tax numbers, and line-item details you enter when creating invoices.
• Usage data: IP address, browser type, pages visited, and time spent on site — collected automatically via server logs.
• Communication data: Messages you send us via the contact form or email.
• Payment data: If you subscribe to a paid plan, payment is handled by third-party processors (Stripe, PayPal). We do not store your card details.
• Cookie data: Session cookies and analytics cookies (see Section 8).

3 How We Use Your Data

We use your personal data for the following purposes:

• To provide, maintain, and improve the InvoicesFox service
• To create and manage your account
• To generate, store, and retrieve your invoices
• To process payments for premium subscriptions
• To send transactional emails (invoice confirmation, password reset, account updates)
• To respond to support requests and enquiries
• To analyse usage patterns and improve user experience
• To comply with legal obligations

4 Legal Basis for Processing

Under GDPR, we rely on the following legal bases:

• Contract performance: Processing necessary to provide the service you signed up for
• Legitimate interests: Security monitoring, fraud prevention, analytics
• Consent: Marketing emails and non-essential cookies (where applicable)
• Legal obligation: Keeping records required by tax and financial regulations

5 Data Sharing and Third Parties

We do not sell your personal data. We share data only with trusted third-party service providers who process it on our behalf:

• Hosting providers: Servers where your data is securely stored
• Payment processors: Stripe and PayPal for subscription payments
• Email services: For transactional and notification emails
• Analytics tools: Aggregated, anonymised usage data only
• Legal authorities: Where required by law or court order

All third-party processors are bound by data processing agreements and are required to maintain appropriate security standards.

6 Your Rights Under GDPR

If you are in the European Economic Area (EEA) or UK, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Request deletion of your data ("right to be forgotten")
• Right to restrict processing: Limit how we use your data
• Right to data portability: Receive your data in a portable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent at any time where processing is consent-based

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

7 Data Retention

We retain your personal data for as long as necessary to provide the service and comply with legal obligations:

• Account data: Retained until you delete your account or request erasure
• Invoice data: Retained for the life of your account plus 2 years after deactivation
• Financial records: May be retained for up to 7 years to comply with tax law
• Server logs: Automatically purged after 90 days

8 Cookies

We use the following types of cookies:

• Essential cookies: Required for the application to function (session management, CSRF protection). Cannot be disabled.
• Analytics cookies: Used to understand how visitors interact with our site (aggregated, anonymised data). Can be disabled in your browser settings.
• Advertising cookies: May be set by third-party advertisers (e.g., Google AdSense) subject to your cookie consent.

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the service.

9 Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include: HTTPS encryption, hashed passwords, access controls, regular security updates, and secure data centre hosting. However, no internet transmission is 100% secure, and we cannot guarantee absolute security.

10 Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email. Your continued use of InvoicesFox after any changes constitutes acceptance of the updated policy.