Privacy Policy

Last Updated: July 27, 2025

Effective Date: July 27, 2025

1. Introduction

NovaInvoice ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoice management service (the "Service").

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Account Information: Name, email address, company name, phone number, business address
  • Billing Information: Payment method details (processed by Stripe)
  • Business Information: Tax ID, business registration details, default currency preferences
  • Profile Information: Company logo, signature, tax settings

2.2 Invoice and Client Data

When you use our Service, we collect:

  • Invoice Information: Invoice numbers, dates, amounts, line items, notes
  • Client Information: Client names, companies, email addresses, phone numbers, addresses
  • Payment Information: Payment status, dates, methods, Stripe payment references
  • Digital Signatures: Electronic signatures and signature timestamps

2.3 Usage and Technical Data

We automatically collect:

  • Device Information: IP address, browser type, device type, operating system
  • Usage Analytics: Pages visited, features used, time spent, interaction patterns
  • Device Fingerprinting: Browser features, screen resolution, installed fonts (for security)
  • Email Tracking: Email open rates, click-through rates for sent invoices
  • Session Data: Login times, session duration, preferences

3. How We Use Your Information

We use the collected information for:

  • Service Provision: Creating, sending, and managing invoices
  • Payment Processing: Facilitating payments through Stripe Connect
  • Account Management: Managing subscriptions and billing
  • Customer Support: Responding to inquiries and providing assistance
  • Service Improvement: Analyzing usage patterns to enhance features
  • Security: Detecting fraud and preventing unauthorized access
  • Legal Compliance: Meeting regulatory requirements
  • Communication: Sending service updates and notifications

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with trusted third parties:

  • Stripe: Payment processing and subscription management
  • Email Service Providers: Sending invoice notifications and updates
  • Cloud Infrastructure: Hosting and data storage services
  • Analytics Services: Understanding service usage and performance

4.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new owner with appropriate safeguards.

4.3 Legal Requirements

We may disclose your information to comply with legal obligations, court orders, or government requests.

5. Data Retention

We retain your information for:

  • Active Accounts: As long as your account remains active
  • Invoices: 7 years for tax and accounting purposes
  • Payment Records: 7 years for financial compliance
  • Usage Logs: 2 years for security and analytics
  • Deleted Accounts: 30 days in case of recovery, then permanently deleted

6. Data Security

We implement security measures including:

  • Encryption: SSL/TLS encryption for data in transit
  • Access Controls: Role-based access and authentication
  • Monitoring: Security monitoring and incident response
  • Regular Audits: Security assessments and vulnerability testing
  • Secure Infrastructure: Industry-standard hosting and database security

7. Your Rights and Choices

7.1 Access and Control

You have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Delete your account and data
  • Export your data
  • Restrict processing of your data
  • Object to certain uses of your data

7.2 GDPR Rights (EU Users)

Under the General Data Protection Regulation (GDPR), you have additional rights:

  • Right to data portability
  • Right to lodge a complaint with supervisory authorities
  • Right to withdraw consent at any time
  • Right to object to automated decision-making

8. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Login sessions and security
  • Analytics Cookies: Understanding service usage
  • Preference Cookies: Remembering your settings
  • Device Fingerprinting: Fraud prevention and security

You can manage cookie preferences through your browser settings. Please see our Cookie Policy for more details.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it immediately.

11. Email Communications

We may send you:

  • Service Communications: Account notifications, security alerts (required)
  • Invoice Notifications: Invoice status updates and reminders
  • Marketing Communications: Product updates and offers (opt-in)

You can unsubscribe from marketing emails at any time using the unsubscribe link or by contacting us directly.

12. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

13. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our Service. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

14. Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: [email protected]

Data Protection Officer: [email protected]

Website: https://novainvoice.com

15. Legal Basis for Processing (EU Users)

We process your personal data based on:

  • Contract: To provide the Service you've requested
  • Legitimate Interest: To improve our Service and ensure security
  • Consent: For marketing communications and certain analytics
  • Legal Obligation: To comply with applicable laws

Your Privacy Matters: We are committed to protecting your privacy and handling your data responsibly. If you have any concerns or questions, please don't hesitate to contact us.