Invoice.app

Privacy Policy

Last updated: February 7, 2026

Thank you for using Invoice.app.

This Privacy Policy explains how we collect, use, share, and protect your personal data when you use Invoice.app. We are committed to protecting your privacy and processing your data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

  1. Who We Are

    Invoice.app is operated by Piotr Stojanowski Consulting (the “data controller”). We are responsible for deciding how your personal data is used.

    If you have any questions about this Privacy Policy or how we handle your data, you can contact us at contact@invoice.app.

  2. Information We Collect

    We collect the following categories of personal data:

    1. Account data. Email address and encrypted password (or authentication tokens if you sign in with Apple).
    2. Business and invoice data. Information you enter into the app, including your company details, client information, invoices, estimates, expenses, time entries, and other financial records.
    3. Usage and analytics data. Anonymous information about how you access and use the app, including feature usage patterns and interaction data.
    4. Device and crash data. Device type, operating system version, app version, crash logs, and error reports collected to diagnose and fix issues.
    5. Payment data. Subscription status and transaction identifiers. We do not directly collect or store your credit card numbers or bank account details — payments are processed by the Apple App Store, Google Play Store, or Stripe (via RevenueCat).
  3. How We Collect Information
    1. Directly from you. When you create an account, enter business data, or contact us.
    2. Automatically. When you use the app, we automatically collect usage data, device information, and crash reports.
    3. From third parties. We may receive authentication data from Apple (Sign in with Apple) and subscription status from the Apple App Store, Google Play Store, or RevenueCat.
  4. Legal Basis for Processing (GDPR)

    We process your personal data on the following legal bases:

    1. Contract performance. Processing necessary to provide you with the Invoice.app service, including account management, data synchronisation, invoice generation, and subscription management.
    2. Legitimate interests. Processing necessary for our legitimate business interests, such as improving the app, diagnosing crashes and errors, preventing fraud, and ensuring security. We balance these interests against your rights and freedoms.
    3. Consent. Where we rely on your consent (for example, for optional analytics), you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
    4. Legal obligations. Processing necessary to comply with applicable laws and regulations, such as tax and accounting requirements.
  5. How We Use Your Information

    We use your personal data to:

    1. Provide and maintain the Invoice.app service, including invoice creation, client management, and document generation.
    2. Synchronise your data across devices (iPhone, iPad, Android, and Web).
    3. Process subscriptions and manage billing through the app stores and payment processors.
    4. Analyse usage patterns to improve the app and develop new features.
    5. Diagnose and resolve crashes, errors, and technical issues.
    6. Send transactional emails (such as account verification or password reset).
    7. Comply with legal and regulatory obligations.
  6. How We Share Your Information

    We do not sell your personal data. We share your data only with the following categories of service providers, as necessary to operate Invoice.app:

    1. Google Cloud / Firebase. Cloud infrastructure, data storage (Firestore, Firebase Storage), authentication (Firebase Auth), hosting (Firebase Hosting, Cloud Run), and crash reporting (Firebase Crashlytics on mobile).
    2. RevenueCat. Subscription management and entitlement tracking across platforms.
    3. Stripe. Payment processing for web-based subscriptions (via RevenueCat).
    4. Sentry. Error monitoring and crash reporting for backend services.
    5. Apple. Sign in with Apple authentication and App Store subscription processing.
    6. Gmail SMTP. Delivery of transactional emails (account verification, password reset).
    7. Law enforcement and regulators. We may disclose your data if required by law, regulation, legal process, or enforceable governmental request.
  7. International Data Transfers

    Your data is primarily processed within the European Union / European Economic Area. However, some of our service providers (including Google Cloud, RevenueCat, Stripe, and Sentry) may process data in the United States.

    Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the service provider's participation in recognised data protection frameworks.

  8. Data Retention
    1. Active accounts. We retain your account and business data for as long as your account is active and you continue to use the Service.
    2. Account deletion. When you request deletion of your account, we delete your personal data and business data immediately. Some data may persist in encrypted backups for a limited period before being purged.
    3. Crash and analytics data. Crash reports and analytics data are retained according to the retention policies of the respective service providers (Firebase Crashlytics, Sentry) and are typically retained for 90 days.
    4. Legal obligations. We may retain certain data for longer periods where required by applicable laws (such as tax or accounting regulations).
  9. Your Rights

    Under the GDPR, you have the following rights regarding your personal data:

    1. Right of access. You can request a copy of the personal data we hold about you.
    2. Right to rectification. You can ask us to correct inaccurate or incomplete personal data.
    3. Right to erasure. You can request the deletion of your personal data. You can do this by deleting your account within the app or by contacting us.
    4. Right to restriction. You can ask us to restrict the processing of your personal data in certain circumstances.
    5. Right to data portability. You can request your data in a structured, commonly used, machine-readable format. Invoice.app provides a data export feature for this purpose.
    6. Right to object. You can object to the processing of your personal data based on legitimate interests.
    7. Right to withdraw consent. Where processing is based on consent, you can withdraw your consent at any time.
    8. Right to lodge a complaint. If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In Poland, this is the President of the Personal Data Protection Office (UODO).

    To exercise any of these rights, please contact us at contact@invoice.app.

  10. Data Security

    We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it:

    1. All data in transit is protected by SSL/TLS encryption.
    2. Data at rest is stored on secure Google Cloud infrastructure with encryption.
    3. Authentication credentials are encrypted and securely managed.
    4. Access to production systems is restricted and monitored.

    Please be aware that no method of electronic transmission or storage is 100% secure. We ask that you do not provide us with any sensitive or special categories of personal data (such as health data) through Invoice.app unless we specifically request it.

  11. Children's Privacy

    Invoice.app is a business invoicing tool and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us and we will promptly delete it.

  12. Changes to This Policy

    Piotr Stojanowski Consulting may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. The most current version will always be available at invoice.app/privacy.

    For material changes, we will provide at least 30 days' notice before the changes take effect. We may notify you through the app, via email, or by other reasonable means. We will update the “last updated” date at the top of this page.

  13. Contact Us

    If you have any questions about this Privacy Policy, your personal data, or wish to exercise your data protection rights, please contact us at contact@invoice.app.