We collect the following types of information when you use Invoicy:
Account information: Email address, name, and hashed password when you create an account
Invoice data: Invoices you upload or that are ingested via Gmail or WhatsApp, including vendor names, amounts, dates, and line items
Usage data: Activity logs such as upload times, processing status, and feature usage
Authentication data: Session tokens and Google OAuth tokens if you use Google Sign-In
2. Google API Services — User Data Disclosure
Invoicy's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Google API Scopes We Request and Why
Google Drive (drive): Used to upload processed invoice files to your designated Google Drive folder and organize them into vendor-specific subfolders. We also use this scope to create folders and share files as configured by you.
Google Sheets (spreadsheets): Used to log invoice metadata (vendor name, amounts, dates, status) to a Google Spreadsheet that serves as your invoice ledger.
Gmail — Read-only (gmail.readonly): Used to scan your inbox for incoming invoice emails and download invoice attachments for automated processing.
Gmail — Modify (gmail.modify): Used solely to mark processed invoice emails as read and apply labels, so you know which emails have already been handled. We do not send, delete, or alter the content of any emails.
Limited Use Compliance
Invoicy limits its use of Google user data to the practices disclosed in this Privacy Policy. Specifically:
We only access Google user data necessary to provide the invoice automation features described above.
We do not use Google user data for serving advertisements.
We do not sell Google user data to third parties.
We do not use Google user data for purposes unrelated to the Service.
We do not allow humans to read your Google user data unless: (a) you give explicit consent, (b) it is necessary for security purposes (e.g., investigating abuse), (c) it is required by law, or (d) the data is aggregated and anonymized for internal operations.
3. How We Use Your Information
Your information is used to:
Process, classify, and store invoices on your behalf
Authenticate your identity and maintain your session
Display invoice history and generate reports
Improve the accuracy of vendor classification
Send notifications related to invoice processing
4. Data Storage and Third-Party Services
Your data is stored and processed using the following services:
Google Drive: Uploaded invoice files are stored in your configured Google Drive folder
Google Sheets: Invoice metadata is logged to a Google Spreadsheet
Google Document AI: Invoice files are sent to Google's Document AI service for parsing and data extraction
Gmail API: If enabled, we access your Gmail to detect and process incoming invoices
Twilio: If WhatsApp integration is enabled, invoice files received via WhatsApp are processed through Twilio's services
We do not transfer Google user data to any third-party services beyond those listed above. Each third-party service has its own privacy policy. We encourage you to review them.
5. Data Sharing
We do not sell, trade, or rent your personal information to third parties. We do not use your data for advertising purposes. Your data is only shared with the third-party services listed above as necessary to provide the Service. We may disclose information if required by law.
6. Data Security
We take reasonable measures to protect your data, including:
HTTPS encryption for all data in transit
Passwords stored using PBKDF2 hashing
Session-based authentication with secure cookies
Access controls and role-based permissions
Google OAuth tokens stored securely on the server and never exposed to the browser
However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.
7. Data Retention and Deletion
Invoice data and metadata are retained in Google Drive and Google Sheets for as long as your account is active or as needed to provide the Service. You may delete individual invoices through the dashboard at any time. Upon account deletion, we will remove your data from our systems and revoke any stored Google OAuth tokens. Account deletion requests can be directed to the service administrator.
8. Your Rights
You have the right to:
Access the invoice data stored in your account
Export your data at any time via Google Drive and Sheets
Request deletion of your account and associated data
Opt out of Gmail or WhatsApp integrations at any time
9. Cookies
We use a session cookie to maintain your authentication state. We also store your theme preference (light/dark mode) in your browser's local storage. We do not use tracking cookies or third-party analytics.
10. Children's Privacy
The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.
12. Contact
If you have questions or concerns about this Privacy Policy, please contact the service administrator.