Privacy Policy

Last updated: March 2026

1. Introduction

Invoicier ("we", "our", "us") operates the invoicier.com platform. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and e-invoicing service.

We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using Invoicier, you agree to the practices described in this policy.

2. Information we collect

We collect the following categories of personal data:

Account information: Your name, email address, and password when you create an account.

Business information: Company name, legal name, registry code, VAT number, and business address. This information is required to create invoices and register your Peppol ID.

Financial information: Bank account details (IBAN, BIC/SWIFT) that appear on your invoices. Payment and billing information is collected and processed by our payment processor, Stripe — we do not store your credit card details on our servers.

Invoice data: The contents of invoices you create, send, and receive, including buyer and seller details, line items, amounts, and tax information.

Usage data: We automatically collect technical data such as IP address, browser type, device information, pages visited, and timestamps. This data is collected through Google Analytics 4 (GA4) and server logs.

Contact form data: When you use our contact form, we collect your name, email address, and message content.

3. Legal basis for processing

We process your personal data on the following legal grounds under the GDPR:

Contract performance (Art. 6(1)(b)): Processing necessary to provide the invoicing service you signed up for — including account management, invoice creation, Peppol ID registration, and payment processing.

Legitimate interest (Art. 6(1)(f)): Processing for service improvement, security monitoring, fraud prevention, and analytics. We balance our interests against your rights and freedoms.

Legal obligation (Art. 6(1)(c)): Processing required to comply with tax, accounting, and regulatory obligations.

Consent (Art. 6(1)(a)): Where we rely on consent (e.g. marketing communications or analytics cookies), you may withdraw consent at any time without affecting the lawfulness of prior processing.

4. How we use your information

We use your personal data to:

  • Provide and maintain the Invoicier e-invoicing platform
  • Create, send, and receive invoices on your behalf
  • Register and manage your Peppol ID on the Peppol network
  • Process subscription payments through Stripe
  • Send transactional emails (account verification, invoice notifications, password resets)
  • Respond to your support and contact form inquiries
  • Monitor and improve the security and performance of our service
  • Analyse usage patterns to improve the platform (via Google Analytics 4)
  • Comply with legal and regulatory obligations

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling.

5. Data sharing and third parties

We share your personal data only as necessary to operate the service. Our third-party processors include:

Peppol network: Your business details (company name, address, VAT number, Peppol ID) are shared with the Peppol network and recipient Access Points when you send or receive invoices. This is essential to the e-invoicing service.

Stripe: Processes subscription payments. Stripe collects and stores payment card details directly — we do not have access to your full card number. See Stripe's Privacy Policy.

Resend: Delivers transactional and notification emails on our behalf. See Resend's Privacy Policy.

Google Analytics 4: Collects anonymised usage data to help us understand how visitors use our website. See Google's Privacy Policy.

Render: Hosts our application and data in the European Union (EU region). See Render's Privacy Policy.

Invoice recipients: When you send an invoice, your business details (company name, address, VAT number, bank details) appear on the invoice and are shared with the recipient. This is standard invoicing practice.

We may also disclose data when required by law or to protect our legal rights.

6. International data transfers

Your data is primarily stored and processed within the European Union (Render EU region). Some of our third-party processors (Stripe, Google Analytics, Resend) may transfer data outside the EU/EEA.

Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or the processor's participation in recognised data protection frameworks.

7. Data security

We take reasonable technical and organisational measures to protect your data, including:

  • HTTPS encryption for all communications
  • Secure, hashed password storage
  • CSRF protection and Content Security Policy headers
  • Rate limiting on sensitive endpoints
  • Encrypted invoice transmission via the Peppol network's built-in security protocols
  • Regular security reviews of our infrastructure

No method of transmission or storage is 100% secure. If you become aware of a security vulnerability, please contact us immediately at support@invoicier.com.

8. Data retention

We retain your personal data as follows:

  • Account data: Retained for as long as your account is active.
  • Invoice data: Retained for as long as your account is active. Upon account closure, you will have the option to export all your data (invoices, contacts, account details) as a downloadable ZIP file. After a 30-day grace period following account closure, all your data is permanently deleted from our servers.
  • Usage data: Retained for up to 26 months (Google Analytics default retention period).
  • Contact form messages: Retained for up to 12 months after resolution.

Important: You are responsible for maintaining your own accounting and tax records as required by the laws of your jurisdiction. We strongly recommend exporting your data before closing your account. Invoicier does not retain invoice data on your behalf for tax compliance purposes after account deletion.

When data is no longer needed, we securely delete or anonymise it.

9. Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
  • Right to restriction: Request that we limit how we process your data in certain circumstances.
  • Right to data portability: Request your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interest, including for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at support@invoicier.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

10. Cookies and tracking

We use the following cookies and tracking technologies:

Essential cookies: Session cookies required for the platform to function (e.g. CSRF tokens, session management). These cannot be disabled.

Analytics cookies: Google Analytics 4 uses cookies to collect anonymised usage data. You can opt out by adjusting your browser's cookie settings or using the Google Analytics Opt-out Browser Add-on.

We do not use advertising cookies or third-party tracking pixels.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or by posting a notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised.

Continued use of Invoicier after changes are posted constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your personal data, contact us at:

Invoicier Ltd
Reg. code: 17474305
Pilve Str 6, Tallinn, Estonia
Email: support@invoicier.com