Privacy Policy

Last updated: April 19, 2026

InvoSnap ("we", "us", "our") operates the website invosnap.app and the related Service. This Privacy Policy explains what data we collect, how we use it, who we share it with, and the rights you have over your data.

1. Data we collect

• Account data: name, email address, password hash, and authentication metadata when you sign up.
• Billing data: plan, subscription status, and last four digits of your payment method. Full payment details are handled directly by our merchant of record and never stored on our servers.
• Invoice content: the files you upload and the structured data we extract from them.
• Usage data: log entries such as IP address, user agent, request timestamps, and feature usage, used to operate and secure the Service.

2. How invoice files are handled

Invoice files you upload are sent to our extraction pipeline and to our AI provider (OpenAI / OpenRouter) solely to perform the extraction you requested. By default, the original file is processed transiently and is not retained after extraction completes; only the structured data (vendor, line items, totals, etc.) is associated with your account so you can view it in your workspace. You can delete extracted records at any time from the workspace.

3. How we use your data

We use your data to:

• Provide, maintain, and improve the Service;
• Process your subscription and send transactional emails (e.g. receipts, alerts);
• Detect, prevent, and respond to fraud or security issues;
• Comply with our legal and tax obligations.

4. Sub-processors we share data with

• Supabase — hosting our database and authentication.
• Vercel — hosting the website and serverless functions.
• OpenAI / OpenRouter — running the AI extraction model on the invoice files you upload.
• Resend — sending transactional emails.
• Paddle (or our active merchant of record) — processing payments and handling sales tax, VAT, and GST.

We do not sell your personal data, and we do not share it with third parties for advertising purposes.

5. Data retention

We keep account and billing data for as long as your account is active and for a reasonable period afterwards to comply with legal obligations and to resolve disputes. Extracted invoice records are kept until you delete them or close your account.

6. Your rights

Depending on where you live (e.g. under GDPR in the EEA / UK or CCPA in California), you may have the right to access, correct, port, or delete your personal data, and to object to or restrict certain processing. To exercise any of these rights, email support@invosnap.app.

7. International transfers

The sub-processors listed above may process your data in jurisdictions outside your own, including the United States. Where required, we rely on standard contractual clauses or equivalent safeguards.

8. Security

We use industry-standard measures to protect your data, including HTTPS in transit, encryption at rest where supported by our sub-processors, and access controls. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

9. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from children.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced on this page and, where appropriate, by email.

11. Contact

For privacy questions or to exercise your rights, contact support@invosnap.app.