Privacy Policy
Last Updated: August 17, 2025
Effective Date: August 17, 2025
YOUR PRIVACY MATTERS: This Privacy Policy explains how Invoice Collector collects, uses, and protects your personal information. We are committed to transparency and your privacy rights under GDPR, CCPA, and other applicable privacy laws.
1. Information We Collect
1.1 Information You Provide
- Account Information: Email address, name, and authentication credentials
- Configuration Data: Collection rules, folder preferences, and app settings
- Contact Information: When you contact us for support
1.2 Information We Access from Google Services
With your explicit consent, we access:
- Gmail Data: Email messages, metadata, and attachments for invoice identification and processing
- Google Drive Data: File storage and organization for processed invoices
- Google Account Info: Basic profile information (name, email) for authentication
1.3 Automatically Collected Information
- Usage Data: Application usage patterns, feature usage, error logs
- Technical Data: IP address, device type, operating system, app version
- Log Data: Access logs, performance metrics, error reports
2. How We Use Your Information
| Purpose |
Data Used |
Legal Basis (GDPR) |
| Invoice Collection & Organization |
Gmail messages, attachments, Drive access |
Consent (Article 6(1)(a)) |
| Service Provision |
Account information, preferences |
Contract performance (Article 6(1)(b)) |
| Technical Support |
Usage data, error logs, contact info |
Legitimate interest (Article 6(1)(f)) |
| Security & Fraud Prevention |
Access logs, IP addresses, usage patterns |
Legitimate interest (Article 6(1)(f)) |
| Service Improvement |
Aggregated usage statistics |
Legitimate interest (Article 6(1)(f)) |
3. Data Processing and Storage
3.1 Data Processing
We process your data to:
- Search your Gmail for invoices and receipts based on your configured rules
- Download and organize invoice attachments
- Convert email content to PDF format when no attachments are present
- Store organized documents in your Google Drive
- Prevent duplicate processing of the same documents
- Provide technical support and troubleshooting
3.2 Data Storage
- Location: Data is stored in secure cloud infrastructure
- Duration: Account data retained while your account is active plus 30 days after deletion
- Email Content: Processed temporarily and not permanently stored unless converted to PDF
- Backups: Encrypted backups retained for up to 90 days for disaster recovery
4. Data Sharing and Disclosure
WE DO NOT SELL YOUR PERSONAL DATA. We do not share your personal information except in the limited circumstances described below.
4.1 Service Providers
We may share data with trusted service providers who help us operate the service:
- Cloud Infrastructure: Hosting and data storage providers
- Analytics: Usage analytics to improve the service
- Support Tools: Customer support and communication platforms
All service providers are bound by contractual obligations to protect your data and use it only as instructed.
4.2 Legal Requirements
We may disclose information when required by law or to:
- Comply with legal process or government requests
- Protect our rights, property, or safety
- Investigate potential violations of our Terms of Service
- Prevent fraud or security threats
5. Your Privacy Rights
GDPR Rights (EU Users)
Under the General Data Protection Regulation, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your personal data
- Portability: Receive your data in a portable format
- Restriction: Limit how we process your data
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Revoke previously given consent
5.1 CCPA Rights (California Users)
Under the California Consumer Privacy Act, you have the right to:
- Know what personal information we collect and how it's used
- Request deletion of your personal information
- Opt-out of the sale of personal information (we don't sell data)
- Non-discrimination for exercising your privacy rights
5.2 How to Exercise Your Rights
To exercise your privacy rights, contact us at:
- Email: privacy@invoicecollector.com
- Data Subject Request Form: Contact us via email
- In-App Settings: Many rights can be exercised directly in the application
6. Data Security
6.1 Security Measures
We implement industry-standard security measures:
- Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Role-based access with multi-factor authentication
- Regular Audits: Security assessments and penetration testing
- Monitoring: 24/7 security monitoring and incident response
- Staff Training: Regular security and privacy training for all personnel
6.2 Data Breach Response
In the event of a data breach affecting personal data:
- We will notify affected users within 72 hours
- Relevant authorities will be notified as required by law
- We will provide clear information about the incident and remediation steps
7. International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence. We ensure adequate protection through:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions for transfers to approved countries
- Other appropriate safeguards as required by applicable law
8. Children's Privacy
Our service is not intended for children under 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly.
9. Third-Party Services
Our service integrates with third-party services:
- Google Services: Gmail and Google Drive APIs (governed by Google's Privacy Policy)
- Analytics Providers: Usage analytics (with appropriate data processing agreements)
We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.
10. Cookies and Tracking
We use cookies and similar technologies for:
- Essential Cookies: Authentication and basic functionality
- Analytics Cookies: Understanding usage patterns (with your consent)
- Preference Cookies: Remembering your settings and preferences
You can control cookie settings through your browser or our cookie preference center.
11. Data Retention
We retain personal data only as long as necessary:
- Account Data: While your account is active plus 30 days after deletion
- Email Processing Data: Temporary processing only, not permanently stored
- Support Data: 3 years after the last interaction
- Legal Requirements: As required by applicable law
12. Privacy by Design
We implement privacy by design principles:
- Data Minimization: We collect only data necessary for our services
- Purpose Limitation: Data used only for stated purposes
- Transparency: Clear information about data processing
- User Control: Easy-to-use privacy controls and settings
13. Updates to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. We will:
- Notify you of material changes via email or in-app notification
- Post the updated policy with a new effective date
- Obtain your consent for changes that expand how we use your data
14. Contact Information and Data Protection Officer
15. Supervisory Authority
If you are in the EU and have concerns about how we handle your personal data, you have the right to lodge a complaint with your local data protection authority.
© 2025 Invoice Collector. All rights reserved.
This Privacy Policy complies with GDPR, CCPA, and other applicable privacy laws.