Privacy Policy

We collect information you provide directly to us, including:

• Account Information: Your name, phone number, and password when you register.
• Business Data: Company details, projects, quotations, and invoices you create within InvoBook.
• Usage Data: Log data such as your IP address, browser type, and pages visited, collected automatically when you use the service.

We do not collect payment card details; all billing is handled exclusively through your bank or payment gateways you integrate.

We use the information we collect to:

• Provide, operate, and improve the InvoBook platform.
• Authenticate your identity and enforce access-control permissions.
• Send you transactional messages (e.g. OTPs, account alerts).
• Respond to your support requests and inquiries.
• Monitor for fraud, abuse, and security threats.
• Comply with applicable laws and regulations.

We will never sell your personal data to third parties, nor use it for advertising purposes.

We may share your information only in the following circumstances:

• Service Providers: With trusted third-party vendors (e.g. Firebase / Google Cloud) who process data on our behalf under strict data-processing agreements.
• Legal Requirements: When required by law, regulation, or a valid government order.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, provided the receiving party agrees to honour this policy.
• With Your Consent: In any other case, only with your explicit consent.

InvoBook is built on Google Firebase, which provides:

• Firebase Authentication — for secure sign-in and session management.
• Cloud Firestore — for storing your business data.

Data stored in Firebase is subject to Google's Privacy Policy. Firebase infrastructure is hosted in Google Cloud regions with industry-standard security certifications (ISO 27001, SOC 2, etc.).

We take the security of your data seriously. Our measures include:

• All data transmitted between your device and our servers is encrypted using TLS 1.2+.
• Passwords are never stored in plain text — Firebase Authentication handles credential management securely.
• Role-based access control (ACL) ensures users can only access data within their authorised companies.
• Firebase Security Rules restrict direct database access to authenticated and authorised users only.

Despite these measures, no method of transmission over the internet is 100% secure. We encourage you to use a strong password and keep it confidential.

We retain your personal data for as long as your account is active or as needed to provide our services. Specifically:

• Account data is retained until you request account deletion.
• Business records (invoices, quotations) may be retained for up to 7 years to comply with accounting and tax regulations.
• Log data is automatically purged after 90 days.

Upon written request, we will delete your personal information, subject to the above legal retention obligations.

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data ("right to be forgotten").
• Portability: Request your data in a machine-readable format.
• Objection: Object to certain types of processing, including direct marketing.

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

InvoBook uses minimal cookies and browser local storage for:

• Authentication: To keep you logged in across sessions (Firebase session tokens).
• Preferences: To remember your UI preferences such as dark/light mode.

We do not use advertising or tracking cookies. You may clear cookies at any time via your browser settings, which will log you out of all sessions.

InvoBook is a business management platform intended for use by individuals aged 18 and above. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please contact us immediately and we will take steps to delete it.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, where appropriate, notify you via email or an in-app notification. Your continued use of InvoBook after any changes constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy, please reach out to us: