Legal · Data export

Take everything with you

One ZIP. Every payload, every signed receipt, every audit log line. Self-serve from the dashboard, or request it here.

Effective April 1, 2026 · v1.4.2

1. What's in the bundle

The export is a single .zip, organized for a human reading it cold — not just for machines. Pull it open and you'll find:

/raw

Original payloads

Every inbound email exactly as we received it (.eml) plus every attachment in its native format.

/parsed

Structured JSON

One .json per invoice with vendor, line items, totals, references, and the hash chain that links it to its source email.

/receipts

Signed receipts

The forwarded payload as your destination of record received it, with the Ed25519 signature and public key alongside.

/csv

Flat CSV

For the bookkeeper. invoices.csv and line_items.csv with stable column names. UTF-8, RFC 4180.

/audit

Audit log

Every login, every API call, every operator action — append-only NDJSON. Same format the SOC 2 auditor sees.

/keys

Verification material

The public keys we used to sign your receipts, plus a verify.sh that checks every signature without InvoicePass involvement.

2. The shape on disk

invoicepass-export-2026-04-30.zip
├── manifest.json          ← every file with sha256, byte count, source ref
├── raw/
│   ├── 2026-04-29/
│   │   ├── 0001-acme-supplies.eml
│   │   └── 0001-acme-supplies/invoice.pdf
│   └── ...
├── parsed/
│   └── 2026-04-29/0001-acme-supplies.json
├── receipts/
│   └── 2026-04-29/0001-acme-supplies.signed.json
├── csv/
│   ├── invoices.csv
│   └── line_items.csv
├── audit/
│   └── 2026-04.ndjson
└── keys/
    ├── ed25519-2026-q2.pub
    └── verify.sh

Sizes: a typical month for a 12-truck operator clocks in around 180 MB. Heavy accounts can break a gigabyte; the archive splits at 4 GB into numbered parts.

3. How to trigger one

  1. Open the dashboard at portal.invoicepass.app.
  2. Go to Settings → Data → Export.
  3. Pick a date range (default: everything) and click Generate.
  4. We email you a one-time download link, valid for 72 hours, when the bundle is ready. Most exports complete in under five minutes.
Don't have dashboard access yet? Tell us your account email and we'll generate the bundle on your behalf.

4. Verifying signatures yourself

Every receipt in /receipts is a JSON file plus an Ed25519 signature in its signature field. The verify.sh in /keys walks the bundle and confirms every signature against the public key in the same folder. No network call, no InvoicePass involvement — that is the point. If we disappeared tomorrow, your receipts are still cryptographically yours.

5. Retention after export

Generating an export does not delete anything. Standard retention from our Privacy policy still applies (raw inbound: 90 days; receipts: 7 years). To purge after exporting, visit Settings → Data → Erase; confirmations require typing your account name to prevent slips.

6. On account closure

If you cancel, you have 30 days from the end of your last billing period to download the export. After that, we hard-delete within 60 days unless retention law requires us to hold longer. We confirm deletion in writing on request.

7. Questions

Stuck on a verification step or need a custom format (XBRL, UBL, NetSuite SuiteApp)? [email protected] — we read every one and reply within one business day.