Legal · Privacy

Privacy policy

A plain-English summary of what we collect, why, where it lives, and how long we keep it. Written for operators, not lawyers.

Effective April 1, 2026 · v1.4.2

1. The short version

InvoicePass is invoice infrastructure. We process the inbound mail and payloads you send us so we can dedupe, sign, and forward them to your destination of record. We do not sell your data. We do not train models on customer payloads. We retain raw inbound material for 90 days by default and forwarded receipts for 7 years to support audits.

2. What we collect

We collect three categories of data:

  • Account data — email, organization name, billing identifiers, authentication state, and operator role (owner, foreman, dispatcher).
  • Invoice payloads — the raw email, attached PDFs, parsed line items, and any signed receipt we generate. These are the materials your account exists to ingest.
  • Operational telemetry — request IPs, user agents, API request timestamps, and dedup hashes. Used for abuse prevention and to populate the Status page.

3. What we do not collect

  • We do not run third-party advertising trackers on any InvoicePass surface.
  • We do not collect device sensor data, clipboard contents, or location.
  • We do not read or index the body of attachments beyond what is needed to extract invoice metadata (vendor, amount, line items, due date).

4. Where data lives

Production data is stored in ca-central-1 (Montréal). Encrypted backups replicate to us-east-1 (N. Virginia) for disaster recovery only. Data never leaves these two regions without an explicit DPA addendum.

5. Sub-processors

The following vendors process customer data on our behalf:

Vendor Purpose Region
Amazon Web Services Compute, storage, network ca-central-1
Postmark Outbound transactional email us-east-1
Stripe Subscription billing global
Sentry Error and performance telemetry us-west-2
Plausible Cookieless web analytics eu-central-1

We notify customers at least 30 days before adding a new sub-processor. The current list is the source of truth and is mirrored at our DPA.

6. How long we keep things

Data Retention
Raw inbound email + attachments 90 days, then purged
Signed receipts (forwarded payloads) 7 years, then purged
Operational logs 30 days
Cancelled accounts Hard-deleted after 60 days

7. Your rights

You can request a copy, correction, or deletion of personal data tied to your account at any time. The same goes for the right to portability and to object to specific processing. We honor requests within 14 days. See Data export for the self-serve flow.

8. Children

InvoicePass is a B2B service. We do not knowingly collect data from anyone under 16. If we learn we have, we will delete it.

9. Changes to this policy

Material changes get a 30-day heads-up via email and an in-product banner. The effective date at the top of this page reflects the latest revision.

10. Contact

Privacy questions, data subject requests, or law enforcement requests: [email protected].