Privacy Policy

Last updated: March 3, 2026

InvoUno ("we", "our", or "us") operates the invouno.com website and provides invoice, quote, receipt, and document generation services (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored securely using bcrypt hashing). If you subscribe to a paid plan, we collect billing information through our payment processor.

Document Data

We store the documents you create through our Service, including invoices, quotes, receipts, purchase orders, and estimates. This includes business details, client information, line items, and any custom content you provide.

Usage Data

We automatically collect information about how you interact with our Service, including pages visited, features used, API calls made, browser type, IP address, and device information.

Client Information

When you add clients to your account, we store their name, email, address, and any other details you provide for inclusion on documents.

2. How We Use Your Data

We use your information to:

  • Provide, maintain, and improve the Service
  • Generate and deliver documents (invoices, quotes, receipts, etc.)
  • Send documents to your clients via email on your behalf
  • Process payments and manage subscriptions
  • Send transactional emails (account verification, password resets, billing receipts)
  • Monitor usage to enforce plan limits and prevent abuse
  • Respond to support requests
  • Detect and prevent fraud or unauthorized access

We do not sell your personal data to third parties. We do not use your document content for advertising purposes.

3. Data Storage and Security

Your data is stored on secure servers with encryption at rest and in transit (TLS 1.2+). We implement industry-standard security measures including:

  • Bcrypt password hashing with individual salts
  • CSRF protection on all form submissions
  • Rate limiting on authentication endpoints
  • Regular security audits and dependency updates
  • Encrypted database backups

We retain your account data for as long as your account is active. Document data is retained until you delete it or close your account. Upon account deletion, we permanently remove your data within 30 days.

4. Third-Party Services

We use the following third-party services that may process your data:

  • DodoPayments — Payment processing. When you purchase a paid plan, your payment information is handled directly by DodoPayments. We do not store your full credit card number. DodoPayments' privacy policy governs their handling of your payment data.
  • Resend — Email delivery. We use Resend to send transactional emails (account notifications, document delivery to your clients). Resend processes email addresses and message content necessary for delivery.

We ensure all third-party providers maintain adequate data protection standards and only process data as necessary to provide their services to us.

5. Cookies

We use strictly necessary cookies to:

  • Session cookie — Maintains your login state and CSRF protection. Expires when you close your browser or after inactivity.
  • Theme preference — Stores your light/dark mode preference in localStorage (not a cookie, but stored locally in your browser).

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate data
  • Deletion — Request deletion of your account and associated data
  • Export — Download your documents and data in standard formats (PDF, JSON via API)
  • Restriction — Request that we limit processing of your data
  • Objection — Object to processing of your data for certain purposes

To exercise any of these rights, contact us at the email address below. We will respond within 30 days.

7. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Email: [email protected]