Invorce - Everything UK businesses need

1. The Short Version

We collect the information you give us (like your email and the invoices you create), plus some technical stuff (like your IP address) to keep the service running smoothly and securely.

We use Stripe for payments, so they'll have your payment info (but we don't store your card details). We'll never sell your data or use it for advertising.

2. Information We Collect

2.1 Information You Provide

Account information (name, email address, password)
Business information (business name, address, tax information)
Customer data you enter into the platform
Invoice and quote data
Payment information (processed securely by Stripe)

2.2 Automatically Collected Information

Log data (IP address, browser type, pages visited)
Device information
Usage data and analytics
Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information to:

Provide, maintain, and improve our services
Process your transactions and manage your subscription
Send you service-related communications
Respond to your comments and questions
Detect, prevent, and address technical issues and security threats
Comply with legal obligations

4. Data Sharing and Disclosure

We may share your information with:

Service Providers: Stripe for payment processing, email service providers
Legal Requirements: When required by law or to protect our rights
Business Transfers: In connection with a merger, sale, or acquisition

We do not sell your personal information to third parties.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information. However, no method of transmission over the Internet is 100% secure, and like every other website in the world, we cannot guarantee absolute security. But we strive to protect your information and regularly review our security practices, in line with industry standards.

6. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations.

General account data: Deleted when you delete your account (except where required by law)
Tax-related data: Retained for 7+ years from the end of the relevant tax year (UK legal requirement)
HMRC audit logs: Retained for 7+ years for compliance, even after account deletion
Payment records: Retained for 7 years for accounting and tax purposes

7. Your Rights Under UK GDPR

You have the right to:

Access: Request a copy of your personal data (contact support@invorce.com)
Rectification: Correct inaccurate data through your account settings
Erasure: Request deletion of your data (subject to 7-year tax retention requirements)
Portability: Request your data in a machine-readable format (contact support@invorce.com)
Object: Object to processing of your data (may limit service functionality)
Withdraw Consent: Disconnect HMRC access or delete your account at any time
Lodge a Complaint: Contact the ICO (Information Commissioner's Office) if you believe we've mishandled your data

Note: Some data, particularly tax-related records, cannot be deleted before the 7-year retention period expires due to UK legal requirements.

8. Cookies

We use cookies and similar tracking technologies to track activity on our service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

9. Third-Party Services

We use the following third-party services:

Stripe: Payment processing (subject to Stripe's Privacy Policy)
Email Service Providers: For sending transactional emails

10. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us.

11. Data Storage and Location

We store your data securely on servers located in Finland (EU/EEA), operated by Hetzner. Finland provides an adequate level of data protection under UK GDPR.

All sensitive data, including HMRC OAuth tokens, is encrypted at rest using AES-256-GCM encryption. We maintain comprehensive audit logs for tax compliance purposes.

12. HMRC Integration and Tax Data

12.1 Data Controller Responsibilities

For HMRC integration services, Invorce acts as the data controller. We are responsible for protecting your HMRC data under UK GDPR and complying with Making Tax Digital requirements.

12.2 What HMRC Data We Process

HMRC OAuth access and refresh tokens (encrypted)
VAT Registration Number (VRN)
Unique Taxpayer Reference (UTR) - when Self Assessment launches
National Insurance Number (NINO) - when Self Assessment launches
VAT obligations and returns
Tax calculation data
Audit logs of all HMRC API interactions

12.3 Legal Basis for Processing

We process your HMRC data under the legal basis of contract performance - we need this data to provide you with automated tax submission services. When you connect to HMRC, you explicitly consent to this processing.

12.4 Tax Data Retention

HMRC-related data is retained for a minimum of 7 years after the end of the tax year to comply with UK tax record-keeping requirements. This includes audit logs of all tax submissions, even after you disconnect from HMRC or delete your account.

12.5 Your Responsibility

You are solely responsible for the accuracy of all tax data submitted to HMRC through Invorce. While we provide the tools and secure infrastructure, you must verify all figures before submission.

13. Data Breach Procedures

In the unlikely event of a data breach affecting your personal information, we will notify you and the ICO within 72 hours as required by UK GDPR. We maintain comprehensive security monitoring and incident response procedures.

14. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically.

15. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

privacy@invorce.com

Company

INVORCE LTD (Company No. 16850379)

Registered Office

128 City Road, London, EC1V 2NX, United Kingdom