Privacy Policy | Invoscope

1. Introduction

Invoscope ("we," "us," or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our AI-powered invoice data extraction platform, and interact with our services (collectively, the "Service").

By accessing or using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the terms of this policy, please discontinue use of the Service immediately.

This policy is designed to comply with applicable data protection regulations including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and applicable requirements of our third-party service providers.

2. Information We Collect

2.1 Information You Provide Directly

When you register for an account, subscribe to a plan, or use our services, we may collect:

Account Information: Full name, email address, company name, and password (stored in encrypted/hashed form).
Billing Information: Payment details are processed and stored securely by our third-party payment processors — we do not store your full card numbers on our servers. We retain transaction history, subscription plan details, and billing references.
Invoice Data: PDF files and document images you upload for processing, along with the extracted data fields such as invoice numbers, dates, amounts, vendor information, and line items.
Project Data: Custom templates, field configurations, and extraction settings you create within the platform.
Communications: Messages, feedback, and correspondence you send to us via email or contact forms.

2.2 Information Collected Automatically

When you access the Service, we automatically collect certain technical data:

Device & Browser Data: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
Usage Data: Pages visited, features used, timestamps, click patterns, session duration, and referring URLs.
Cookies & Similar Technologies: We use cookies and similar technologies to maintain sessions, remember preferences, and analyze usage patterns. See Section 7 for details.

2.3 Information from Third-Party Services

We may receive information from the following categories of third-party services:

Payment Processors: Payment confirmation details, subscription status updates, and transaction metadata.
AI Service Providers: We transmit your uploaded invoice content to third-party AI platforms for data extraction. These providers process data according to their respective privacy policies and API terms of service.
Analytics Providers: Aggregated and anonymized usage statistics from analytics tools we may integrate.

3. How We Use Your Information

3.1 Service Delivery & Improvement

Process and extract data from your uploaded invoices using AI technology
Manage your account, authentication, and subscription billing
Provide customer support and respond to your inquiries
Improve, personalize, and optimize the Service's features and performance
Develop new features and functionalities based on usage patterns

3.2 Billing & Transactions

Process payments through our authorized payment processors
Manage subscription plans, renewals, cancellations, and usage limits
Generate invoices and transaction receipts
Prevent payment fraud and unauthorized transactions

3.3 Communications

Send transactional emails (account verification, billing confirmations, subscription updates)
Send service-related notifications (usage limits, plan expiry warnings, feature updates)
Send marketing communications only with your explicit consent, with easy unsubscribe options

3.4 Legal & Security

Comply with applicable laws, regulations, and legal obligations
Enforce our Terms & Conditions and protect our legal rights
Detect, prevent, and address security incidents, fraud, and technical issues
Maintain audit logs for regulatory compliance

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions that require a legal basis for processing, we rely on the following grounds:

Legal Basis	Purpose	Examples
Contract Performance	Necessary to fulfill our agreement with you	Account management, invoice processing, billing
Legitimate Interest	Necessary for our business interests, balanced against your rights	Service improvement, fraud prevention, analytics
Consent	You have given explicit consent	Marketing emails, non-essential cookies, advertising tracking
Legal Obligation	Required by law	Tax records, regulatory compliance, law enforcement requests

5. How We Share Your Information

We do not sell your personal data. We share information only in the following circumstances:

5.1 Third-Party Service Providers

We engage trusted third-party companies to perform services on our behalf. These providers only have access to the data necessary to perform their specific functions and are contractually obligated to protect your information:

Category	Purpose	Data Shared
AI Processing Platform	Invoice data extraction via AI	Uploaded invoice images and PDFs
Payment Processors	Subscription billing and payment processing	Payment details, billing information
Cloud Hosting Provider	Infrastructure, hosting, and database services	All service data (encrypted at rest and in transit)
Analytics Providers	Usage analytics and performance monitoring	Anonymized usage data
Advertising Platforms	Conversion tracking and remarketing	Hashed identifiers, page interaction events

5.2 Legal & Compliance Disclosures

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:

Comply with a legal obligation, court order, or governmental request
Protect and defend our rights or property
Prevent or investigate possible wrongdoing in connection with the Service
Protect the personal safety of users or the public

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or use of your personal data.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

Account Data: Retained for the duration of your active account plus 30 days after a deletion request.
Invoice & Project Data: Retained while your account is active. Archived project data from plan downgrades is retained for 90 days before permanent deletion.
Billing Records: Retained for a minimum of 7 years to comply with tax and financial regulations.
Usage Logs: Retained for up to 12 months for analytics and security purposes.
Marketing Consent Records: Retained for 3 years after last interaction or until consent is withdrawn.

7. Cookies & Tracking Technologies

7.1 Essential Cookies

Required for the Service to function. These include session cookies for authentication, security protection, and user preference storage. These cannot be disabled without impairing core functionality.

7.2 Analytics Cookies

Help us understand how visitors interact with the Service. We may use analytics tools to collect anonymized data about page views, session duration, and user flows. You can opt out via your browser settings or through the applicable analytics provider's opt-out mechanism.

7.3 Advertising & Tracking Cookies

If enabled, we may use advertising platform pixels and similar technologies for conversion tracking and remarketing. These cookies track actions like sign-ups and purchases to measure advertising effectiveness. You can manage your ad preferences through the respective advertising platform's settings or opt out through the Digital Advertising Alliance's opt-out portal.

7.4 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may impair the functionality of the Service. We provide a cookie consent mechanism upon first visit to allow granular control over non-essential cookies.

8. AI Data Processing

Our Service uses third-party AI platforms to extract data from uploaded invoices. Important disclosures regarding this integration:

Invoice images and PDFs are transmitted to AI service provider servers for processing via secure, encrypted connections.
AI providers process this data in accordance with their respective API terms of service and data processing agreements.
We use AI services solely for the purpose of extracting structured data from your invoices — your data is not used for any other purpose by us.
Your uploaded invoices are not used by the AI provider to train or improve their general-purpose models when processed through commercial API endpoints.
Extracted data is stored in our database. Original files are processed securely and handled according to our data retention policies.
You can request deletion of all your data at any time (see Section 10, Your Rights).

9. Payment Data & Security

We use industry-leading, PCI DSS-compliant payment processors to handle all billing operations. Key information about payment data handling:

We never store, process, or have access to your full credit card numbers, CVV codes, or complete bank account details on our servers.
All payment card data is handled by PCI DSS Level 1 certified processors — the highest level of payment security certification.
We store only transaction references, subscription identifiers, plan information, payment status, and anonymized payment method references.
Incoming payment event notifications are cryptographically verified to prevent tampering.
Billing information (transaction history, subscription status) is retained as described in Section 6.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

10.1 For All Users

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete personal data.
Deletion: Request deletion of your personal data (subject to legal retention requirements).
Data Portability: Request your data in a structured, commonly used, machine-readable format.
Withdraw Consent: Withdraw consent for data processing where consent is the legal basis.
Opt-Out of Marketing: Unsubscribe from marketing communications at any time via the unsubscribe link in emails or by contacting us.

10.2 Additional Rights for EEA/UK Residents (GDPR)

Right to restrict processing of your personal data
Right to object to processing based on legitimate interests
Right to lodge a complaint with your local data protection authority
Right not to be subject to solely automated decision-making, including profiling

10.3 Additional Rights for California Residents (CCPA)

Right to know what personal information is collected, used, and shared
Right to delete personal information held by us and by extension our service providers
Right to opt out of the sale of personal information (note: we do not sell personal information)
Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, please contact us using the details in Section 15. We will respond to your request within 30 days (or as required by applicable law).

11. Data Security

We implement industry-standard security measures to protect your data, including but not limited to:

Encryption of all data in transit via TLS/SSL (HTTPS)
Secure password hashing with salted encryption algorithms
Token-based authentication with secure session management
Rate limiting to prevent abuse and protect service availability
Database encryption and automated backups
Regular security reviews and vulnerability assessments
Access controls and role-based permissions for internal systems
Cryptographic verification of incoming payment events

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

12. International Data Transfers

Your data may be processed in countries outside your country of residence, including the United States, where our servers and service providers are located. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Service provider agreements that require equivalent data protection standards

13. Children's Privacy

The Service is designed for business use and is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take prompt steps to delete such information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

Posting the updated policy on this page with a revised "Last Updated" date
Sending an email notification to the address associated with your account for significant changes

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Emailsupport@invoscope.com

Websitewww.invoscope.com