Privacy Policy
Last updated: January 17, 2026
1. Introduction
Finvo ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoice generation service (the "Service").
Please read this Privacy Policy carefully. By using the Service, you consent to the practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
2. Information We Collect
2.1 Information You Provide
We collect information you voluntarily provide when using the Service:
- Account Information: Email address, password, and account preferences
- Billing Information: Payment method details, billing address, and transaction history (processed securely through Stripe)
- Invoice Data: Business information, client details, line items, and other data you submit for invoice generation
- Organization Information: Company name, address, logo, and tax identification numbers
- Communications: Support requests, feedback, and correspondence with us
2.2 Information Collected Automatically
When you access the Service, we automatically collect:
- Usage Data: API calls, features used, timestamps, and interaction patterns
- Device Information: IP address, browser type, operating system, and device identifiers
- Log Data: Server logs, error reports, and performance metrics
- Cookies: Session cookies for authentication and preferences (see Section 7)
3. How We Use Your Information
We use the collected information for the following purposes:
- Service Provision: To operate, maintain, and improve the Service
- Invoice Generation: To create and deliver invoices based on your submitted data
- Account Management: To manage your account, process payments, and provide customer support
- Communication: To send service-related notices, updates, and promotional materials (with your consent)
- Security: To detect, prevent, and address fraud, abuse, and security issues
- Analytics: To analyze usage patterns and improve user experience
- Legal Compliance: To comply with applicable laws, regulations, and legal processes
4. Information Sharing and Disclosure
We do not sell your personal information. We may share your information in the following circumstances:
4.1 Service Providers
We share information with third-party vendors who perform services on our behalf:
- Payment Processing: Stripe processes payments securely; we do not store full credit card numbers
- Cloud Infrastructure: Data is stored on secure cloud servers
- Email Delivery: Third-party services deliver invoice emails on your behalf
- Analytics: Aggregated, anonymized data may be shared with analytics providers
4.2 Legal Requirements
We may disclose your information if required by law, subpoena, court order, or government request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership.
5. Data Security
We implement industry-standard security measures to protect your information:
- Encryption of data in transit (TLS/SSL) and at rest
- Secure authentication and API key management
- Regular security audits and vulnerability assessments
- Access controls limiting employee access to personal data
- Secure password hashing using industry-standard algorithms
However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.
6. Data Retention
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:
- Account Data: Retained while your account is active and for a reasonable period thereafter
- Invoice Data: Retained according to your subscription plan and applicable tax/legal requirements
- Usage Logs: Retained for up to 90 days for security and troubleshooting purposes
- Billing Records: Retained as required by tax and accounting regulations
Upon account deletion, we will delete or anonymize your personal data within 30 days, except as required by law.
7. Cookies and Tracking Technologies
We use cookies and similar technologies to:
- Essential Cookies: Required for authentication and security (session management, CSRF protection)
- Preference Cookies: Remember your settings and preferences
- Analytics Cookies: Help us understand how users interact with the Service
You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.
8. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data (subject to legal retention requirements)
- Portability: Request your data in a structured, machine-readable format
- Objection: Object to certain processing activities
- Withdrawal of Consent: Withdraw consent for processing based on consent
- Opt-Out: Unsubscribe from marketing communications at any time
To exercise these rights, contact us using the information in Section 13. We will respond to requests within 30 days.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to the United States and other countries where we operate. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.
10. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.
11. Third-Party Links
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date and, for significant changes, by sending an email notification or displaying a prominent notice on the Service. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at the email address associated with your account or through our website.
14. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request information about the categories and specific pieces of personal information we collect
- Right to Delete: Request deletion of your personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
- Right to Opt-Out: We do not sell personal information, so this right does not apply
To exercise your CCPA rights, contact us using the information above.
15. European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):
- The legal bases for processing your data include: contract performance, legitimate interests, consent, and legal obligations
- You have the right to lodge a complaint with a supervisory authority in your country of residence
- You may exercise the rights described in Section 8 by contacting us