Privacy Policy

1. Introduction

Finvo ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoice generation service (the "Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when using the Service:

Account Information: Email address, password, and account preferences
Billing Information: Payment method details, billing address, and transaction history (processed securely through Stripe)
Invoice Data: Business information, client details, line items, and other data you submit for invoice generation
Organization Information: Company name, address, logo, and tax identification numbers
Communications: Support requests, feedback, and correspondence with us

2.2 Information Collected Automatically

When you access the Service, we automatically collect:

Usage Data: API calls, features used, timestamps, and interaction patterns
Device Information: IP address, browser type, operating system, and device identifiers
Log Data: Server logs, error reports, and performance metrics
Cookies: Session cookies for authentication and preferences (see Section 7)

3. How We Use Your Information

We use the collected information for the following purposes:

Service Provision: To operate, maintain, and improve the Service
Invoice Generation: To create and deliver invoices based on your submitted data
Account Management: To manage your account, process payments, and provide customer support
Communication: To send service-related notices, updates, and promotional materials (with your consent)
Security: To detect, prevent, and address fraud, abuse, and security issues
Analytics: To analyze usage patterns and improve user experience
Legal Compliance: To comply with applicable laws, regulations, and legal processes

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party vendors who perform services on our behalf:

Payment Processing: Stripe processes payments securely; we do not store full credit card numbers
Cloud Infrastructure: Data is stored on secure cloud servers
Email Delivery: Third-party services deliver invoice emails on your behalf
Analytics: Aggregated, anonymized data may be shared with analytics providers

4.2 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or government request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership.

5. Data Security

We implement industry-standard security measures to protect your information:

Encryption of data in transit (TLS/SSL) and at rest
Secure authentication and API key management
Regular security audits and vulnerability assessments
Access controls limiting employee access to personal data
Secure password hashing using industry-standard algorithms

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:

Account Data: Retained while your account is active and for a reasonable period thereafter
Invoice Data: Retained according to your subscription plan and applicable tax/legal requirements
Usage Logs: Retained for up to 90 days for security and troubleshooting purposes
Billing Records: Retained as required by tax and accounting regulations

Upon account deletion, we will delete or anonymize your personal data within 30 days, except as required by law.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Essential Cookies: Required for authentication and security (session management, CSRF protection)
Preference Cookies: Remember your settings and preferences
Analytics Cookies: Help us understand how users interact with the Service

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal data (subject to legal retention requirements)
Portability: Request your data in a structured, machine-readable format
Objection: Object to certain processing activities
Withdrawal of Consent: Withdraw consent for processing based on consent
Opt-Out: Unsubscribe from marketing communications at any time

To exercise these rights, contact us using the information in Section 13. We will respond to requests within 30 days.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to the United States and other countries where we operate. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date and, for significant changes, by sending an email notification or displaying a prominent notice on the Service. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at the email address associated with your account or through our website.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request information about the categories and specific pieces of personal information we collect
Right to Delete: Request deletion of your personal information
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
Right to Opt-Out: We do not sell personal information, so this right does not apply

To exercise your CCPA rights, contact us using the information above.

15. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

The legal bases for processing your data include: contract performance, legitimate interests, consent, and legal obligations
You have the right to lodge a complaint with a supervisory authority in your country of residence
You may exercise the rights described in Section 8 by contacting us