Back to Home

Privacy Policy

Last updated: Loading...

Introduction

At InvoiceFlow ("we", "our", or "us"), we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our invoicing services.

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our service, you agree to the collection and use of information in accordance with this policy.

Data Controller

Company: InvoiceFlow Ltd

Address: 123 Business Street, Suite 100, London, EC1A 1BB, United Kingdom

Email: privacy@invoiceflow.com

Data Protection Officer: dpo@invoiceflow.com

Information We Collect

Personal Information

When you register for an account or use our services, we may collect:

  • Name and contact information (email address, phone number)
  • Business information (company name, address, VAT number)
  • Payment information (processed securely by our payment providers)
  • Profile information and preferences

Business Data

Information related to your invoicing activities:

  • Invoice data (client details, amounts, descriptions)
  • Customer information you input
  • Transaction records and payment history
  • Financial reports and analytics data

Technical Information

Automatically collected when you use our website:

  • IP address and location data
  • Browser type and version
  • Device information and operating system
  • Usage data and website interactions
  • Cookies and similar tracking technologies

How We Use Your Information

Service Provision (Legal Basis: Contract)

  • Create and manage your account
  • Process invoices and payments
  • Provide customer support
  • Deliver our invoicing services

Legitimate Interests

  • Improve our services and user experience
  • Conduct analytics and research
  • Prevent fraud and ensure security
  • Send service-related communications

Consent

  • Send marketing communications (with your consent)
  • Use non-essential cookies
  • Personalize content and advertisements

Legal Compliance

  • Comply with legal obligations
  • Respond to legal requests
  • Maintain records for tax purposes

Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except as described below:

Service Providers

Payment processors, cloud hosting, email services, and analytics providers who assist in our operations.

Legal Requirements

When required by law, court order, or to protect our rights and safety.

Business Transfers

In connection with a merger, acquisition, or sale of assets (with notice to users).

Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • SSL/TLS encryption for data transmission
  • Encrypted data storage
  • Regular security assessments
  • Access controls and authentication
  • Employee training on data protection

Your Rights Under UK GDPR

Right of Access

Request copies of your personal data

Right to Rectification

Correct inaccurate personal data

Right to Erasure

Request deletion of your data

Right to Restrict Processing

Limit how we use your data

Right to Data Portability

Transfer your data to another service

Right to Object

Object to processing based on legitimate interests

Right to Withdraw Consent

Withdraw consent for processing

Right to Complain

Contact the ICO if you have concerns

To exercise any of these rights, please contact us at privacy@invoiceflow.com. We will respond within one month of receiving your request.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Account Data: While your account remains active and for 7 years after closure for legal compliance
  • Invoice Data: 7 years for tax and legal requirements
  • Website Analytics: 26 months maximum
  • Marketing Data: Until you unsubscribe or object

International Data Transfers

Some of our service providers may be located outside the UK/EEA. When we transfer your data internationally, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions by the UK government
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules
  • Certification schemes and codes of conduct

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@invoiceflow.com

Data Protection Officer: dpo@invoiceflow.com

Post: InvoiceFlow Ltd, 123 Business Street, Suite 100, London, EC1A 1BB, UK

Complaints: You have the right to complain to the Information Commissioner's Office (ICO) if you believe we have not handled your personal data properly. Visit ico.org.uk for more information.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically for any changes.