Privacy Policy for InvoiceClip
Last updated: 11 June 2025
Thank you for using InvoiceClip ("we," "us," or "our"). This Privacy Policy outlines how we collect, use, and protect your personal and non-personal information when you use our website located at https://invoiceclip.com (the "Website").
By accessing or using the Website, you agree to the terms of this Privacy Policy. If you do not agree with the practices described in this policy, please do not use the Website.
1. Information we collect
When you open an account we ask only for your email address and a password; during checkout Stripe collects your billing details and full card number on its own secure pages, never on ours. When you upload invoices, bills or receipts we store the files and the JSON extracted from them. Our servers also record routine technical data—such as IP address, browser version and cookie identifiers—so the app can function safely. We do not knowingly collect special-category or children's data and we never sell or rent any information you provide.
2. Information from Google API Services
When you use Google Sign-In to create an account or log in, we access certain information from your Google Account in compliance with the Google API Services User Data Policy.
- What we access and why: We request access to your basic profile information (name) and your email address. Your email address is used as a unique identifier for your InvoiceClip account and for essential service-related communications. Your name is used to personalize your experience within the application, such as in your dashboard and account settings.
- How we use it: The data obtained through Google Sign-In is strictly used to provide and improve our app's core, user-facing features. This data is never used for advertising purposes, nor is it ever sold or transferred to third parties like data brokers. Our use fully adheres to the Limited Use requirements outlined in Google's policy.
- How we store it: Your name and email are stored securely alongside your other account data, protected by the security measures outlined in Section 7 of this policy.
3. How we use it
We use your details to authenticate you, process payments, link each document to your account, extract its contents with AI, send essential service e-mails and measure overall performance of the platform. Optional marketing e-mails are sent only if you have opted in and you can opt out at any time. Our legal grounds under the EU & UK GDPR are contract performance, legitimate interest in running a secure service, and compliance with tax and accounting rules. We also analyse anonymised platform usage and infrastructure cost metrics to optimise service performance and costs.
4. AI processing and service partners
AI extraction: To transform an uploaded invoice into searchable text we send the file—over an encrypted, signed link—to Google Gemini Vision. If the confidence score is below a preset threshold we resend it to OpenAI Vision. Both providers act as our processors: they may store the file in encrypted form for up to 30 days only to generate and return the JSON output, after which it is automatically deleted. They must not train their models on your content. Because the servers are located in the United States, transfers rely on the EU-US Data Privacy Framework and Standard Contractual Clauses. You may delete a file or object to further AI processing at any time in your dashboard.
Other partners: Uploaded files are held in an encrypted Google Firebase bucket. Stripe processes all payments on their secure pages, never on ours. These providers act under written agreements that require them to protect your data.
Sub-processors
| Service Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Google Cloud (Gemini Vision) | Primary AI text extraction | United States | EU-US DPF, Standard Contractual Clauses |
| OpenAI (Vision API) | Fallback AI text extraction | United States | EU-US DPF, Standard Contractual Clauses |
| Google Firebase | File storage and database | United States | EU-US DPF, Standard Contractual Clauses |
| Stripe | Payment processing | United States | EU-US DPF, Standard Contractual Clauses |
5. Storage, retention and deletion
Files remain on our servers for 7, 90, 180 or 365 days depending on your plan, after which an automated task erases them. You may delete any file sooner or close your account in the dashboard; when you close your account, all remaining personal data will be immediately deleted except where the law obliges us to keep tax or bookkeeping records for up to seven years. Server logs may be retained for operational purposes as configured in our cloud infrastructure.
6. Cookies
Essential cookies keep you signed in and guard against fraud; they load automatically and are necessary for the service to function properly.
7. Security
All traffic is encrypted with TLS and data at rest is protected with AES-256 on Google Cloud. Access to production systems follows least-privilege rules and we review security controls regularly, yet no online service can guarantee absolute security.
8. Data Sharing and Third Parties
We do not sell, share, or disclose your personal information to any third parties. Your data is kept strictly for use within our product. We also do not allow our employees or contractors to read your file contents or extracted data unless it is required for security purposes (such as investigating abuse), to comply with a legal obligation, or with your explicit consent for support and troubleshooting.
9. Your Rights
You have the right to request deletion of your email and data created using our service. To exercise this right, please contact us using the information provided below.
10. Business transfers
If InvoiceClip is ever sold, merged or otherwise transferred, user data may move to the new owner under the same commitments set out in this notice.
11. Changes to this policy
We may update this document occasionally. Material changes will be announced by e-mail at least fourteen days before they take effect and the "last updated" date will change accordingly.
12. Contact and compliance
InvoiceClip is operated by Golden Nugget Labs LLC. For any privacy questions or to exercise your rights e-mail privacy@invoiceclip.com. While we strive to adhere to best practices in data protection, we recommend consulting with a legal professional to ensure full compliance with all applicable privacy laws and regulations, which may include GDPR, CCPA, or others depending on your user base and operational jurisdictions.