Privacy Policy

TL;DR: If you really care about privacy of your data, use our self-hosted version instead. No cloud is safe. Use the platform is at your own risk.

Effective Date: April 22, 2025
Contact Email: info@InvoiceCopilot.ai
Domain: https://invoicecopilot.ai

InvoiceCopilot ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, and protect your personal data when you use our services at invoicecopilot.ai.

1. What Data We Collect

We collect the following types of data when you use InvoiceCopilot:

• Account Data: Email address, display name, optional avatar image. No passwords are stored.
• Communication Data: Email messages we send for verification, updates, or newsletters.
• Uploaded Files: Invoices, receipts and any other files that you upload, which may contain sensitive personal or financial information.
• Session Metadata: IP address, browser type, and timestamps for session security.
• Service Usage Data: Metadata related to your activity within the platform (e.g. number of uploaded files, AI tokens usage).

2. How We Use Your Data

We use your data to:

• Create and manage your InvoiceCopilot account
• Store and analyze your uploaded files
• Improve your financial organization through AI-powered insights
• Communicate with you about your account and service updates
• Comply with legal obligations

3. AI-Powered Processing

We use external AI services, specifically OpenAI (ChatGPT), to:

• Extract and interpret information from invoices using OCR
• Analyze financial data for better user insights

By using InvoiceCopilot, you consent to the transfer of relevant data to these third-party providers for the purpose of processing. These providers may operate outside the EU, in compliance with appropriate safeguards under GDPR (e.g., SCCs).

3a. Google API Services

InvoiceCopilot uses Google API Services to provide Gmail and Google Drive integration:

• Gmail API: Read-only access to fetch emails with invoice attachments
• Google Drive API: Access to read files from specified folders

When you connect your Google account:

• We request only the minimum permissions necessary (read-only access)
• OAuth tokens are stored encrypted on our servers
• We do not share your Google data with third parties except for AI processing as described above
• You can disconnect your Google account at any time from your dashboard

Google API Services User Data Policy:InvoiceCopilot's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. Cookies and Tracking

InvoiceCopilot does not use tracking cookies or third-party analytics. We only collect aggregate access logs and usage statistics via Cloudflare for infrastructure performance and security.

5. Data Storage and Security

• All data is stored on a private server in Germany where InvoiceCopilot is deployed.
• Files and personal data are stored in an unencrypted form.
• Access to personal data is limited to authorized team members for debugging or support purposes only.

While we strive to maintain reasonable safeguards, no system is completely secure. Use the platform at your own risk.

6. Legal Basis for Processing

We process personal data based on:

• Your consent, which you grant when you create an account or upload data
• Our contractual obligations to provide the services you signed up for

You can withdraw consent at any time by deleting your account or contacting us directly.

7. Data Retention

We retain your data:

• As long as your account remains active
• Until you request deletion

Once deleted, your data is removed from our systems, though some residual logs may remain for a short time due to backups or operational needs.

8. Your Rights (under GDPR and similar laws)

As a user, you have the right to:

• Access and review your personal data
• Correct or update inaccurate information
• Download a full backup of your data
• Request permanent deletion of your account and associated data
• Object to certain forms of processing
• Lodge a complaint with a data protection authority

To exercise your rights, contact us at info@InvoiceCopilot.ai.

9. Children's Privacy

InvoiceCopilot is not intended for users under the age of 18. We do not knowingly collect or store data from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page with an updated "Effective Date." We encourage you to review the policy periodically.