Privacy Policy

Invoyage is a personal invoice management application developed by Rafi. This policy explains what data we collect, why we collect it, and how we handle it.

We do not sell your data. We do not run ads. Your data exists solely to provide this service.

• —Account information: Your name and email address, used to create and manage your account.
• —Invoice data: Invoices, line items, amounts, payments, and statuses you create within the app.
• —Customer data: Names, email addresses, and details of your clients that you enter.
• —Uploaded files: Optional logos or profile images, and any PDF or image files you upload to the invoice importer.
• —Session token: A short-lived token stored in a secure HTTP-only cookie that keeps you logged in.

• —To provide, operate, and improve the invoice management service.
• —To send transactional emails: invoice delivery, overdue reminders, password resets, and account notifications.
• —To authenticate you and maintain your session securely.

We do not use your data for marketing, profiling, or any purpose beyond operating this service.

Your data is stored in a PostgreSQL database on the application's own server infrastructure. Uploaded files are stored in the configured object storage (or on the server's disk in self-hosted setups).

All data is transmitted over HTTPS. Session tokens are stored in HTTP-only cookies and are not accessible to client-side scripts.

We use the following services to operate the app:

• —Email delivery: A transactional email provider (Resend or your configured SMTP server). Only the email address and invoice content necessary for delivery are shared.
• —AI import (optional): When you use the AI invoice importer, the file you upload is sent to a third-party AI provider solely to extract invoice fields. It is processed for that request only and is not used to train models. If AI import is not configured, no file leaves the server.

No data is shared with advertising, analytics, or social platforms.

Invoyage sets one cookie: session, which authenticates your requests. It is HTTP-only, Secure, and expires after 7 days. Your theme and density preferences are kept in your browser's local storage, never sent to us. No tracking or advertising cookies are used.

• —Access: All your invoice and customer data is visible in the dashboard at any time.
• —Correction: You can edit your account details and any records you have created.
• —Deletion: You can delete individual records at any time. To request full account deletion, contact us at the address below.
• —Portability: Your invoice data can be exported as PDF, CSV, or JSON at any time.

We retain your data for as long as your account is active. If you request deletion, we will remove your personal data within 30 days.

If we make material changes, we will update the effective date at the top of this page. Continued use after a change constitutes acceptance of the updated policy.

Questions about this policy? Email [email protected].