HomeLegal

Privacy Policy

How Invoice Generator Max collects, uses, stores, and protects your personal data.

Last updated: 2026-04-11

Draft — replace before Paddle submission.

This document is a structural template generated for Paddle application readiness. Replace [bracketed tokens] with your real entity details and have the final text reviewed by qualified legal counsel (or generated via Termly / GetTerms) before publishing.

1. Who We Are

Invoice Generator Max is operated by [Legal Entity Name], a company registered in [Jurisdiction] with its principal place of business at [Business Address]. In this Privacy Policy, “we,” “us,” and “our” refer to this entity.

This policy explains how we collect, use, store, and share your personal data when you use our website and services, in accordance with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Data We Collect

We collect the following categories of personal data:

  • Account data — name, email address, profile image (when you sign in with Google OAuth)
  • Business data — business name, address, email, phone, tax ID, logo, and defaults you provide to populate your invoices
  • Client data — information about your clients that you enter into the Service (names, addresses, contact details)
  • Invoice data — invoices you create, including line items, amounts, dates, and notes
  • Payment data — handled directly by our payment processor (Paddle); we never see or store your card details
  • Technical data — IP address, browser type, device type, operating system, referring URL, and pages visited
  • Usage data — interactions with the Service, collected via Google Analytics when you consent to analytics cookies

3. How We Use Your Data

We use your personal data for the following purposes:

  • Providing, maintaining, and improving the Service
  • Authenticating you and keeping your account secure
  • Generating invoices, reports, and exports you request
  • Processing payments via our payment processor (Paddle)
  • Responding to support requests and communicating with you about the Service
  • Detecting and preventing fraud, abuse, and security incidents
  • Complying with legal obligations and enforcing our Terms of Service
  • Analyzing usage patterns to improve the product (only with your analytics consent)

4. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

  • Contract — to provide the Service you signed up for
  • Legitimate interests — to secure the Service, prevent fraud, and improve the product
  • Consent — for optional analytics cookies and marketing communications (you may withdraw consent at any time)
  • Legal obligation — to comply with tax, accounting, and other legal requirements

5. Third Parties We Share Data With

We share your data only with the following service providers, and only to the extent necessary to provide the Service:

  • Paddle.com Market Limited — payment processing and Merchant of Record for paid subscriptions. Paddle collects and processes your billing details under its own privacy policy.
  • Neon — serverless PostgreSQL database hosting for your account and invoice data
  • Google LLC — OAuth authentication and (with your consent) Google Analytics
  • Vercel Inc. — website and application hosting
  • Email delivery providers, when we send you transactional emails

We do not sell your personal data to anyone, ever.

6. International Transfers

Your data may be processed in countries outside your own, including the United States, the European Union, and the United Kingdom. When we transfer data outside the European Economic Area, we rely on Standard Contractual Clauses or other legally recognized transfer mechanisms to protect your data.

7. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete your data within 30 days, except where retention is required by law (for example, to meet tax or accounting obligations).

Backups containing your data may persist for up to 90 days after deletion before being overwritten.

8. Your Rights

Subject to applicable law, you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing based on legitimate interests
  • Restriction — ask us to limit how we use your data
  • Withdraw consent — where processing is based on consent
  • Lodge a complaint with a supervisory authority in your country

To exercise any of these rights, email us at privacy@invoicegeneratormax.com. We will respond within 30 days.

9. Cookies

We use cookies and similar technologies. Strictly necessary cookies are required for the Service to function (authentication, session management). Analytics cookies are optional and only set with your consent. See our Cookie Policy for details.

10. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Security

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (HTTPS), encryption at rest, access controls, and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service at least 30 days before taking effect.

13. Contact

For any privacy-related questions, contact our Data Protection contact at privacy@invoicegeneratormax.com or write to us at [Business Address].