← Back to InvoKeeper

Privacy Policy

How we collect, use, and protect your information.

Effective April 25, 2026Last reviewed today

This Privacy Policy describes how InvoKeeper(“we”, “us”) collects, uses, and shares information when you use our website and services (the “Service”).

1. Information We Collect#

We collect information in the following ways:

  • Account information. When you sign up, we collect your email address and a password (handled by Amazon Cognito and never stored as plaintext on our systems). You may also voluntarily provide your name, business name, address, phone numbers, and a logo for use on invoices.
  • Customer / invoice data. We store the invoices, drafts, and client records you create, including names, contact details, line items, totals, and notes you choose to add.
  • Payment information. Subscription payments are processed by Stripe. We never see or store your full card number, CVV, or bank account credentials. We store a Stripe Customer ID, subscription metadata (tier, status, period end), and billing history visible to us through the Stripe Dashboard.
  • Usage information. We log basic request metadata (timestamps, aggregate counts of invoices generated per month) to operate the Service, enforce plan limits, and detect abuse.
  • Technical information. Our servers receive standard request data (IP address, user agent, referrer) for routing, security, and rate-limiting.

2. How We Use Information#

We use the information described above to:

  • Provide, maintain, and improve the Service;
  • Authenticate users and protect accounts;
  • Process subscriptions, payments, and renewals;
  • Enforce our Terms of Service and prevent abuse;
  • Communicate with you about your account, security, billing, and material changes;
  • Comply with legal obligations.

3. How We Share Information#

We do not sell or rent your personal information. We share information only with the service providers we depend on to run the product, and only as needed:

  • Amazon Web Services— hosting (Amplify), database (DynamoDB), file storage (S3), authentication (Cognito).
  • Stripe, Inc.— payment processing and subscription management. Refer to Stripe's privacy policy at stripe.com/privacy.
  • Legal compliance. We may disclose information when required by law, subpoena, or other legal process, or where we believe disclosure is necessary to protect the rights, property, or safety of InvoKeeper, our users, or the public.
  • Business transfers. If InvoKeeper is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4. Data Retention#

We retain account data for as long as your account is active. If you delete your account, we delete or anonymize your personal information within a reasonable period, except where we are required to retain it for legal, tax, or fraud-prevention purposes (typically up to seven (7) years for billing records).

Backups may persist for a limited additional period before being overwritten in the normal course of operations.

5. Security#

We use industry-standard practices to protect your data, including encryption in transit (HTTPS/TLS), encryption at rest for databases and file storage, scoped IAM-based access controls, and secure authentication via Amazon Cognito. No system can be guaranteed 100% secure; you are responsible for choosing a strong password and keeping your credentials confidential.

6. Your Choices & Rights#

  • You can edit or delete your business profile, clients, drafts, and invoices at any time from within the Service.
  • You can cancel your subscription from the billing portal.
  • You may request a copy of the personal information we hold about you, or request its deletion, by emailing support@invokeeper.com.
  • If you are in a jurisdiction with specific privacy rights (e.g., GDPR for the EU/UK, CCPA/CPRA for California), those rights apply to you in addition to the above. Contact us to exercise them.

7. Children#

The Service is not directed to children under 18, and we do not knowingly collect personal information from minors. If you believe a minor has provided us information, contact us and we will delete it.

8. International Transfers#

Our infrastructure is hosted in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed there.

9. Changes to This Policy#

We may update this Privacy Policy from time to time. We will post the updated version with a new effective date. Material changes will be communicated via email or in-product notice.

10. Contact#

Privacy questions or requests: support@invokeeper.com.

Questions about this privacy policy?
support@invokeeper.com
← Back to InvoKeeper