Legal

Privacy Policy

Last updated: June 17, 2026

We are committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information.

1. Introduction

Invios ("we", "us", or "our") operates the invoicing platform at invios.online. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our Service. We are committed to protecting your privacy and complying with applicable data protection laws, including UAE Federal Law No. 45 of 2021 on Personal Data Protection.

2. Information We Collect

Account information: When you register, we collect your name, email address, and password hash.

Business information: Information you provide for invoicing, including business name, address, Tax Registration Number (TRN), bank details, logo, and branding assets.

Client data: Names, email addresses, and contact details of your clients that you enter into the platform.

Document data: Invoices, quotations, line items, and financial records you create through the Service.

Payment data: Billing and subscription information processed by our payment processor, Creem. We do not store full card numbers — Creem handles all sensitive payment data.

Usage data: Log data such as IP address, browser type, pages visited, and timestamps, collected automatically for security and performance purposes.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process payments and manage your subscription
  • Send transactional emails (invoice reminders, password resets, billing notifications)
  • Respond to support requests and communicate with you
  • Monitor for fraud and ensure platform security
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data for advertising purposes.

4. Data Storage and Security

Your data is stored on Supabase infrastructure, which uses PostgreSQL databases with row-level security. All data is encrypted in transit via TLS 1.2+ and at rest using AES-256 encryption. File assets (logos, signatures, documents) are stored in access-controlled cloud storage.

We implement industry-standard security measures and conduct regular security reviews. However, no system is completely secure — we encourage you to use a strong, unique password for your account.

5. Third-Party Services

We use the following third-party services to operate Invios:

  • Supabase — database, authentication, and file storage
  • Creem — payment processing and subscription management
  • Resend — transactional email delivery
  • Vercel — application hosting and deployment

Each provider processes data in accordance with their own privacy policies and applicable data protection regulations. We only share the minimum information necessary for each provider to perform their function.

6. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update or correct inaccurate data via your account settings
  • Deletion: Request deletion of your account and associated data from your account settings page. We will delete your data within 30 days, except where retention is required by law
  • Portability: Export your invoice and client data using the CSV export feature
  • Objection: Object to certain uses of your data by contacting us

To exercise any of these rights, contact us at privacy@invios.online.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will permanently delete your personal data within 30 days, except for data we are required to retain for legal or tax compliance purposes (typically up to 7 years for financial records under UAE law).

8. Cookies

We use strictly necessary cookies to maintain your session and authentication state. We do not use tracking cookies, third-party analytics cookies, or advertising cookies. You can control cookies through your browser settings, but disabling session cookies will prevent you from signing in.

9. Children's Privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. The date at the top of this policy reflects when it was last revised.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us at privacy@invios.online.

Privacy Policy — Invios | Invios