Privacy Policy

Last updated: January 15, 2025

Learn how ExoInvoice protects and handles your data

Quick Summary

ExoInvoice processes your business invoices to help automate your workflow. We encrypt your data, never sell it to third parties, and only use it to provide our services. Your invoice data may be processed by third-party AI services for extraction purposes but is not stored or used for training by these services. You can export or delete your data anytime.

1. Information We Collect

Account Information

  • Contact Details: Name, email address, phone number, company name
  • Billing Information: Billing address, payment method details (processed securely by Stripe)
  • Profile Information: User preferences, account settings, plan type

Invoice and Business Data

  • Vendor Invoices: PDF files, images, and scanned documents you upload or email to us
  • Customer Information: Names, addresses, contact details for invoice matching
  • Financial Data: Invoice amounts, line items, PO numbers, markup rules
  • Generated Invoices: Customer invoices created through our platform

Usage Information

  • Activity Logs: Actions you take on the platform (uploads, edits, exports)
  • Performance Data: Processing times, error logs for troubleshooting
  • Feature Usage: Which features you use to improve our service

2. How We Use Your Information

Service Delivery

  • Process and extract data from your vendor invoices using AI technology
  • Match invoices to your customers using your configured rules
  • Apply markup rules and generate customer invoices
  • Send invoice processing notifications
  • Provide customer support and respond to inquiries

Platform Improvement

  • Analyze usage patterns to improve features
  • Fix bugs and improve performance
  • Develop new features based on user needs
  • Train and improve our AI models (using anonymized, aggregated data only)

Business Operations

  • Process payments and manage subscriptions
  • Send service announcements and updates
  • Comply with legal obligations

3. Data Security and Protection

Encryption

  • All data is encrypted in transit using TLS 1.3
  • Data at rest is encrypted using AES-256
  • Encryption keys are regularly rotated

Access Controls

  • Role-based access control for your team
  • Multi-factor authentication available
  • Regular security training for our staff
  • Strict access logging and monitoring

Infrastructure Security

  • Hosted on secure cloud infrastructure (AWS)
  • Regular security audits and penetration testing
  • Automated backup and disaster recovery
  • 24/7 security monitoring

4. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information or business data to third parties.

Service Providers

We share data only with trusted service providers who help us deliver our services:

  • Payment Processing: Stripe (for payment processing)
  • Cloud Hosting: AWS/Google Cloud (for secure data storage)
  • Email Services: SendGrid/AWS SES (for transactional emails)
  • Analytics: Privacy-focused analytics tools
  • AI Processing: We may use third-party AI language models (LLMs) to process and extract data from invoices. Invoice data may be sent to external AI services for processing but is not stored or used for training by these services. The data is processed transiently and deleted after processing.

Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights or property
  • Prevent fraud or security issues
  • Protect the safety of any person

5. Your Data Rights

Access and Control

  • View Your Data: Access all your data through the dashboard
  • Update Information: Edit your profile and settings anytime
  • Export Data: Download your invoices and data in CSV format
  • Delete Data: Request deletion of specific invoices or your entire account

Data Portability

  • Export all your invoices in standard formats (CSV, PDF)
  • Transfer your data to other services
  • No vendor lock-in - your data is always yours

Account Deletion

  • Request account deletion at any time
  • We'll delete your data within 30 days
  • Some data may be retained for legal compliance
  • Deletion is permanent and cannot be reversed

6. Data Retention

  • Active Accounts: Data retained while account is active
  • After Cancellation: Data retained for 90 days for reactivation
  • Backups: Backup data may be retained for up to 180 days
  • Legal Requirements: Some data retained as required by law

7. Cookies and Tracking

Essential Cookies

  • Authentication and security
  • User preferences and settings
  • Session management

Analytics Cookies

  • Usage patterns to improve service
  • Feature adoption tracking
  • Performance monitoring

You can control cookies through your browser settings, though some features may not work properly without them.

8. International Data Transfers

Your data may be processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers.

9. Children's Privacy

ExoInvoice is not intended for use by individuals under 18 years old. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We'll notify you of significant changes via email or dashboard notification. Your continued use of the service after changes constitutes acceptance.

11. Contact Us

For privacy-related questions or concerns:

Your Privacy Matters

We're committed to protecting your privacy and giving you control over your data. If you have any questions or concerns, please don't hesitate to reach out.

Contact Privacy TeamView Terms of Service
Privacy Policy - ExoInvoice | ExoInvoice