Legal
Privacy Policy
Effective date: April 27, 2026
1. Introduction
Invoxora ("we", "us", "our") operates the invoxora.com website and the Invoxora invoice processing platform. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our service.
Operator details: Business entity and jurisdiction to be completed before production submission. Privacy requests should be sent to privacy@invoxora.com; product support requests should be sent to support@invoxora.com.
2. Information We Collect
Account Information
When you create an account, we collect your name, email address, and authentication credentials. If you sign in via Google OAuth, we receive your Google profile information.
Invoice Data
When you upload or forward invoices, we process the document content to extract fields such as vendor name, invoice number, dates, line items, amounts, and tax information. The original PDF documents are stored securely.
Usage Data
We automatically collect information about how you interact with our service, including pages visited, features used, invoice processing counts, and error logs for diagnostic purposes.
Payment Information
Payment processing is handled by our payment provider. We do not store credit card numbers or bank account details directly. Creem, our merchant-of-record payment provider, sends us transaction confirmations, refunds, disputes, customer identifiers, and subscription status needed to operate billing.
QuickBooks Online Data
When you connect QuickBooks Online, we store connection metadata, company identifiers, authorized scopes, encrypted OAuth access and refresh tokens, vendor and account reference data, bill sync results, and attachment identifiers needed to complete the customer-approved workflow.
3. How We Use Your Information
- To provide and maintain the Invoxora service, including invoice extraction, review, and QuickBooks synchronization
- To process your transactions and manage your subscription
- To send service-related communications (account confirmations, billing notices, security alerts)
- To improve extraction quality, reliability, and product usability
- To detect and prevent fraud, abuse, or security incidents
- To comply with legal obligations
We do not sell invoice data, customer data, or QuickBooks Online data. We do not use customer invoice content or QuickBooks Online data to train public AI models. Operational quality review is limited to providing and improving the Invoxora service.
4. Data Storage and Security
All data is encrypted at rest and in transit using industry-standard encryption protocols. Invoice documents and extracted data are stored in secure cloud infrastructure with access controls.
We implement organizational and technical measures to protect your data, including role-based access controls, row-level authorization, private object storage, audit logging, encrypted QuickBooks Online OAuth tokens, and regular security reviews. Security reports can be sent to privacy@invoxora.com.
5. QuickBooks Integration
When you connect your QuickBooks Online account, we use OAuth 2.0 to establish a secure connection. We request the accounting scope needed to read vendors and account categories, create customer-approved bills, and attach source documents. We do not request payroll, banking, payments, or tax filing permissions. You can disconnect QuickBooks Online from organization settings, which revokes the Intuit refresh token and disables local sync state.
6. Data Sharing
We do not sell your personal information or invoice data to third parties. We may share data with:
- Service providers — cloud hosting, authentication, storage, payment processing, email delivery, monitoring, and extraction providers that help us operate the platform
- QuickBooks Online — only the approved invoice data you explicitly push via the sync workflow
- Legal authorities — when required by law, court order, or governmental regulation
7. Subprocessors
We use the following subprocessors to provide the service. We review subprocessors for purpose limitation and security posture before production use.
| Provider | Purpose | Location |
|---|---|---|
| Vercel | Application hosting, edge delivery, and web infrastructure | United States / global infrastructure |
| Supabase | Authentication, Postgres database, row-level security, and application records | United States / global infrastructure |
| Cloudflare R2 | Private invoice document and generated preview storage | United States / global infrastructure |
| AWS | Inbound email intake, temporary raw email storage, Lambda, and queue workers | United States / global infrastructure |
| DocStrange | AI document extraction for invoice fields and line items | United States / global infrastructure |
| Creem | Merchant-of-record checkout, subscription billing, refunds, and chargebacks | European Union / global payment infrastructure |
| Resend | Transactional email delivery | United States / global infrastructure |
| Sentry | Error monitoring, diagnostics, and production reliability | United States / global infrastructure |
| Intuit QuickBooks Online | Customer-authorized accounting data sync for approved bills and attachments | United States / global infrastructure |
8. Data Retention
We retain your invoice data and documents for as long as your account is active or as needed to provide services. You may request deletion of your data at any time by contacting us. Upon account deletion, we will remove your personal data and invoice documents within 30 days, except where retention is required by law.
Organization owners can configure document retention controls in the product. Raw inbound email artifacts are kept only for the operational window configured for the production environment.
9. Export, Deletion, and Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Object to or restrict processing of your data
- Request data portability
To exercise these rights, request an export, or request deletion, contact us at privacy@invoxora.com. We aim to acknowledge privacy requests within 5 business days.
10. Cookies
We use essential cookies for authentication and session management. We do not use third-party advertising cookies. Analytics cookies may be used to understand service usage patterns and improve the product.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our website. Your continued use of the service after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
Privacy: privacy@invoxora.com
Support: support@invoxora.com
Intuit and QuickBooks are registered trademarks of Intuit Inc. Used with permission. Invoxora is not affiliated with, endorsed by, or sponsored by Intuit Inc.