1. What We Collect

We collect only what's necessary to provide the Service:

• Account info: email address, password (hashed), business name
• Invoice data: client details, invoice content, payment records
• Usage data: basic server logs (IP address, browser type, pages visited)

2. What We Don't Collect

• We don't use third-party analytics or tracking scripts
• We don't collect payment/credit card information
• We don't sell or share your data with anyone

3. How We Use Your Data

Your data is used solely to provide and improve InvoiceKit. We use your email to send invoices on your behalf and for essential account communications.

4. Data Storage

Your data is stored on secure servers. We use encrypted connections (SSL/TLS) for all data in transit.

5. Your Rights (GDPR)

If you're in the EU/EEA, you have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and all associated data
• Export your data in a portable format
• Object to processing of your data

To exercise these rights, contact us here.

6. Cookies

We use a single session cookie for authentication. No tracking cookies, no advertising cookies.

7. Third Parties

We don't share your data with third parties. If we ever integrate third-party services, we'll update this policy and notify you.

8. Data Retention

We keep your data as long as your account is active. If you delete your account, we'll remove your data within 30 days.

9. Changes

We may update this policy. Significant changes will be communicated via email or a notice on the site.

10. Contact

Questions about privacy? Contact us here.