InvoiceOSSign in

Privacy Policy

Last updated: April 25, 2026

1. Overview

InvoiceOS ("we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights with respect to that data when you use our GST invoice generation platform.

2. Information We Collect

Account Information

When you sign up, we collect your email address and, if you sign in via Google, your name and profile picture as provided by Google OAuth. We store this to identify your account and personalise your experience.

Business & Invoice Data

We store the information you enter into InvoiceOS, including your business name, GSTIN, address, phone number, client details, and all invoice data (line items, amounts, GST rates, payment status). This data belongs to you and is used solely to provide the invoicing service.

Usage Data

We may collect anonymised usage analytics (pages visited, feature usage frequency) to improve the product. This data does not identify you personally.

3. How We Use Your Data

  • To provide and operate the InvoiceOS service
  • To generate and deliver GST-compliant invoices
  • To send transactional emails (magic login links, payment notifications)
  • To calculate and display GST breakdowns accurately
  • To facilitate payment collection via Razorpay
  • To detect and prevent fraud or abuse

4. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information to third parties. We share data only with the following service providers who help us operate InvoiceOS:

  • Supabase— our database and authentication provider. Your account data and invoice data are stored on Supabase's infrastructure. Supabase is SOC 2 compliant and stores data securely.
  • Razorpay— used for processing payments when you create a payment link for an invoice. When a payment link is created, the invoice amount and your business name are shared with Razorpay. Razorpay's own privacy policy governs how they handle payment data.
  • Google — if you sign in with Google, Google shares your email and name with us via OAuth. We do not share data back to Google beyond the OAuth flow.

5. Data Security

All data is transmitted over HTTPS (TLS). We use row-level security (RLS) in our database to ensure that users can only access their own data. Authentication tokens are stored in secure, HTTP-only cookies. We do not store raw payment card data.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data and all associated invoices within 30 days, except where we are required to retain records for legal or tax compliance purposes.

7. Your Rights

You have the right to:

  • Access a copy of the personal data we hold about you
  • Correct any inaccurate data in your account settings
  • Request deletion of your account and associated data
  • Export your invoice data in a portable format

To exercise these rights, email us at privacy@invoiceos.in.

8. Cookies

We use essential cookies to maintain your login session. We do not use advertising or tracking cookies. You can clear cookies via your browser settings, but this will log you out of InvoiceOS.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or by displaying a notice in the application. Continued use of InvoiceOS after changes constitutes your acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy, please contact us at privacy@invoiceos.in.