Legal

Privacy Policy

Last updated:  ·  Effective:

FreeInvoiceNow ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what data we collect, how we use it, your rights under the General Data Protection Regulation (GDPR) and other applicable laws, and how to contact us.

1. Data Controller

FreeInvoiceNow operates this service. For the purposes of the GDPR (EU) 2016/679 and the UK GDPR, FreeInvoiceNow is the data controller responsible for your personal data.

FreeInvoiceNow

Email: privacy@freeinvoicenow.com

Website: freeinvoicenow.com

2. Data We Collect

We collect the following categories of personal data:

2.1 Account Data

When you register for an account, we collect your email address, display name, and a hashed password. This is necessary to authenticate you and provide access to your saved invoices.

2.2 Invoice & Business Data

We store the invoice content you create — including your business name, address, contact information, client names, addresses, line items, amounts, and any notes you add. This data is yours; we process it solely to provide the invoicing service.

2.3 Client Data

If you use our client management feature, we store your clients' names, email addresses, postal addresses, and phone numbers on your behalf. You are the controller of this data; we act as a data processor.

2.4 Usage & Technical Data

We automatically collect certain technical data including your IP address (truncated where possible), browser type, device type, operating system, referring URLs, and page-level interaction events (e.g. pages visited, features used). This is used to improve the service and detect abuse.

2.5 Communications

If you contact us via the contact form or email, we store your name, email address, and the contents of your message to respond to your enquiry.

2.6 Guest Mode

If you use our guest invoice builder without registering, we do not link your invoice to any account. A session identifier may be stored temporarily in your browser. No account-level personal data is collected.

4. How We Use Your Data

We use the data we collect to:

  • Provide, operate, and improve the FreeInvoiceNow service;
  • Authenticate you and keep your account secure;
  • Generate and store PDF invoices on your behalf;
  • Send transactional emails (e.g., email confirmation, password reset) — we do not send marketing emails without your explicit opt-in;
  • Detect, investigate, and prevent fraudulent activity and abuse;
  • Comply with our legal obligations;
  • Respond to your support requests and enquiries.

We do not sell, rent, or trade your personal data to any third party. We do not use your invoice or client data for any purpose other than providing the service to you.

5. Third-Party Services

We use a limited set of trusted sub-processors to operate the service:

Sub-ProcessorPurposeLocationPrivacy Policy
Supabase Inc.Database, authentication, and file storageUS (AWS us-east-1)supabase.com/privacy
Google LLCreCAPTCHA v3 (bot/spam prevention on auth forms)USpolicies.google.com/privacy

Each sub-processor is contractually bound to protect your data and process it only on our instructions. Data transfers to the US are covered by Standard Contractual Clauses (SCCs) and/or the EU–US Data Privacy Framework where applicable.

6. Data Retention

We retain personal data only for as long as necessary:

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion unless we are required by law to retain it longer.
  • Invoice & client data: Retained while your account is active and for up to 30 days after account deletion.
  • Server logs: Retained for up to 90 days for security and debugging purposes.
  • Support communications: Retained for up to 3 years to assist with follow-up enquiries.

You can request immediate deletion of your account and associated data at any time (see Your Rights below).

7. International Transfers

FreeInvoiceNow stores data on infrastructure operated by Supabase Inc. in the United States (AWS us-east-1 region). Where personal data is transferred from the European Economic Area (EEA) or the United Kingdom to a third country, we ensure an adequate level of protection is in place through one or more of the following:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • The EU–US Data Privacy Framework (where the recipient is certified);
  • The UK International Data Transfer Agreement (IDTA).

8. Your Rights

Under the GDPR (and equivalent laws in the UK, Switzerland, and other jurisdictions), you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): You can request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16 GDPR): You can correct inaccurate or incomplete personal data. Most data can be updated directly in your account settings.
  • Right to erasure (Art. 17 GDPR): You can request deletion of your personal data ("right to be forgotten"). You can delete your account via the settings page or by contacting us.
  • Right to restriction (Art. 18 GDPR): You can ask us to restrict processing of your data in certain circumstances.
  • Right to data portability (Art. 20 GDPR): You can request your data in a structured, machine-readable format (JSON or CSV).
  • Right to object (Art. 21 GDPR): You can object to processing based on legitimate interests. You also have an unconditional right to object to direct marketing.
  • Rights related to automated decision-making (Art. 22 GDPR): We do not make decisions about you based solely on automated processing that have legal or similarly significant effects.
  • Right to withdraw consent: Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at privacy@freeinvoicenow.com. We will respond within 30 days. We may request proof of identity before processing your request.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with your local supervisory authority — for example, the ICO (UK) or your EU Member State's data protection authority.

9. Security

We implement industry-standard security measures to protect your personal data, including:

  • TLS/HTTPS encryption for all data in transit;
  • Encryption at rest for database storage;
  • Row-level security (RLS) policies so users can only access their own data;
  • Google reCAPTCHA v3 on authentication forms to prevent automated attacks;
  • HTTP security headers (HSTS, CSP, X-Frame-Options, etc.);
  • Access controls limiting employee access to production data.

No system can be completely secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by Art. 33–34 GDPR.

10. Children's Privacy

FreeInvoiceNow is a business tool intended for users aged 16 and over (or the minimum age for digital consent in your jurisdiction). We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify registered users by email or in-app notice at least 14 days before the changes take effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

12. Contact & DPO

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us:

Privacy enquiries

Email: privacy@freeinvoicenow.com

General contact: hi@freeinvoicenow.com