iinvoicely

Privacy Policy

Last updated: 1 May 2026

This Privacy Policy explains how invoicely (“we”, “us”, “our”) collects, uses, shares, and protects your personal data when you use our website and services. We comply with the Digital Personal Data Protection Act 2023 (the “DPDP Act”) and other applicable Indian laws.

1. Who is the data fiduciary

For the purposes of the DPDP Act, invoicely is the “Data Fiduciary” for personal data we process about you. Our contact details are at the bottom of this page.

2. What we collect

You give us

  • Account data — your name, email address, and (via Clerk) any social login identifiers you choose;
  • Business profile — your business name, address, GSTIN, PAN, phone number, profession, invoice-number prefix, logo, and signature image (if uploaded);
  • Payment-method details — UPI IDs, bank account numbers, IFSC codes, PayPal/Wise handles, custom payment links — these are stored to display on your invoices;
  • Client data — names, email addresses, phone numbers, GSTINs, billing addresses, and payment terms of clients you bill;
  • Invoice content — line items, descriptions, amounts, taxes, discounts, notes, terms, and reminders that you create or send.

We collect automatically

  • Auth + session data — managed by Clerk: user-agent, IP address, timestamps, login attempts;
  • Usage logs — pages visited, errors encountered, feature usage, retained for up to 30 days for diagnostics;
  • Email delivery events — Resend reports back to us when an invoice or reminder email is delivered, opened, clicked, or bounced. We attach this to the relevant invoice for your visibility.

What we do not collect

  • Card or banking credentials. We never see your client’s card, UPI PIN, or bank-login credentials. We never receive your client’s payment.
  • Sensitive personal data as defined under the SPDI Rules — we don’t ask for biometric, health, or financial-credential information.

3. Why we use your data

  • To create your account and authenticate you on each visit;
  • To generate and send invoices and reminders on your behalf;
  • To produce GST-compliant PDFs and store them for your retrieval;
  • To run automated reminder sequences (day 3, 7, 14, 30) until an invoice is paid or cancelled;
  • To process subscription payments and upgrade your account;
  • To provide customer support and reply to your enquiries;
  • To detect, prevent, and investigate fraud or abuse of the Service;
  • To comply with legal obligations including tax-record retention.

Our legal basis under the DPDP Act is your consent (given when you sign up) and the legitimate purposes of providing the Service you have requested.

4. Who we share data with

We share data only with service providers who help us operate the Service, and only the minimum required for them to perform their function. Each provider has its own security and privacy commitments:

  • Clerk — authentication, session management, user identifiers;
  • Neon — managed Postgres database hosting your account, business, client, and invoice data;
  • Cloudflare R2 — object storage for generated PDFs, your logo, and your signature image;
  • Resend — sends invoice and reminder emails to your clients on your behalf, and reports delivery events back to us;
  • Razorpay — public IFSC lookup API used when you add a bank payment method (we send the IFSC, get back the bank/branch — no account data is shared);
  • Vercel — application hosting, including server logs.

We do not sell your personal data, and we don’t share it with advertising networks or data brokers.

We may disclose data when required by law, by valid court order, or to protect the rights, safety, or property of invoicely, our users, or the public.

5. International data transfers

Some of our processors store data outside India (typically in the United States or the European Union). When we transfer your data outside India, we rely on standard contractual safeguards and the providers’ own compliance with international data- protection regimes (GDPR, CCPA).

6. How long we keep your data

  • Account & business data — for as long as your account is active.
  • Invoices & related records — for at least eight (8) years after generation, in line with India’s tax-record retention requirements under the GST Act and the Income-tax Act. This applies even after account closure.
  • Email delivery events — retained alongside the invoice or reminder for the same period.
  • Usage logs & diagnostics — up to 30 days, then deleted.

7. Your rights under the DPDP Act

You have the right to:

  • access the personal data we hold about you;
  • correct inaccurate or incomplete data;
  • request erasure of your data, subject to our retention obligations above;
  • withdraw consent for any processing that is based on consent;
  • nominate another individual to exercise your rights in case of incapacity or death;
  • file a grievance with us, and if unresolved, with the Data Protection Board of India.

To exercise any of these rights, email support@invoicely.in with the subject line “Privacy request — <your registered email>”. We respond within 30 days.

8. Security

We use reasonable security practices including:

  • TLS 1.2+ for all data in transit;
  • Encryption at rest for database and object storage (managed by Neon and Cloudflare);
  • Scoped API tokens with least-privilege access;
  • Auth managed by a specialist provider (Clerk) with hardware-backed session signing;
  • Regular dependency updates and vulnerability patching.

No system is 100% secure. If you discover a security issue, please email support@invoicely.in.

9. Cookies

We use only necessary cookies — primarily Clerk’s session cookie to keep you signed in. We do not use advertising or tracking cookies. We may add a privacy-respecting analytics cookie in the future; if we do, this policy will be updated.

10. Children

The Service is not intended for users under 18. We do not knowingly collect data from minors. If you believe we have, please email support@invoicely.in and we will delete the data.

11. Changes to this policy

We may update this Privacy Policy from time to time. Changes that materially affect your rights will be notified by email or in-app notice at least 7 days before they take effect.

12. Contact us

For privacy questions, complaints, or to exercise your DPDP rights, contact our Grievance Officer at support@invoicely.in.