Privacy Policy

1. Introduction

Politeia Ltd. ("we", "us", "our") operates Invoza ("Service"), a software-as-a-service platform for creating and managing professional quotes and invoices. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and ensuring transparency about our data practices. This policy applies to all users of Invoza and complies with applicable data protection laws, including the General Data Protection Regulation (GDPR).

Data Controller: Politeia Ltd., a company incorporated under Bulgarian law, acts as the data controller for personal information processed through Invoza.

2. Information We Collect

2.1 Account Information

When you create an Invoza account:

• Authentication data (email address, password) is managed by Clerk and not stored in Invoza
• User profile information provided during account setup
• Business information you enter (company name, address, tax ID, website, phone)
• Payment information for paid subscriptions (processed by Stripe via Clerk, not stored by Invoza)

2.2 Business Data

To provide our invoicing service, we collect and store:

• Client information (names, email addresses, phone numbers, addresses, tax IDs)
• Invoice and quote content (line items, descriptions, amounts, dates)
• Document customization preferences (templates, branding, logos)
• Business settings and preferences

2.3 Usage Information

We automatically collect information about how you use Invoza:

• Document creation and modification activities
• Email delivery status and document viewing events
• Login times and access patterns
• Feature usage and interaction data
• Device information (browser type, operating system, IP address)

2.4 Analytics Data

We use Google Analytics to understand how users interact with our Service:

• Page views and user sessions
• Traffic sources and referral information
• Geographic location (country/region level)
• Device and browser information
• User behavior patterns (anonymized)

2.5 Communications

When you contact us, we collect:

• Support requests and correspondence
• Feedback and suggestions
• Any information you provide in communications

3. How We Use Your Information

3.1 Service Provision

We use your information to:

• Create and manage your Invoza account
• Generate professional quotes and invoices
• Send documents to your clients via email
• Track document status and delivery
• Provide customer support and technical assistance
• Manage subscription status and billing information (payment processing handled by Stripe via Clerk)

3.2 Service Improvement

We analyze usage data to:

• Improve our Service features and functionality
• Identify and fix technical issues
• Understand user needs and preferences
• Develop new features and capabilities
• Optimize user experience and interface design

3.3 Legal and Security

We may use your information to:

• Comply with legal obligations and regulations
• Protect against fraud and unauthorized access
• Enforce our Terms and Conditions
• Respond to legal requests and court orders
• Maintain security and integrity of our Service

3.4 Communications

We send only transactional communications, including:

• Account notifications and security alerts
• Service updates and maintenance notices
• Billing and subscription information
• Document delivery confirmations
• Support responses and technical communications

Note: We do not send marketing emails or promotional communications unless explicitly requested by you.

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We share information with trusted service providers who help us operate Invoza:

• Clerk: Authentication and user management services
• Stripe (via Clerk): Payment processing for subscriptions
• Vercel: Cloud hosting and infrastructure services
• Resend: Email delivery services for document sending
• Upstash: Redis database services for background processing
• Google Analytics: Website analytics and usage tracking

These providers are contractually bound to protect your information and use it only for the specific services they provide to us.

4.2 Client Communications

When you send quotes or invoices to your clients, we share the document content and your business information as necessary to deliver the documents. This is done at your direction and is essential to our Service.

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal processes or court orders
• Government investigations or regulatory requests
• Threats to public safety or security
• Protection of our rights and property

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new owner, subject to the same privacy protections outlined in this policy.

4.5 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for marketing or commercial purposes.

5. International Data Transfers

Invoza is operated by Politeia Ltd., a Bulgarian company, but our Service relies on international service providers. Your information may be transferred to and processed in countries outside the European Economic Area (EEA), including:

• United States: Vercel (hosting), Clerk (authentication), Stripe (payments)
• Other jurisdictions: As required by our service providers

When we transfer your information internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for countries with equivalent data protection
• Binding corporate rules and certification schemes
• Service provider contractual obligations for data protection

6. Data Security

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction:

• Encryption: Data transmitted over HTTPS and stored with encryption
• Access Controls: Limited access to personal data on a need-to-know basis
• Infrastructure Security: Secure cloud hosting with enterprise-grade protection
• Authentication: Secure user authentication via Clerk
• Monitoring: Regular security assessments and vulnerability monitoring
• Incident Response: Procedures for detecting and responding to security breaches

While we strive to protect your information, no security system is 100% secure. We encourage you to use strong passwords and enable two-factor authentication when available.

7. Data Retention

7.1 Active Accounts

We retain your information for as long as you maintain an active Invoza account and continue using our Service.

7.2 Inactive Free Accounts

Free tier accounts that remain inactive for 6 months will be automatically deleted, along with all associated data. We will send advance notice before deletion when possible.

7.3 Expired Paid Subscriptions

For Pro and Ultra tier users, account data will be retained for 6 months after subscription expiration, provided the account remains inactive during this period. After 6 months of inactivity following subscription expiration, the account and all data will be permanently deleted.

7.4 Manual Account Deletion

When you request account deletion, all personal data is immediately and permanently removed from our systems, except where retention is required by law.

7.5 Legal Obligations

Some information may be retained longer if required by law, such as for tax records, legal proceedings, or regulatory compliance.

8. Cookies and Tracking Technologies

8.1 Essential Cookies

We use essential cookies that are necessary for our Service to function:

• Authentication and session management
• Security and fraud prevention
• Load balancing and performance optimization
• User preference storage

8.2 Analytics Cookies

We use Google Analytics cookies to understand how users interact with our Service:

• Page views and user journey analysis
• Feature usage and interaction tracking
• Performance monitoring and optimization
• Demographic and interest insights (anonymized)

8.3 Cookie Management

While essential cookies cannot be disabled as they are necessary for our Service to function, you can control analytics cookies through your browser settings. Note that disabling analytics cookies may impact our ability to improve the Service.

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights regarding your personal information:

9.1 Right of Access

You can request a copy of the personal information we hold about you.

9.2 Right of Rectification

You can request correction of inaccurate or incomplete personal information.

9.3 Right of Erasure

You can request deletion of your personal information in certain circumstances.

9.4 Right to Restrict Processing

You can request that we limit the processing of your personal information.

9.5 Right to Data Portability

You can request a copy of your data in a structured, machine-readable format.

9.6 Right to Object

You can object to the processing of your personal information in certain circumstances.

9.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw your consent at any time.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with data protection laws.

9.9 Exercising Your Rights

To exercise any of these rights, please contact us at privacy AT plt.ltd. We will respond to your request within 30 days and may ask you to verify your identity before processing your request.

10. Children's Privacy

Invoza is not intended for use by children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information immediately.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy AT plt.ltd.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify users of material changes via email or in-app notification
• Provide at least 30 days' notice for significant changes
• Post the updated policy on our website

Your continued use of Invoza after any changes indicates your acceptance of the updated Privacy Policy.

12. Legal Basis for Processing

Under GDPR, we process your personal information based on the following legal grounds:

• Contract Performance: To provide our Service as outlined in our Terms and Conditions
• Legitimate Interest: To improve our Service, ensure security, and provide customer support
• Consent: For analytics and optional features where you have provided explicit consent
• Legal Obligation: To comply with applicable laws and regulations

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For urgent privacy matters or data breach concerns, please contact us immediately using the email address above.