Legal
Privacy
Policy
Effective 25 May 2026. This Policy explains the personal data we collect, how we use it, who we share it with, how long we keep it, and your rights.
Related: Terms and Conditions · Sub-processors
1. About this Policy
This Privacy Policy explains how Invofolio ("we", "us", or "Invofolio") collects, uses, stores, shares, transfers, and protects personal data when you use the Invofolio service (the "Service"). It supplements, and should be read together with, our Terms and Conditions at /terms and our Sub-processor list at /sub-processors. Invofolio is currently operated by an individual sole operator based in the Hong Kong Special Administrative Region; references to "we" or "us" mean that operator and any contractors or successors authorised to operate the Service.
2. Scope
This Policy applies to personal data we process about (a) visitors to invofolio.com and related marketing pages, (b) registered users of the Service ("Users"), and (c) recipients of invoices, quotations, public share links, or emails generated through the Service by a User ("Invoice Recipients"). For Invoice Recipients, the relevant User is the data controller of the information that User enters into the Service; we act as a processor on that User’s behalf for that information.
3. Personal Data We Collect
We collect the following categories of personal data: (a) Account data: name, email address, password hash (if applicable), authentication provider identifiers (such as Google sub), email verification status, timestamps, IP address, and basic device or browser metadata. (b) Workspace data: business profile, logo, bank or payment instruction details, default currency and language, custom fields, and project numbering settings. (c) Business records you enter: client names, contact details, addresses, billing defaults, invoice and quotation line items, totals, taxes, dates, notes, attachments, payment records, and any content you add to your workspace. (d) Public share data: tokens, hashes, view metadata, and access logs related to public invoice share links. (e) Billing data: Stripe customer and subscription identifiers, plan, billing status, currency, and event metadata. We do not store full payment card numbers; payment card data is collected and stored by Stripe. (f) Support and communication data: email subject and body, attachments, and metadata of messages you send to support or product feedback channels. (g) Usage and diagnostic data: feature interactions, server logs, error reports, request metadata, audit-trail events, and security telemetry necessary to operate, secure, and improve the Service. (h) Cookies and similar technologies: as described in Section 11.
4. How We Use Personal Data
We process personal data for the following purposes: (a) to provide, operate, maintain, and support the Service; (b) to create and authenticate your account, recover your password, and protect against unauthorised access; (c) to bill you, manage subscriptions, and process refunds; (d) to render invoices, quotations, PDFs, and public share pages you create; (e) to generate audit trails, security logs, and incident telemetry needed to detect, investigate, and respond to incidents; (f) to communicate with you about the Service, including transactional emails, security notices, billing notices, and material changes to terms or policies; (g) to respond to support requests and product feedback; (h) to debug, test, and improve the Service, including reproducing reported bugs; (i) to comply with legal obligations, court orders, regulator requests, and lawful sanctions screening; and (j) to enforce our Terms and protect the Service, our users, and third parties.
5. Legal Bases (where applicable)
Where mandatory data protection law applies and requires us to identify a legal basis for processing, we rely on: (a) performance of a contract with you (to provide the Service); (b) our legitimate interests (to secure, operate, debug, and improve the Service, and to prevent abuse), balanced against your rights; (c) compliance with a legal obligation; and (d) your consent, where consent is required (for example, for non-essential cookies). Note: as set out in our Terms, the Service is not currently offered to residents of the European Economic Area, the United Kingdom, or Switzerland. References to GDPR or UK GDPR concepts in this Policy are provided as a general standard of practice and do not constitute a representation that the Service is GDPR-compliant for EEA, UK, or Swiss users.
6. Sharing and Sub-processors
We share personal data with the third-party sub-processors listed at /sub-processors, who help us operate the Service (hosting, database, authentication, payment processing, email delivery, and PDF rendering). Operational logs, error logs, and security telemetry are handled through the hosting and database providers listed there; we do not currently use a dedicated third-party monitoring vendor. We require sub-processors to provide reasonable safeguards consistent with their published terms. We may also disclose personal data: (a) to comply with law, court order, or lawful request by a regulator or law enforcement; (b) to enforce our Terms or protect the rights, property, or safety of Invofolio, our users, or others; (c) to a successor entity in the event of a merger, acquisition, reorganisation, bankruptcy, asset sale, or similar transaction; or (d) with your direction or consent. We do not sell personal data.
7. International Transfers
The Service is hosted on infrastructure that may store and process personal data outside Hong Kong, including in the United States and other regions where our sub-processors operate. We rely on the contractual protections and security commitments published by those sub-processors. By using the Service, you understand that personal data may be transferred to and processed in jurisdictions whose data protection laws may differ from those of your country of residence.
8. Data Retention
We retain personal data only for as long as reasonably necessary for the purposes for which it was collected, including for ongoing service delivery, security, audit, dispute resolution, and to meet legal, tax, accounting, and regulatory obligations. Indicative retention periods: (a) workspace data (invoices, quotations, clients, payment records): retained while your account is active and for a reasonable period after closure to allow recovery, dispute resolution, and legal compliance; (b) audit trail and security logs: typically retained for up to 24 months; (c) billing and Stripe records: typically retained for at least 7 years for tax and accounting compliance; (d) support emails: typically retained for 7 years; (e) backups: retained on a rolling basis according to sub-processor backup schedules. After the retention period, personal data is deleted, anonymised, or archived in a manner appropriate to its sensitivity.
9. Security
We apply commercially reasonable technical and organisational measures designed to protect personal data, including transport-layer encryption (TLS), encryption of public share tokens at rest, hashed passwords (where applicable) via our authentication provider, scoped database access, audit trails, security logging, access control on the codebase and infrastructure, and dependency vulnerability monitoring. However, as set out in our Terms, no system is, or can be, guaranteed to be completely secure, uninterrupted, error-free, or free of vulnerabilities. You are responsible for keeping your account credentials, devices, and sessions secure and for notifying us promptly of any suspected compromise.
10. Your Rights
Subject to applicable law, you may have the following rights regarding your personal data: (a) right of access (to a copy of the personal data we hold about you); (b) right to correction of inaccurate or incomplete personal data; (c) right to deletion of personal data, subject to our retention obligations; (d) right to data portability (to receive a machine-readable copy of personal data you provided to us); (e) right to object to or restrict certain processing; and (f) right to withdraw consent where processing is based on consent (without affecting prior processing). To exercise these rights, contact us using the channels in Section 14. We may need to verify your identity before responding. We aim to respond within a reasonable period and in any event within any timeframe required by mandatory applicable law. If you believe we have not handled your personal data properly, you may also lodge a complaint with the Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD).
11. Cookies and Similar Technologies
We use a limited number of cookies and similar technologies that are strictly necessary to operate the Service, including: (a) authenticated session cookies provided by our authentication framework; and (b) cookies or related mechanisms used for cross-site request forgery (CSRF) protection. We may also collect aggregated, cookieless product analytics through our hosting provider to understand overall Service usage and detect abuse. When we run paid search advertising, we may use Google Ads tags to measure whether advertising traffic leads to important website or product actions, such as account creation. Where consent is required by mandatory applicable law, we will request it. You can control cookies through your browser settings, but disabling strictly necessary cookies will prevent the Service from functioning.
12. Children
The Service is not directed at children. We do not knowingly collect personal data from children under the age of 16. If you believe a child has provided personal data to us, please contact us and we will take reasonable steps to delete it.
13. Changes to this Policy
We may update this Privacy Policy from time to time. The updated version will be posted at /privacy with a new effective date. Material changes will be communicated by reasonable means, which may include in-app notice or email to your account email. Your continued use of the Service after an update takes effect constitutes acknowledgement of the updated Policy.
14. Contact
For privacy questions, data subject requests, sub-processor questions, or to report a privacy concern, please contact us through the contact channel at /contact and mark your message "Privacy". For suspected security vulnerabilities or data exposure, please use the same channel and mark your message "Security". We will use reasonable efforts to acknowledge your request and respond within a reasonable period.