This Privacy Policy ("Policy") describes how InvoicePing ("we", "us", "our", "Company") collects, uses, processes, stores, and shares your personal information when you use our invoice management platform and related services ("Service"). We are committed to protecting your privacy and ensuring transparency about our data practices in compliance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

1. Data Controller and Contact Information

Data Controller: InvoicePing
Address: Katinų km. 5, Lithuania
Email: emilis@invoiceping.com
Data Protection Officer (if applicable): emilis@invoiceping.com

2. Definitions

"Personal Data" means any information relating to an identified or identifiable natural person.
"Processing" means any operation performed on personal data, including collection, storage, use, and deletion.
"Data Subject" means the individual to whom personal data relates.
"Controller" means the entity that determines the purposes and means of processing personal data.
"Processor" means the entity that processes personal data on behalf of the controller.

3. Information We Collect

a) Account and Profile Information
• Full name, email address, phone number
• Company name, business address, tax identification numbers
• Billing and payment information (processed by third-party payment processors)
• Profile preferences and account settings

b) Client and Business Data
• Contact information of your clients (names, email addresses, phone numbers, addresses)
• Business relationships and transaction history
• Invoice details, payment terms, and financial information
• Communication preferences and history

c) Content and Communications
• Invoice content, descriptions, and attachments
• Email communications and reminder messages
• AI-generated content based on your input data
• Support communications and feedback

d) Technical and Usage Information
• IP addresses, browser type and version, operating system
• Device identifiers and characteristics
• Pages visited, features used, time spent on the Service
• Access times, referring URLs, and exit pages
• Error logs and performance data

e) Cookies and Tracking Technologies
• Authentication tokens and session identifiers
• User preferences and settings
• Analytics and performance cookies
• Security and fraud prevention cookies

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: To provide our services, manage your account, and fulfill our contractual obligations
• Legitimate Interests: To improve our services, ensure security, prevent fraud, and conduct business analytics
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Consent: Where you have provided explicit consent for specific processing activities

5. How We Use Your Information

a) Service Provision
• Creating, managing, and sending invoices and payment reminders
• Processing payments and managing subscriptions
• Providing customer support and technical assistance
• Enabling communication between you and your clients

b) AI-Powered Features
• Generating personalized email content and payment reminders
• Analyzing invoice data to provide intelligent suggestions
• Improving AI models and algorithms (using anonymized data)

c) Platform Improvement
• Analyzing usage patterns to enhance user experience
• Developing new features and functionality
• Conducting research and analytics (using aggregated, anonymized data)

d) Security and Compliance
• Detecting and preventing fraud, abuse, and security threats
• Ensuring compliance with legal and regulatory requirements
• Maintaining system integrity and reliability

e) Communication
• Sending service-related notifications and updates
• Providing important account and billing information
• Marketing communications (with your consent where required)

6. Information Sharing and Third-Party Processors

We do not sell, rent, or trade your personal information. We share data only as described below, and all third-party processors are bound by strict data protection agreements:

a) Artificial Intelligence and Machine Learning Providers
Data shared: Invoice content, client information, payment context (limited to necessary data for content generation)
Purpose: Generating intelligent, contextually appropriate reminder emails and content
Safeguards: Data processing agreements, limited retention, no training on your specific data

b) Payment Processing Services (e.g., Stripe)
Data shared: Billing information, payment details, transaction data
Purpose: Secure payment processing and subscription management
Safeguards: PCI DSS compliance, encryption, limited access

c) Email Delivery Services (e.g., Resend, SendGrid)
Data shared: Email addresses, message content, delivery metadata
Purpose: Reliable delivery of invoices and payment reminders
Safeguards: Encryption in transit, access controls, data retention limits

d) Cloud Infrastructure Providers
Data shared: All service data stored on secure cloud infrastructure
Purpose: Application hosting, data storage, backup, and disaster recovery
Safeguards: SOC 2 compliance, encryption at rest and in transit, physical security

e) Analytics and Monitoring Services
Data shared: Anonymized or pseudonymized usage data, performance metrics
Purpose: Service monitoring, performance optimization, error tracking
Safeguards: Data anonymization, limited retention, access controls

f) Legal and Regulatory Authorities
We may disclose information when required by law, legal process, or to protect our rights and those of our users.

7. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA) or your country of residence. When we transfer personal data internationally, we ensure appropriate safeguards are in place:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules (BCRs)
• Certification schemes and codes of conduct

8. Data Retention and Deletion

a) Retention Periods
• Account data: Retained while your account is active and for 7 years after closure for legal compliance
• Invoice and transaction data: Retained for 7 years for accounting and tax purposes
• Communication logs: Retained for 3 years for support and quality purposes
• Technical logs: Retained for 12 months for security and performance monitoring
• Marketing data: Retained until consent is withdrawn or account deletion

b) Automated Deletion
We implement automated processes to delete personal data when retention periods expire, unless longer retention is required by law.

c) Secure Deletion
When data is deleted, we use secure deletion methods to ensure it cannot be recovered or reconstructed.

9. Security Measures

We implement comprehensive security measures to protect your personal data:

• Encryption: AES-256 encryption at rest and TLS 1.3 for data in transit
• Access Controls: Role-based access, multi-factor authentication, principle of least privilege
• Network Security: Firewalls, intrusion detection, DDoS protection
• Monitoring: 24/7 security monitoring, audit logs, incident response procedures
• Regular Testing: Penetration testing, vulnerability assessments, security audits
• Employee Training: Regular security awareness training and background checks

10. Cookies and Tracking Technologies

a) Types of Cookies We Use
• Essential cookies: Required for basic functionality and security
• Preference cookies: Store your settings and preferences
• Analytics cookies: Help us understand how you use our service
• Marketing cookies: Used for personalized advertising (with consent)

b) Cookie Management
You can manage cookie preferences through your browser settings or our cookie management interface. Note that disabling essential cookies may affect service functionality.

11. Your Privacy Rights

Under GDPR, CCPA, and other applicable privacy laws, you have the following rights:

a) Access Rights
• Right to access your personal data and obtain copies
• Right to information about how your data is processed
• Right to data portability in a structured, commonly used format

b) Correction and Update Rights
• Right to rectify inaccurate or incomplete personal data
• Right to update your account information and preferences

c) Deletion Rights
• Right to erasure ("right to be forgotten") in certain circumstances
• Right to request deletion of your account and associated data

d) Processing Restriction Rights
• Right to restrict processing in specific situations
• Right to object to processing based on legitimate interests
• Right to opt-out of marketing communications

e) Consent Management
• Right to withdraw consent for consent-based processing
• Right to manage cookie and tracking preferences

f) Complaint Rights
• Right to lodge a complaint with supervisory authorities
• Right to judicial remedies for privacy violations

12. How to Exercise Your Rights

To exercise your privacy rights, you can:

• Account Settings: Update or delete certain information through your account dashboard
• Email Request: Contact us at emilis@invoiceping.com with your specific request
• Identity Verification: We may require identity verification to protect your privacy
• Response Time: We will respond to requests within 30 days (or as required by applicable law)
• No Fee: Exercising your rights is generally free, unless requests are excessive or unfounded

13. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify relevant supervisory authorities within 72 hours
• Notify affected individuals without undue delay if high risk is identified
• Provide clear information about the nature and scope of the breach
• Offer guidance on protective measures you can take

14. Children's Privacy

Our Service is not intended for individuals under 18 years of age (or 16 in some jurisdictions). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate consent, we will delete such information promptly.

15. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected and how it's used
• Right to delete personal information (subject to certain exceptions)
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising CCPA rights

16. Marketing and Communications

a) Service Communications
We may send you service-related communications that are necessary for your use of the Service, such as account notifications, security alerts, and billing information.

b) Marketing Communications
We may send marketing communications with your consent. You can opt-out at any time using the unsubscribe link in emails or by contacting us directly.

17. Third-Party Links and Services

Our Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those external services. We encourage you to review the privacy policies of any third-party services you access through our platform.

18. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will:

• Post the updated policy on our website with a new effective date
• Notify you of material changes via email or in-app notification
• Provide at least 30 days' notice for significant changes
• Seek your consent for changes that affect the legal basis for processing

19. Supervisory Authorities

If you have concerns about our data processing practices, you have the right to lodge a complaint with the relevant supervisory authority:

Lithuania (Lead Supervisory Authority):
State Data Protection Inspectorate
Website: https://vdai.lrv.lt/
Email: ada@ada.lt

European Data Protection Board:
Website: https://edpb.europa.eu/

20. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

InvoicePing
Email: emilis@invoiceping.com
Address: Katinų km. 5, Lithuania
Data Protection Officer: emilis@invoiceping.com

We will respond to your inquiries within 30 days or as required by applicable law.

Last updated: July 10, 2025