Skip to main content

Privacy Policy

Last updated: 30 March 2026

Coinvoice ("we", "us", "our") operates the coinvoice.app website and service. This policy explains how we collect, use, and protect your information when you use our invoicing platform.

1. Information We Collect

We collect information you provide directly:

  • Account information: name, email address, and authentication credentials when you sign up via Google OAuth.
  • Business information: business name, address, phone number, logo, and tax details you enter during onboarding or in settings.
  • Invoice and financial data: client details, invoice line items, amounts, expenses, time entries, and payment records you create within the app.
  • Uploaded files: receipt images, business logos, and other files you upload to the service.

We also collect information automatically:

  • Usage data: pages visited, features used, and actions taken within the app.
  • Device information: browser type, operating system, and screen resolution.

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Coinvoice service.
  • Process invoices, payments, and financial reports on your behalf.
  • Send transactional emails (invoice delivery, payment confirmations, overdue reminders).
  • Send product updates and announcements (you can opt out at any time).
  • Provide AI-powered features such as voice-to-invoice, expense categorisation, and payment predictions.
  • Detect and prevent fraud or abuse.

3. Data Storage and Security

Your data is stored securely on Convex, our backend platform, with encryption at rest and in transit. Payment processing is handled by Stripe and PayPal. We never store your full credit card or bank account numbers on our servers.

We implement industry-standard security measures including HTTPS encryption, access controls, and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

4. Third-Party Services

We share your information with third-party services only as necessary to operate Coinvoice:

  • Stripe and PayPal: payment processing.
  • Resend: transactional email delivery.
  • Google: authentication (OAuth) and optional contacts import.
  • Anthropic (Claude): AI features (voice parsing, expense categorisation). Data sent to AI services is not used to train models.

We do not sell your personal or business data to third parties.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we remove your personal data within 30 days. We may retain anonymised, aggregated data for analytics purposes.

You can export all your data (invoices, clients, expenses) in CSV and PDF formats at any time from the Reports page, including on the free plan.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Export your data in standard formats (CSV, PDF).
  • Delete your account and associated data from the Settings page.
  • Opt out of non-essential communications.

If you are in the UK or EU, you also have rights under the UK GDPR / EU GDPR including the right to restrict processing and to lodge a complaint with your local data protection authority (the ICO in the UK).

7. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you additional rights regarding your personal information:

  • Right to know: you may request details about the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the third parties we share it with.
  • Right to delete: you may request that we delete your personal information, subject to certain exceptions (e.g. completing a transaction, detecting security incidents, or complying with legal obligations).
  • Right to correct: you may request correction of inaccurate personal information.
  • Right to opt out of sale or sharing: Coinvoice does not sell your personal information and does not share it for cross-context behavioural advertising. No opt-out is required.
  • Right to non-discrimination: we will not discriminate against you for exercising any of these rights.

To exercise these rights, contact us at privacy@coinvoice.app. We will verify your identity before processing your request and respond within 45 days as required by law.

8. International Data Transfers

Coinvoice serves users in both the United Kingdom and the United States. Your data may be processed and stored in the UK, the US, or other countries where our service providers operate. Where data is transferred across borders, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office or the European Commission, and compliance with the UK GDPR and applicable US state privacy laws.

9. Cookies

Coinvoice uses essential cookies for authentication and session management. We do not use advertising or tracking cookies. No cookie consent banner is required because we only use strictly necessary cookies.

10. Children's Privacy

Coinvoice is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by email or by posting a notice in the app. Your continued use of Coinvoice after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this privacy policy or your data, contact us at privacy@coinvoice.app.