Privacy Policy

Summary: Invoice4You is built for UK freelancers and small businesses. We collect only the data we need to run the app, we never sell it, and you can request deletion at any time. This policy explains everything in plain English.

1. Who We Are

SFTWARES LTD ("we", "us", "our") is the data controller responsible for your personal data. We operate the Invoice4You mobile application and website at invoice4you.app.

For any privacy-related questions, contact us at:
Email:
Website: invoice4you.app

2. Data We Collect

We collect the following categories of personal data:

Account data

Full name and email address (when you register)
Password (stored as a secure hash — we never see your plain-text password)
Business type (Sole Trader, Self Employed, or Limited Company)

Business & company data

Company name, address, phone number
Invoice prefix, VAT number, UTR number (if provided)
Bank account details (sort code and account number, stored for your invoice templates)

Invoice and client data

Client names, email addresses, phone numbers, and addresses
Invoice amounts, line items, due dates, and payment status
Notes you add to invoices

Usage data

App interactions and feature usage (aggregated, not tied to individual actions)
Device type and operating system (iOS or Android)
Error logs and crash reports (to fix bugs)

Payment data

If you or your clients use Stripe payment links, payment processing is handled entirely by Stripe. We do not store card numbers or payment credentials. We receive confirmation of whether a payment succeeded or failed.

3. How We Use Your Data

We use your personal data only for the following purposes:

Core To provide the Invoice4You app and its features
Core To create and send invoices on your behalf to your clients
Core To send payment reminder emails to your clients (when you enable this feature)
Core To manage your account, subscription, and billing
Service To send you transactional emails (e.g. password reset, subscription confirmations)
Service To respond to your support requests
Service To fix bugs and improve app performance
Legal To comply with legal and regulatory obligations

We do not use your data for advertising, profiling, or selling to third parties.

4. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

Contract performance — processing necessary to provide the app and services you signed up for
Legitimate interests — improving the app, preventing fraud, and maintaining security
Legal obligation — where we are required to process data by law
Consent — for optional features such as marketing communications (you can withdraw consent at any time)

We share your data only with trusted third-party service providers who help us operate the app. We do not sell your data to anyone.

Stripe — payment processing. When you or your clients use a payment link, Stripe processes the transaction. Stripe is PCI-DSS compliant. Stripe's Privacy Policy

Supabase — database and authentication. Your account data, invoices, clients, and company profiles are stored securely on Supabase's infrastructure. Supabase's Privacy Policy

Resend — email delivery. Invoice emails and payment reminders sent to your clients are delivered via Resend. Resend's Privacy Policy

We may also disclose your data if required to do so by law, court order, or regulatory authority.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

Account data — retained while your account is active and for 30 days after deletion
Invoice and client data — retained while your account is active; deleted 30 days after account closure unless you request earlier deletion
Financial records — we may retain records of subscription payments for up to 7 years to comply with UK tax law
Crash logs and error data — retained for 90 days

When retention periods expire, data is securely deleted or anonymised.

7. Your Rights Under UK GDPR

As a UK resident, you have the following rights regarding your personal data:

Right of access — you can request a copy of all personal data we hold about you
Right to rectification — you can ask us to correct inaccurate or incomplete data
Right to erasure — you can request deletion of your data ("right to be forgotten")
Right to restriction — you can ask us to limit how we process your data
Right to data portability — you can request your data in a machine-readable format
Right to object — you can object to processing based on legitimate interests
Rights related to automated decision-making — we do not make automated decisions that significantly affect you

To exercise any of these rights, contact us at . We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies & Tracking

The Invoice4You website (invoice4you.app) uses minimal cookies:

Session storage — to remember that you have entered the site password during your current browser session. This is not a cookie and is cleared when you close the browser tab.
No tracking cookies — we do not use Google Analytics, Facebook Pixel, or any advertising cookies on this website.
No third-party cookies — we do not allow third parties to set cookies via this website.

The mobile app does not use cookies. It uses device storage (AsyncStorage) to maintain your login session securely on your device.

9. Security

We take the security of your data seriously and implement appropriate technical and organisational measures including:

All data transmitted between the app and our servers is encrypted using HTTPS/TLS
Passwords are hashed using industry-standard algorithms — we never store plain-text passwords
Database access is protected by Row Level Security (RLS) — each user can only access their own data
API keys and credentials are stored securely and never exposed in client-side code
We regularly review and update our security practices

In the event of a data breach that is likely to affect your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware of it, as required by UK GDPR.

10. Children's Privacy

Invoice4You is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at and we will delete it promptly.

11. International Data Transfers

Your data is primarily stored and processed within the UK and European Economic Area (EEA). Some of our third-party service providers (Supabase, Stripe, Resend) may process data in the United States. Where this occurs, appropriate safeguards are in place such as Standard Contractual Clauses (SCCs) approved by the ICO, ensuring your data receives equivalent protection to that required under UK GDPR.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you via the email address associated with your account or through an in-app notification. The "Last updated" date at the top of this page will always reflect the most recent revision.

We encourage you to review this policy periodically. Continued use of Invoice4You after changes take effect constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

SFTWARES LTD
Privacy enquiries:
General support:
Website: invoice4you.app

We aim to respond to all privacy-related requests within 30 days. For complex requests, we may extend this by a further two months and will inform you accordingly.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO):

Information Commissioner's Office
Website: ico.org.uk
Helpline: 0303 123 1113