Privacy Policy

Invotory ("we", "us", "our") operates the Invotory platform at invotory.com. This Privacy Policy describes how we collect, use, store, and share information when you use our invoicing and inventory management service.

By creating an account or using Invotory, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the service.

We collect information you provide directly and information generated through your use of the service:

• Account information: name, email address, and password (stored as a secure hash).
• Business information: business name, address, tax registration numbers, logo, default currency, and business settings.
• Operational data: customers, suppliers, products, inventory movements, invoices, payments, expenses, quotes, purchase orders, and related records you create.
• Usage data: login timestamps, features accessed, and actions performed (audit logs) for security and accountability.
• Payment information: billing details processed by our payment provider (Lemon Squeezy). We do not store your full credit card number.
• AI feature data: prompts and responses when you use AI-assisted features. We do not use your business data to train AI models.

We use your information to:

• Provide, operate, and maintain the Invotory service.
• Process transactions and send transactional notifications (invoice emails, payment confirmations, team invitations).
• Enforce role-based access control and workspace security.
• Monitor for abuse, enforce plan limits, and maintain system integrity.
• Communicate with you about your account, service updates, and support requests.

We use trusted third-party providers to operate Invotory. These providers process data only as instructed by us:

• Supabase (database hosting, authentication, and file storage): data stored in secure cloud infrastructure.
• Vercel (application hosting and delivery): serves the application with global edge caching.
• Lemon Squeezy (payment processing): handles subscription billing and payment method storage.
• Amazon Web Services / AWS Bedrock (AI features): processes AI prompts without retaining your data for model training.

We implement appropriate technical and organizational measures to protect your data:

• All data in transit is encrypted with TLS. Data at rest is encrypted by our infrastructure providers.
• Business data is isolated by workspace using database-level row-level security (RLS). Users in one workspace cannot access another workspace's data.
• Authentication uses secure session tokens. Passwords are hashed and never stored in plain text.
• Access to internal systems is restricted and auditable. Sensitive operations are logged.

We retain your data for as long as your account is active or as needed to provide the service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law (for example, financial records required under Jordanian tax regulations).

Audit logs and financial records may be retained longer to comply with legal and regulatory obligations.

You have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: request that we correct inaccurate or incomplete data.
• Deletion: request deletion of your account and personal data, subject to legal retention requirements.
• Export: download your business data in standard formats (CSV) from within the application.

Invotory uses essential cookies required for authentication and session management. These are strictly necessary for the service to function and cannot be disabled.

We may use analytics tools in the future to understand how the service is used. If we do, we will update this policy and provide appropriate notice.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of Invotory after changes are posted constitutes your acceptance of the updated policy.

For questions about this Privacy Policy, data requests, or privacy concerns, contact us at privacy@invotory.com or info@invotory.com.