InvoiceJet

Privacy Policy

Last updated July 10, 2026

This policy describes what InvoiceJet collects, how it is used, and the choices you have. The short version: we collect what the product needs to work, we process your documents only to provide the service, we do not sell your data, and you can delete everything yourself at any time.

What we collect

  • Account data: your email address, display name, and authentication identifiers (including Google account identifiers if you sign in with Google).
  • Documents and extracted data: the invoice files you upload, forward by email, or send via API, and the structured data extracted from them, including your corrections.
  • Vendor records derived from your invoices (names, addresses, contact details printed on the documents).
  • Usage and diagnostics: API request logs (method, path, status, latency), extraction runs and processing steps, webhook delivery logs, and error logs.
  • Emails you forward to your ingest address, including sender information and attachments.

How we use it

  • To run the service: extract data from your documents, store results, and show them to you.
  • To operate the features you configure: webhooks, approval emails, digests, exports, and the API.
  • To enforce quotas and rate limits, prevent abuse, and debug failures.
  • To email you about your account: welcome, quota alerts, and the digests you can switch off in Settings.

We do not sell your data or use it for advertising.

AI processing

Documents are processed by third-party AI models via OpenRouter to perform extraction. We only route to providers under policies that prohibit training on your data, and we send only the document content needed for extraction. Extraction results, including model responses, are stored in your account so you can audit them.

Where your data lives

Data is stored with our hosting subprocessors: Supabase (database, file storage, authentication) and Resend (transactional email and inbound email receiving). Documents are stored in private buckets scoped to your account; access is controlled by row-level security and time-limited signed URLs.

Retention

  • Documents and extracted data: kept until you delete them or your account.
  • API request logs: deleted after 90 days.
  • Idempotency records: deleted after 24 hours.
  • Error and delivery logs: kept for operational debugging and pruned periodically.

Your rights and choices

  • Export: download your invoice data as CSV or JSON from the app at any time.
  • Correction: edit any extracted field in the review screen.
  • Deletion: delete individual invoices, or delete your entire account under Settings, which permanently removes your documents, extracted data, vendors, keys, and logs tied to your account.
  • Email preferences: digests and alerts can be switched off in Settings; account and approval emails are transactional.
  • Depending on where you live (for example the EU/EEA, UK, or California), you may have additional statutory rights; contact us to exercise them.

Security

All traffic is encrypted in transit. API keys are stored only as SHA-256 hashes. Webhook payloads are signed. Documents live in private storage with per-account access rules. No system is perfectly secure; if we learn of a breach affecting your data we will notify you without undue delay.

Changes

We will update this policy as the product changes and notify you of material changes by email or in the app before they take effect.

Questions? Email support@invoicejet.ai. See also the Terms of Service and Privacy Policy.