Privacy Policy

Last updated: June 30, 2026

1. Overview

InvoiceEcho ("we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, why we collect it, and how we handle it when you use InvoiceEcho at invoiceecho.com (the "Service").

2. Information We Collect

Account dataWhen you sign up, we collect your email address and a hashed password. We do not store your password in plain text.
Invoice dataWe store the invoices you create, including client names, email addresses, line items, amounts, and due dates. This data is necessary to operate the Service.
Waitlist dataIf you join our waitlist, we collect only your email address. It is used solely to notify you when early access opens.
Usage dataWe may collect anonymised usage data (page views, feature usage) to improve the product. We do not sell this data.

3. How We Use Your Data

  • To provide and operate the Service (invoicing, automated follow-up emails)
  • To send transactional emails on your behalf to your clients via Resend
  • To send you product updates and early-access notifications (you can opt out at any time)
  • To detect and prevent fraud or abuse
We never sell your personal data or your clients' data to third parties.

4. Data Storage & Security

Your data is stored in Supabase (PostgreSQL), hosted on AWS infrastructure in the US. We use industry-standard encryption in transit (TLS) and at rest. Access to production data is restricted to authorised personnel only.

5. Third-Party Services

We use the following sub-processors to operate the Service:
  • Supabase — authentication and database
  • Resend — transactional email delivery
  • Vercel — hosting and edge functions
Each sub-processor has its own privacy policy and data handling obligations.

6. Your Rights

Depending on your location, you may have the right to:
  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Export your data in a portable format
  • Withdraw consent at any time
To exercise any of these rights, email us at privacy@invoiceecho.com.

7. Data Retention

We retain your account and invoice data for as long as your account is active. If you delete your account, your data is permanently removed within 30 days, except where we are required by law to retain it.

8. Cookies

We use only strictly necessary cookies for authentication (session tokens). We do not use tracking cookies or third-party advertising cookies.

9. Children

The Service is not directed at anyone under the age of 18. We do not knowingly collect personal data from minors.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or a notice on the site. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

Questions about this policy? Reach us at privacy@invoiceecho.com.