YI
YourInvoice
← Back to site

Privacy Policy

Last updated: 11 July 2026

This is a starting template, not legal advice. Have it reviewed by a data-protection professional and replace every highlighted placeholder. If you handle personal data of UK/EU individuals you have obligations under the UK GDPR and Data Protection Act 2018.

This Privacy Policy explains how [Operator legal name] ("we", "us", "our") collects and uses personal data when you use YourInvoice (the "Service"). We are the data controller for the account and usage data described below. For the customer and invoice data you enter into the Service, you are the controller and we act as your processor.

1. Data we collect

  • Account data: username, email address, and any company details you provide.
  • Content you enter: your customers' details, invoices, line items and settings.
  • Payment data: subscriptions are handled by Stripe. We receive limited billing metadata (such as customer and subscription identifiers) but we do not store your card details.
  • Technical & security data: IP address, timestamps, and security/audit logs used to protect the Service.

2. How we use it

  • To provide, operate and support the Service and your account.
  • To process payments and manage subscriptions.
  • To secure the Service, prevent abuse and fraud, and keep audit logs.
  • To communicate with you about your account (e.g. email verification, service notices).
  • To comply with legal obligations.

3. Legal bases

We rely on: performance of our contract with you (to provide the Service and billing); our legitimate interests (to secure and improve the Service and prevent abuse); your consent where required; and compliance with legal obligations.

4. Sharing & processors

We do not sell your personal data. We share it only with service providers who process it on our behalf, including:

  • Cloudflare — hosting, database and bot protection (Turnstile).
  • Stripe — payment processing.
  • Resend — sending verification and account emails.

We may also disclose data where required by law or to protect our rights.

5. International transfers

Some providers may process data outside the UK/EEA. Where they do, appropriate safeguards (such as UK/EU standard contractual clauses) are relied upon.

6. Retention

We keep account and content data for as long as your account is active and as needed to provide the Service, then delete or anonymise it within a reasonable period, unless we must retain it to meet legal obligations. You can export your data at any time from the Service.

7. Your rights

Subject to applicable law, you have the right to access, correct, delete, restrict or object to processing of your personal data, and to data portability. To exercise these rights contact us at [Contact email]. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

8. Security

We use technical and organisational measures to protect your data, including encryption in transit, hashed passwords, signed session tokens, access controls and bot protection. No system is completely secure, so we cannot guarantee absolute security.

9. Cookies & local storage

We use essential browser storage to keep you signed in, and Cloudflare Turnstile for bot protection, which may set essential cookies. We do not use advertising or third-party tracking cookies.

10. Changes

We may update this policy from time to time; the "last updated" date reflects the current version.

11. Contact

For privacy questions or requests: [Contact email].