This Privacy Policy explains how Facturi ("we", "us", or "our"), operated at facturi.net, collects, uses, stores, and protects your personal data when you use our invoicing platform. By using Facturi, you agree to the practices described in this policy.

1. Who We Are

Facturi is an online invoicing and billing platform for freelancers and small businesses. We process personal data as both a data controller (for your account information) and data processor (when you store client data in our platform).

For data protection enquiries, contact us at: privacy@facturi.net

2. Data We Collect

Account data

  • Name, email address, and password (hashed — never stored in plain text)
  • Company name, address, and tax identification numbers
  • Profile picture (optional)
  • Subscription plan and billing history

Invoice and client data

  • Client names, email addresses, postal addresses, and tax numbers you enter
  • Invoice line items, amounts, and payment statuses
  • Products and services you configure in your catalog

Usage and technical data

  • IP address and approximate geographic location
  • Browser type, operating system, and device type
  • Pages visited, features used, and session duration
  • Error logs and crash reports

Payment data

We use Stripe to process payments. We never see or store your full card number. Stripe handles all payment card data under PCI-DSS compliance. We store only the last four digits, card brand, and expiry date returned by Stripe for display purposes.

3. How We Use Your Data

  • Provide the service — generate, send, and track your invoices; manage clients and products; process recurring billing
  • Account management — authenticate your identity, send password resets, and manage team permissions
  • Billing — charge your subscription via Stripe, send receipts, and handle refunds
  • Support — respond to enquiries, diagnose issues, and improve the platform
  • Security — detect fraud, prevent abuse, and audit access logs
  • Legal compliance — retain records as required by applicable tax and accounting regulations
  • Analytics — understand aggregate usage patterns to improve the product (anonymised where possible)

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, we process your data under the following legal bases:

  • Contract performance — to provide the Facturi service you subscribed to
  • Legitimate interests — to detect fraud, improve the platform, and communicate service updates
  • Legal obligation — to comply with tax, accounting, and regulatory requirements
  • Consent — for optional marketing emails (you can withdraw consent at any time)

5. Data Sharing and Third Parties

We share your data only with service providers necessary to operate Facturi:

  • Stripe — payment processing (Stripe Privacy Policy)
  • Hosting provider — cloud infrastructure where application data is stored and served
  • Email delivery — transactional email delivery (invoice emails, notifications)
  • Analytics — anonymised usage statistics (Google Analytics with IP anonymisation enabled)

All third-party providers are contractually bound to process your data only for the stated purpose and in accordance with applicable data protection laws.

6. Data Retention

  • Active accounts — data is retained for as long as your account is active
  • Closed accounts — personal account data is deleted within 90 days of account closure, unless legal retention obligations apply
  • Invoice records — may be retained for up to 7 years to comply with tax and accounting regulations in applicable jurisdictions
  • Backups — encrypted backups are purged on a rolling 30-day cycle

7. Security

We implement the following technical and organisational measures to protect your data:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • RSA-2048 digital signatures on all invoices (tamper-proof audit trail)
  • bcrypt password hashing — passwords are never stored in plain text
  • Role-based access controls limiting employee access to personal data
  • Regular security audits and penetration testing
  • Two-factor authentication available for all accounts

8. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations
  • Portability — receive your data in a machine-readable format (JSON or CSV export)
  • Restriction — request that we restrict processing of your data in certain circumstances
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — for any processing based on consent, at any time

To exercise any of these rights, email privacy@facturi.net. We will respond within 30 days.

9. Cookies

We use the following types of cookies:

  • Essential cookies — required for login sessions and CSRF protection. Cannot be disabled.
  • Preference cookies — remember your language selection and UI preferences
  • Analytics cookies — Google Analytics to understand aggregate usage (IP anonymised)

You can disable non-essential cookies in your browser settings. This may affect some functionality.

10. International Data Transfers

Our servers are located in the European Union. If you access Facturi from outside the EU, your data may be transferred to and processed in the EU. All such transfers comply with GDPR Chapter V requirements.

11. Children's Privacy

Facturi is intended for business use by adults. We do not knowingly collect personal data from anyone under the age of 16. If you believe a minor has provided us with their data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Continued use of Facturi after changes are posted constitutes acceptance of the updated policy.

13. Contact

For any privacy-related questions or requests:

If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority.