Privacy Policy
We collect what is necessary. Nothing more.
BaseInvoice is designed so that invoice files never leave your browser. This policy explains what data we do collect, why, how long we keep it, and your rights under the GDPR.
Last updated: 20 June 2026
What we collect
We collect the minimum necessary to operate the service:
- Email address — when you create an account or subscribe. Required for authentication, seat invites, and subscription management.
- Subscription status and tier — stored as a signed cookie on your device. We record which plan you are on.
- Anonymous usage events — file format opened, features used (validate, fix, convert), error class encountered. Events never include invoice content, amounts, or counterparty names. Collected via PostHog (EU Cloud).
- Server logs — standard logs containing IP addresses and request paths, auto-deleted after 90 days.
- Billing data — handled entirely by Stripe. We receive only a Stripe customer ID and subscription status; we never see card numbers or bank details.
What we do not collect
We do not collect, store, or transmit invoice file content, supplier names, buyer names, invoice amounts, VAT numbers, or any other data contained in your invoice files. Your invoice data is processed in your browser and never sent to our servers.
Legal basis for processing (GDPR Art. 6)
We rely on the following legal bases:
- Contract (Art. 6(1)(b)) — processing your email address, subscription tier, and seat assignments is necessary to provide the paid service.
- Legitimate interests (Art. 6(1)(f)) — anonymous usage analytics help us improve the product. These events contain no personal data and present no risk to your rights.
- Legal obligation (Art. 6(1)(c)) — retaining billing records as required by applicable tax law.
Data retention
We retain data for as long as necessary:
- Account email and subscription status: retained while your account is active, then deleted within 90 days of account closure.
- Anonymous usage events: retained for 12 months in PostHog, then automatically deleted.
- Server logs (IP): retained for 90 days, then deleted.
- Billing records: retained for 7 years as required by Ontario/Canadian tax law.
International transfers
BaseInvoice is operated from Canada, which the European Commission has recognised as providing an adequate level of data protection (EC Decision 2002/2/EC, renewed). Stripe (US-based) processes billing data under Standard Contractual Clauses. PostHog EU Cloud stores data exclusively in the EU.
Cookies and local storage
We use a single signed, HTTP-only cookie to store your entitlement status (tier and expiry). We do not use advertising cookies. PostHog uses local storage (not cookies) for session continuity. You can clear this at any time via your browser's developer tools.
Sub-processors
| Sub-processor | Purpose | Location |
|---|---|---|
| Stripe | Payment processing, subscription management | USA (SCC) |
| PostHog EU Cloud | Anonymous product analytics | EU (Frankfurt) |
| Vercel | Application hosting, edge network | USA/EU (SCC) |
| Resend | Transactional email (seat invites, account recovery) | USA (SCC) |
Your rights under the GDPR
- Access — you can request a copy of the personal data we hold about you.
- Rectification — you can ask us to correct inaccurate data.
- Erasure — you can ask us to delete your account and personal data.
- Portability — you can request your data in a machine-readable format.
- Objection — you can object to processing based on legitimate interests.
- Lodge a complaint — you have the right to complain to your national supervisory authority (e.g., the Dutch AP, the German DSK, or the French CNIL).
Contact
To exercise your rights or ask any privacy question, email us at:
privacy@baseinvoice.euFor more on the security architecture, see our Security page.