Privacy Policy
Last updated: March 15, 2026
1. Who we are
euinvoice.app is operated by sapplify, based in Slovakia (EU). We are the data controller for personal data processed through this service.
For privacy inquiries, contact us at: privacy@sapplify.com
2. What data we collect
Anonymous users (no account)
If you use euinvoice.app without creating an account, no personal data is sent to our servers. PDF invoices are generated entirely in your browser. The invoice data you enter never leaves your device.
We collect anonymous, aggregated usage statistics and error reports through our own analytics infrastructure (see section 5). No third-party trackers are used.
Account holders (free account)
When you create an account, we store the following in our database:
- Email address - for authentication (magic link sign-in)
- Supplier profile - company name, address, city, ZIP, country, tax IDs (e.g. ICO, DIC, IC DPH), IBAN, BIC, phone, website
- Saved invoices - invoice data including supplier/client details, line items, amounts, and notes
E-invoicing date alerts (optional)
If you opt in to "notify me when my country's e-invoicing dates change" on the e-invoicing checker, we store your email address, the country you subscribed for, your language, and timestamps of your consent and confirmation (double opt-in). We use this exclusively to email you when that country's mandate dates actually change - no newsletter, no marketing. Every email contains a one-click unsubscribe link; unsubscribing stops all emails immediately. Emails are delivered via Resend (see section 4).
3. Why we collect it
| Data | Purpose | Legal basis |
|---|---|---|
| Account creation and sign-in | Contract performance (Art. 6(1)(b) GDPR) | |
| Supplier profile | Auto-fill invoice details | Contract performance (Art. 6(1)(b) GDPR) |
| Saved invoices | Invoice history and duplication | Contract performance (Art. 6(1)(b) GDPR) |
| Anonymous analytics | Improve the service | Legitimate interest (Art. 6(1)(f) GDPR) |
| Error reports | Detect and fix bugs | Legitimate interest (Art. 6(1)(f) GDPR) |
| Payment data (Pro subscribers) | Process subscription payments via Stripe | Contract performance (Art. 6(1)(b) GDPR) |
4. Sub-processors
We use the following third-party services to operate euinvoice.app:
| Service | Purpose | Location |
|---|---|---|
| Supabase | Authentication, database, and analytics/error storage | EU |
| Vercel | Website hosting | EU/US (SCCs in place) |
| Stripe | Payment processing for Pro subscriptions (name, email, payment method) | EU/US (SCCs in place) |
Data Processing Agreements (DPAs) are in place with all sub-processors. Where data may be transferred outside the EU (Vercel, Stripe), EU Standard Contractual Clauses (SCCs) apply as the transfer mechanism under Art. 46(2)(c) GDPR.
5. Analytics and cookies
We collect anonymous usage statistics through our own analytics infrastructure(Sapplify, hosted on Supabase in the EU). No third-party trackers, no cookies, no fingerprinting. We store: anonymous device ID (a UUID generated in your browser), session ID (per tab), page path, coarse device type, referrer host, and event names like "invoice_downloaded". We never store IP addresses or full user agents. Do Not Track is honored — when enabled, no data is sent.
We collect error reports through the same infrastructure. When an error occurs, we record the error message, stack trace, route, and browser type. This is used solely to detect and fix bugs. No invoice data, personal details, or financial information is sent.
euinvoice.app does not use cookies. Authentication tokens are stored in your browser's localStorage, which is strictly necessary for the service to function. No cookie consent banner is required.
6. Data retention
- Account data is retained as long as your account is active.
- Saved invoices are retained as long as your account is active.
- When you delete your account, all personal data and invoices are permanently deleted within 30 days.
- Anonymous analytics data is retained indefinitely (no personal data involved).
- E-invoicing date-alert subscriptions are retained until you unsubscribe; unconfirmed sign-ups expire after 7 days and are never emailed again.
7. Your rights (GDPR)
As an EU resident, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data ("right to be forgotten")
- Export your data (data portability)
- Restrict processing of your data
- Object to processing based on legitimate interest
To exercise any of these rights, email privacy@sapplify.com. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority. In Slovakia, this is the Office for Personal Data Protection of the Slovak Republic.
8. Security
We protect your data using industry-standard measures including encryption in transit (TLS), row-level security policies on our database, and secure authentication via magic links (no passwords stored).
9. Children
euinvoice.app is a business tool and is not intended for use by anyone under 16 years of age.
10. Changes to this policy
We may update this privacy policy from time to time. Significant changes will be communicated via email to account holders. The latest version is always available at this URL.