Data Processing

Last updated: 11 September 2025

This page explains in detail how SendInvoice Ltd (“SendInvoice”, “we”, “our”) processes personal data, our legal bases, retention periods, transfers, and your rights. For the user-friendly summary, see our Privacy Policy. For controller↔processor terms for business customers, see our DPA.

1. Basic Information

Data Controller: SendInvoice Ltd, 123 High Street, London, United Kingdom (example address).

We are not currently required to appoint a Data Protection Officer under GDPR. If that changes, we will notify customers and partners.

Contact: [email protected]

2. Legal Bases for Processing

Performance of a contract — providing and supporting the SendInvoice service.
Legal obligations — accounting, tax, reporting, fraud prevention, regulatory requests.
Legitimate interests — service improvement, security, customer communications, marketing to existing customers.
Consent — where required (e.g., certain cookies/marketing in some regions).

3. What Data We Process & Why

3.1 Categories

Identification: name, company, tax/company ID, date of birth (where needed), IP address.
Contact: email, phone, billing/shipping address.
Financial: billing records, payment metadata (card/bank data held by providers).
Usage: device, browser, interactions, preferences, cookies.
Communications: support messages, survey responses.
Invoice content: customer names/addresses/tax IDs you include in documents.

3.2 Purposes

Account setup, authentication, and customer support.
Document generation: invoices, quotes, receipts.
Billing, payments, refunds, debt collection.
Accounting and tax compliance; audits.
Fraud prevention and security monitoring.
Service analytics and product improvement.
Marketing to existing customers (newsletters, product updates — opt-out anytime).

4. How We Obtain Data

Directly from you (registration, app usage, support).
From contracts/agreements and your uploaded invoice content.

5. Sharing & Processors

We do not sell personal data. We share data only as necessary for the purposes above:

Payment processors (e.g., Stripe/PayPal) to process transactions.
Cloud/IT providers (hosting, storage, backup, email delivery, logging, monitoring).
Professional services (accounting/tax, legal counsel, collections where applicable).
Authorities when required by law (courts, regulators, law enforcement).

All processors are bound by GDPR-compliant agreements and may only process data per our instructions.

6. International Transfers

Where personal data is transferred outside the UK/EU, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) and rely on certified providers (e.g., ISO 27001, SOC 2). See the Privacy Policy for a summary.

7. Retention

We retain personal data for the duration of your contract and for at least 10 years after termination to meet accounting, tax, and legal obligations and to enforce or defend legal claims. Where a shorter mandatory period applies, we follow the shorter statutory period. When the purpose no longer applies, we delete or anonymize data securely.

8. Cookies

We use cookies for core functionality, analytics, and personalization. You can manage cookies in your browser. For details, see our Cookie Policy.

9. Security Measures

Encryption in transit and at rest where applicable.
Access controls, least-privilege and MFA for staff tools.
Audit logging and monitoring.
Backups and disaster recovery procedures.
Vendor due diligence and contractual data protection terms.

10. Your Rights

Subject to applicable law (e.g., GDPR/UK GDPR), you may:

Request access to your personal data.
Request correction of inaccurate or incomplete data.
Request deletion (“right to be forgotten”).
Request restriction of processing or object to processing.
Request data portability.
Lodge a complaint with a supervisory authority.

To exercise your rights, contact [email protected]. We will respond in accordance with legal timelines.

11. Marketing Communications

We may send product updates and newsletters to existing customers. You can opt out at any time using the link in the message or by contacting [email protected].

12. Controller ↔ Processor Terms (DPA)

If you are a business customer and SendInvoice processes your end-customer data on your behalf, our Data Processing Addendum applies. It covers instructions, confidentiality, security, sub-processors, assistance with data subject requests, audits, and data return/deletion on termination.

13. Updates to this Page

We may update this Data Processing page from time to time. We will post changes here and revise the “Last updated” date above. For a summary view, see our Privacy Policy.

Contact

Email: [email protected]
Website: https://www.sendinvoice.net