Privacy
Invoice data and PDFs are processed exclusively in memory and never stored. Temporary conversion files reside in RAM and are deleted immediately after the response.
Stored are only: account data (email), API tokens (hashed only), quota counters and anonymised usage events without personal invoice content. IP addresses are kept solely as a per-day salted hash, never in clear text. Page views are counted cookie-free and server-side (path and per-day salted IP hash only, no user agent, no referrer) — hence no cookie banner is required.
Delete your account (Art. 17 GDPR) any time yourself in the dashboard: this anonymises the account and revokes all tokens.
Prototype — a full privacy policy will follow.