Privacy

Invoice data and PDFs are processed exclusively in memory and never stored. Temporary conversion files reside in RAM and are deleted immediately after the response.

Stored are only: account data (email), API tokens (hashed only), quota counters and anonymised usage events without personal invoice content. IP addresses are kept solely as a per-day salted hash, never in clear text. Page views are counted cookie-free and server-side (path and per-day salted IP hash only, no user agent, no referrer) — hence no cookie banner is required.

Delete your account (Art. 17 GDPR) any time yourself in the dashboard: this anonymises the account and revokes all tokens.

Prototype — a full privacy policy will follow.