Privacy Policy

Last updated: June 2026

Summary

InvoiceHub provides an API that validates electronic invoices against the EN 16931 standard. We collect the minimum data needed to run the service and bill for it. We do not sell personal data.

Invoice content you submit

Invoices sent to the validation endpoint are processed in memory to produce a validation report and are not persisted by us as documents. We retain validation metadata only — document format, validity, rule counts, and timing — to operate analytics, usage metering and abuse prevention.

Account data

When you create an account we store your email, company name, hashed credentials (via Supabase Auth), plan tier, and API key metadata. API keys are stored only as a bcrypt hash of the secret plus a non-secret lookup token; we cannot recover your full key after it is shown to you once.

Payments

Billing is handled by Stripe. We store your Stripe customer and subscription identifiers; we do not store card numbers. Stripe’s processing is governed by Stripe’s own privacy policy.

Logs & security

We log request metadata (endpoint, status, response time, IP, user agent) for security, debugging and rate-limiting. Access is restricted and data is encrypted in transit.

Data location & retention

Data is stored with our infrastructure providers (Supabase/Postgres and Vercel). We retain operational logs and validation metadata for as long as needed to run the service and meet legal obligations.

Your rights

Subject to applicable law (including the GDPR), you may request access to, correction of, or deletion of your personal data via our contact form.

Contact

Questions about this policy? Reach us through our contact form.