Privacy Policy

1. Introduction

BooInvoice ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our invoice generator service at booinvoice.com ("Service").

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, and password when you create an account
• Business Information: Your business name, address, and payment details (PayPal email or bank details) that you enter for invoices
• Client Information: Names, email addresses, and addresses of your clients that you store in the Service
• Invoice Data: Invoice content, amounts, dates, and notes
• Payment Information: Payment transactions are processed by Stripe; we do not store your full credit card details

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, and actions taken within the Service
• Device Information: Browser type, operating system, and device type
• Log Data: IP address, access times, and referring URLs
• Cookies: Session cookies to keep you logged in and remember your preferences

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service, including creating and storing invoices
• Process your subscription payments through Stripe
• Send invoices to your clients on your behalf (Pro feature)
• Communicate with you about your account, updates, or support requests
• Improve and optimize the Service
• Detect and prevent fraud or abuse
• Comply with legal obligations

4. Email Communications to Your Clients

When you use the email invoice feature (Pro plan), we send emails on your behalf from [email protected]. These emails contain:

• Your invoice as a PDF attachment
• Any message you include with the invoice
• Your business details as they appear on the invoice

We do not use your clients' email addresses for any purpose other than delivering invoices you explicitly request to send. We do not add your clients to any mailing lists or send them marketing communications.

5. Data Storage and Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest: Client names, email addresses, physical addresses, and bank account details are encrypted in our database using AES-256-GCM encryption
• Secure password hashing (bcrypt)
• Regular security updates
• Limited access to personal data
• Secure server infrastructure

Your data is stored on secure servers with restricted access. While we take reasonable precautions and use industry-standard encryption, no method of transmission or storage is 100% secure.

6. Data Sharing

We do not sell your personal data. We may share your information with:

• Service Providers: Third parties that help us operate the Service (e.g., Stripe for payments, email delivery services)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we need to retain it for legal or legitimate business purposes.

8. Your Rights (GDPR)

If you are in the UK or EU, you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Request your data in a portable format
• Objection: Object to certain processing of your data
• Restriction: Request limited processing of your data

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

9. Cookies and Analytics

9.1 Essential Cookies

We use essential cookies to:

• Keep you logged into your account
• Remember your preferences
• Maintain security

These cookies are necessary for the Service to function and do not require consent.

9.2 Analytics Cookies (Optional)

With your consent, we use analytics services to understand how visitors use our Service:

• Google Analytics: Collects anonymized data about page views, session duration, device type, and general location (city-level). IP addresses are anonymized. (Google Privacy Policy)
• Microsoft Clarity: Records anonymized session replays, heatmaps, and interaction patterns to help us improve user experience. Sensitive form fields (passwords, emails, addresses) are automatically masked. (Microsoft Privacy Policy)

9.3 What Analytics Tools Collect

When you consent to analytics cookies, these tools may collect:

• Pages you visit and features you use
• How long you spend on each page
• Where you click and scroll
• Your device type, browser, and screen size
• General location (country/city, not exact address)
• Anonymized IP address

9.4 Managing Your Cookie Preferences

You can:

• Accept or decline analytics cookies when you first visit the site
• Change your preference at any time by clicking "Cookie Settings" in the footer
• Disable cookies entirely in your browser settings (may affect functionality)

9.5 Data Retention for Analytics

Analytics data is retained for:

• Google Analytics: 26 months from the date of collection
• Microsoft Clarity: Up to 3 months, depending on our settings

10. Third-Party Services

We use the following third-party services:

• Stripe: For payment processing (Stripe Privacy Policy)
• Hostinger: For email delivery and hosting
• Google Analytics: For website analytics (with your consent) (Google Privacy Policy)
• Microsoft Clarity: For user experience analytics (with your consent) (Microsoft Privacy Policy)

These services have their own privacy policies and data practices. Analytics services are only activated if you accept analytics cookies.

11. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. International Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service or by email. The "Last updated" date at the top indicates when the policy was last revised.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]