FoxInvoices

Privacy Policy

Last updated: April 20, 2026

This policy explains what personal data FoxInvoices collects, how we use it, and the choices you have. We keep it short because the service is simple.

What we collect

  • Account data: email address and encrypted password. Provided by you at sign-up.
  • Business data: company details, clients, invoices, quotes, credit notes, services, payment history, uploaded logos. All entered by you.
  • Technical data: basic server logs (IP, user-agent) kept briefly for security and debugging; page analytics through Vercel Analytics and — only if you accept the cookie banner — Google Analytics (anonymised usage data such as pages visited, device type and approximate location).

How we use it

  • To let you create, view, and send invoices.
  • To generate PDFs on demand.
  • To send transactional emails (password resets, magic links, invoice deliveries you initiate).
  • To keep the service running reliably and secure.

We do not sell your data. We do not use it to train AI models. We do not show you ads.

Processors we use

  • Supabase— database & authentication.
  • Vercel— hosting & anonymous analytics.
  • Google Analytics — aggregate traffic analytics on the marketing site and app. May set cookies; does not receive your invoice or client data.
  • Resend — transactional email delivery.

These providers process data on our behalf under their own privacy commitments.

Row-level security

All business data is isolated per account using database-level Row Level Security. Other users cannot read your data — even if they know your user ID.

Your rights

Under GDPR (and similar laws), you can:

  • Access your data — it's all visible in the dashboard.
  • Export your invoices & clients as PDFs/CSV from the dashboard.
  • Correct any inaccurate information by editing it directly.
  • Delete your account and all associated data at any time from the Account page. Deletion is immediate and irreversible.

Data retention

We keep your data as long as your account exists. When you delete your account, all invoices, clients and related records are removed. Short-lived security logs are retained for up to 30 days.

Cookies & consent

We use essential cookies needed to keep you logged in and keep the site secure — these are always on. We also use Google Analytics to measure aggregate site usage.

Google Analytics is loaded with Google Consent Mode v2 and analytics storage is denied by default. On your first visit we show a cookie banner; Google Analytics cookies are only set if you press Accept. If you press Reject (or just close the banner) no analytics cookies are written and no personal analytics data is sent to Google. You can change your mind at any time by clearing your site data, or by blocking the googletagmanager.com domain in your browser — the product will continue to work.

We do not use any advertising or cross-site tracking cookies.

Changes

If we update this policy we'll change the date above and announce material changes inside the app.

Contact

For any privacy question, reach out on the contact page.