Privacy Policy

Last Updated: January 15, 2025

1. Introduction

Welcome to EasyInvoice Hub ("we," "our," or "us"), a service provided by OUEWAY. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information when you use our invoice generation and management services.

By using EasyInvoice Hub, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

We collect the following types of information to provide our services:

2.1 Account Information

When you sign up, we collect:

  • Email address (required for account creation and authentication)
  • Authentication credentials (handled securely via Supabase Auth)
  • Display name (optional, for team collaboration features)

2.2 Organization and Business Data

Information you enter about your organizations and businesses:

  • Organization name and settings
  • Business profiles: company name, legal name, address, logo, tax ID, registration number, contact details
  • Business default settings (currency, tax rates, payment terms, notes)

2.3 Client Data

Information you enter about your clients for invoicing purposes:

  • Client names, emails, phone numbers, and addresses
  • Company names and tax IDs
  • Any notes or additional information you store about clients

Important: You are responsible for ensuring you have the legal right to collect and store client information in accordance with applicable data protection laws (such as GDPR, CCPA).

2.4 Invoice and Transaction Data

Details of the invoices, receipts, and financial records you create:

  • Invoice numbers, dates, amounts, and line items
  • Payment status and transaction history
  • Revenue reports and analytics data

2.5 Payment Information

If you upgrade to a paid plan:

  • Payment details are collected and processed securely by Stripe, our payment processor
  • We do not store full credit card numbers, CVV codes, or complete payment card information on our servers
  • We store subscription status, billing history, and payment method type (e.g., "card ending in 1234")

2.6 Team Collaboration Data

If you use team features:

  • Organization member information (email addresses, roles, permissions)
  • Audit logs of actions performed by team members
  • Activity history and access records

2.7 Usage and Technical Data

Information about how you access and use our services:

  • Device type, browser information, and IP address
  • Session information and login timestamps
  • Feature usage patterns (for service improvement)

3. How We Use Your Information

We use your information for the following purposes:

  • Service Provision: To provide and maintain the EasyInvoice Hub service, including invoice generation, storage, and management
  • Permanent Storage: To store your invoices and receipts permanently as per our service promise
  • Team Collaboration: To enable team members to access and collaborate on shared organizations and data
  • Financial Calculations: To calculate and display revenue insights, reports, and analytics
  • Payment Processing: To process subscription payments, manage billing, and handle subscription renewals
  • Communication: To send service updates, security alerts, support responses, and important account notifications
  • Security and Fraud Prevention: To detect and prevent fraud, abuse, or unauthorized access to our services
  • Compliance: To comply with legal obligations and respond to lawful requests from authorities
  • Service Improvement: To analyze usage patterns and improve our service features and performance

We do not: Sell your data to third parties, use your invoice data for marketing purposes, or share your client information with advertisers.

4. Data Sharing and Third-Party Services

We share data with trusted third-party service providers solely for the purpose of running our service:

4.1 Supabase

We use Supabase for secure database hosting, user authentication, and data storage. Supabase is GDPR compliant and stores data in secure, encrypted databases. Your data is stored in accordance with Supabase's data processing agreement.

4.2 Stripe

We use Stripe for secure payment processing and subscription management. Stripe is PCI-DSS compliant and handles all payment card data in accordance with industry standards. We only share necessary billing information with Stripe to process payments.

4.3 Team Collaboration

When you are a member of an organization, the organization owner and administrators can access the data within that organization, including invoices, clients, and business information. This is necessary for team collaboration features.

4.4 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Storage and Retention

5.1 Permanent Storage

One of our core features is the permanent storage of your invoices. We retain your business data, client information, and invoice records for as long as your account remains active.

5.2 Account Deletion

If you choose to delete your account via the "Danger Zone" in settings, all your personal data, business profiles, client information, invoices, and associated records will be permanently removed from our active databases within 30 days of your request.

Note: Backups may be retained for a limited period (up to 90 days) as part of our disaster recovery protocols, after which they will be permanently deleted.

5.3 Organization Data

If you are a member of an organization but not the owner, deleting your account will remove your membership but will not delete the organization or its data. Only organization owners can delete entire organizations and all associated data.

5.4 Audit Logs

Audit logs are retained according to your subscription plan:

  • Free Plan: Last 30 days
  • Pro Plan: Up to 3 years
  • Business Plan: Unlimited retention

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (HTTPS/TLS) for all data transmission
  • Encryption at rest for sensitive data stored in our databases
  • Secure authentication via Supabase Auth with password hashing
  • Row-level security (RLS) policies to ensure data isolation between organizations
  • Regular security audits and monitoring
  • Access controls and permission management for team features

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

7. Your Rights (GDPR, CCPA, and Other Privacy Laws)

Depending on your location, you may have the following rights:

7.1 Access and Portability

You have the right to access and export your data. You can download your invoices as PDFs, and you can request a complete export of your data by contacting us.

7.2 Correction

You can update or correct your business and personal information at any time via the Settings page or by contacting us.

7.3 Deletion

You have the right to request deletion of your account and all associated data at any time. You can do this via the account deletion feature in Settings or by contacting us.

7.4 Objection and Restriction

You have the right to object to certain processing of your data or request restriction of processing. Please contact us to exercise these rights.

7.5 Data Portability

You can request a copy of your data in a machine-readable format. We will provide this within 30 days of your request.

To exercise any of these rights, please contact us at support@oueway.com. We will respond to your request within 30 days.

8. Children's Privacy

EasyInvoice Hub is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date at the top of this policy
  • Sending you an email notification (for significant changes)

Your continued use of the service after any changes constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us:

Email: support@oueway.com

Data Protection Officer: Available upon request at the above email address