Privacy Policy

1. Overview

Invoira (referred to as "we", "us", or "our") is committed to protecting the privacy of your personal and business data. This Privacy Policy explains how we collect, hold, use, and disclose personal and business-related information in accordance with the Australian Privacy Principles (APPs) established under the Privacy Act 1988 (Cth) (the Privacy Act).

By registering for an account, accessing our services, or interacting with our client portal, you consent to the collection, storage, and processing of your details as described in this policy.

2. Information We Collect

We collect personal and business information necessary to run our SaaS invoicing system, including:

• Account Details: Your full name, account email address, password hashes, and user roles.
• Business Profile Data: Business name, ABN, trading name, contact phone, website, physical billing address, bank account details (BSB and Account number), PayID, custom logos, and slogans.
• Customer Details: Saved client names, emails, phones, ABNs, and billing addresses.
• Transactional Data: Invoices, item descriptions, totals, GST breakdowns, payments, and estimates/quotes.

3. Cookies & Analytics

We utilize cookies to maintain active user sessions, track auth parameters (via HttpOnly cookies), and improve user experience.

• Session Cookies: Temporarily store authentication parameters so you do not have to re-enter credentials while navigating the dashboard.
• Analytics: We may use third-party analytics services (such as Google Analytics) to gather aggregated, anonymous usage metrics like page loads and button clicks. These help us improve usability.

4. Data Storage & Security

All application data, customer profiles, and generated invoices are securely stored in databases hosted within high-security data centers (primarily using local Australian AWS or Supabase regions).

We employ bank-grade security protocols:

• Encryption of passwords using the industry-standard `bcrypt` algorithm.
• Database traffic encrypted in transit via SSL/TLS.
• Separate tenant scopes ensuring a business user can never access or query another business's tables.

5. Third-Party Disclosures

We do not sell, rent, or trade your personal or business data to third parties for marketing purposes. We only share details with trusted service providers who help us deliver the SaaS product:

• SMTP Email Services: To transmit invoice PDF files to your clients.
• Payment Gateways (Future): If you choose to integrate Stripe or PayPal, transaction data is transmitted securely to their platforms.

6. Account Security Responsibilities

While we apply strict security measures to protect database records, you are responsible for maintaining the confidentiality of your login email and password credentials. Let us know immediately if you suspect any unauthorized access to your workspace.

7. Your Rights (Access & Correction)

Under the Australian Privacy Principles, you have the right to request access to the personal information we hold about you and ask us to correct any inaccuracies. You can review, update, or edit your account and business details at any time by logging into the settings panel. If you wish to delete your account entirely, you can do so by contacting us.