Simple, honest privacy policy. No legal jargon, no hidden surprises.
Effective Date: January 22, 2026 | Last Updated: January 23, 2026
Invoice Forge is a productivity tool that helps you create invoices. To make that work, we need to collect some data. Here's the simple breakdown:
What: Email address, name (if you provide it), profile photo (from Google/GitHub)
Why: So you can log in and we can identify your account
Source: You (via OAuth login)
What:
Why: So Invoice Forge can generate invoices with the right information
What: Invoice details (number, date, currency, totals) + Snapshots – frozen copies of sender + customer data at the time you finalize an invoice
Why Snapshots?
Imagine you update your client's address in your database. Without snapshots, your old invoices would show the new address (confusing!). Snapshots keep historical invoices accurate.
Retention: Invoices (including snapshots) are kept as long as you use the service. When you delete your account, everything is permanently removed within 30 days.
Invoice Forge is strictly for users 18 years of age or older. We do not knowingly collect or process personal data from anyone under 18.
If you believe a minor has created an account, please contact us immediately at Invoice Forge <support@invoiceforge.hopko.dev>, and we will delete their data within 72 hours.
Invoice Forge uses one strictly necessary session cookie for authentication purposes only.
next-auth.session-token (or __Secure-next-auth.session-token on HTTPS)By using Invoice Forge, you consent to the use of this strictly necessary cookie. Without it, the Service cannot function.
To run Invoice Forge, we rely on trusted infrastructure providers. Here's a transparent list of who processes your data:
| Service | What They Do | What They See | Location |
|---|---|---|---|
| Vercel | Hosting and serverless functions | Encrypted application data, server logs | USA (with EU edge caching) |
| Neon | Database storage (PostgreSQL) | All user data (encrypted at rest) | USA |
| Auth.js OAuth Providers | Authentication via Google/GitHub | Your email, name, profile photo (authentication only) | USA (Google/GitHub servers) |
All providers comply with GDPR through Standard Contractual Clauses (SCCs) approved by the European Commission.
Your data is private – no one else can see your invoices or customer lists. These processors only handle the technical infrastructure.
Under EU law (GDPR) and Ukrainian data protection law, you have the right to:
Request a copy of everything we store about you.
Fix mistakes in your customer database, sender profiles, etc.
Close your account anytime via Settings → Privacy → Delete Account.
What gets deleted: Everything – your account, invoices, customer database, product catalog. All gone within 30 days.
You can export all your data in JSON format at any time:
Method 1: Go to Settings → Privacy → Export My Data
Method 2: Contact us at Invoice Forge <support@invoiceforge.hopko.dev> and we'll send you a complete data export within 72 hours
Your export will include: customer lists, product catalog, invoices, sender profiles, and all associated metadata.
Ask us to stop using your data (account will be suspended).
You may object to certain types of data processing by contacting Invoice Forge <support@invoiceforge.hopko.dev>. We will cease processing unless we have compelling legitimate grounds.
Response Time: We will respond to all data requests within 30 days (may be extended by 2 months for complex requests, with notification).
Here's exactly how long we keep your data:
| Data Type | Retention Period | |
|---|---|---|
| User account & profile | Deleted 30 days after you close your account | |
| Invoices & snapshots | Deleted with your account (30 days after closure) | |
| Customer/product catalogs | Deleted with your account (or sooner if you delete them manually) | |
| System logs | 90 days (for security and debugging) | true |
| Database backups | Overwritten every 7 days (rolling backups) | true |
| Deleted account data | Fully purged from all systems within 30 days (including backups) | true |
| Authentication session | Expires after 30 days of inactivity or when you log out |
No long-term storage: We don't keep your data after you leave. Export what you need before deleting your account.
If a breach happens: We'll notify you within 72 hours via email (GDPR requirement). We'll also inform relevant supervisory authorities if required by law.
This Privacy Policy is governed by the laws of Ukraine and complies with:
For privacy questions, data requests, or concerns:
EU Supervisory Authority: If you're unhappy with how we handle your data, you can file a complaint with your national data protection authority: List of EU DPAs
Ukrainian Supervisory Authority: Ukrainian Parliament Commissioner for Human Rights
Invoice Forge is a productivity tool, not a tax compliance platform. You are responsible for:
We store your data to help you work faster, not to audit you or file your taxes.
By using Invoice Forge, you confirm:
Last Updated: January 23, 2026
This policy complies with GDPR (EU) 2016/679, Ukrainian Law on Personal Data Protection, ePrivacy Directive, and EU consumer protection laws.