Invoice Flow

Introduction

This Privacy Policy describes how InvoiceFlow ("we," "our," or "us") collects, uses, and protects your information when you use our cloud-based invoicing and proposal management application. InvoiceFlow is hosted on secure servers maintained by All Web Tech, ensuring reliable and professional hosting infrastructure while maintaining the highest standards of data privacy and security.

Hosting and Data Storage

Secure Cloud Hosting

InvoiceFlow is hosted on secure servers managed by All Web Tech. Our hosting arrangement ensures:

Professional-grade server infrastructure with enterprise-level security
Regular security updates and monitoring
Reliable uptime and performance
Secure data centers with physical security measures
Regular automated backups to prevent data loss

Data Privacy and Access

🔒 Your Data is Private and Secure

We want to assure you that your business data is completely private and secure. All Web Tech, their associates, and development partners have absolutely NO access to your production data. Your customer information, invoices, proposals, and financial records are protected by strict access controls and are only accessible to you through your secure login.

Each user account has isolated data storage - you can only access your own data
Production databases are encrypted and access-controlled
No hosting provider personnel can view or access your business data
Development and support teams work only with anonymized test data
All data access is logged and monitored for security

Information We Collect and Store

To provide you with InvoiceFlow's invoicing and proposal management services, we collect and securely store the following information:

User Account Information: Your name, email address, and encrypted password
Company Information: Your business name, address, contact details, and tax information
Customer Data: Information about your customers including company names, contact information, and billing addresses
Business Data: Services you offer, proposals you create, invoices you generate, and payment records
Application Settings: Your preferences, configurations, and customizations

All this information is stored securely in your isolated account and is never shared with All Web Tech, their associates, or any third parties.

Data Security

Security Measures

InvoiceFlow implements several security measures to protect your data:

Password Security: All passwords are hashed using bcrypt with 12 salt rounds
Authentication: JWT tokens with HTTP-only cookies for secure session management
Input Validation: All user inputs are validated and sanitized
SQL Injection Protection: Parameterized queries prevent database attacks
Data Isolation: Users can only access their own data

Our Security Commitment

🛡️ Production Environment Security

We maintain strict security protocols for our production environment. All Web Tech and all development partners are prohibited from accessing production data. Only automated systems and security monitoring tools interact with production servers, and all access attempts are logged and audited.

Your Responsibilities

As a user of InvoiceFlow, we ask that you:

Keep your password secure and confidential
Log out of your account when using shared devices
Report any suspicious activity immediately
Review and comply with applicable data protection regulations for your business
Inform your customers about how their data is used

Third-Party Services

External Integrations

InvoiceFlow may support optional integrations with third-party services. If you choose to enable these integrations:

You are responsible for reviewing the privacy policies of those services
Data sharing is entirely under your control and configuration
We recommend implementing appropriate data protection measures
You can disable integrations at any time

Cookies and Local Storage

InvoiceFlow uses cookies and local storage for:

Authentication: Secure JWT tokens stored in HTTP-only cookies
User Preferences: Application settings and customizations
Session Management: Maintaining your login state

All cookies are essential for the application's functionality and are not used for tracking or analytics.

Data Rights and Control

Your Rights

As an InvoiceFlow user, you have complete rights over your data:

Access: View and access all your data at any time through the application
Modification: Update or correct any information through the user interface
Deletion: Delete individual records or request complete account deletion
Portability: Export your data in CSV format for customers and services
Privacy: Your data remains private and is never accessed by hosting providers

Data Retention and Backups

We implement the following data retention practices:

Active Data: Your data is retained as long as your account is active
Backups: Automated backups are maintained for disaster recovery purposes
Account Deletion: Upon account deletion request, all data is permanently removed within 30 days
Backup Removal: Backup data is purged according to our retention schedule after account deletion

We recommend you periodically export your data for your own records, especially for accounting and legal purposes.

Compliance and Regulations

GDPR Compliance

InvoiceFlow is designed with privacy in mind. If you operate in the European Union or process EU residents' data:

You are the data controller for your customer data stored in InvoiceFlow
InvoiceFlow acts as a data processor, providing you with tools to manage data
We implement technical and organizational measures to protect data
You can exercise data subject rights (access, rectification, erasure) through the application
Data export functionality enables data portability compliance

Other Regulations

Depending on your location and business, you may need to comply with:

CCPA (California Consumer Privacy Act)
PIPEDA (Personal Information Protection and Electronic Documents Act - Canada)
Industry-specific regulations (HIPAA, PCI DSS, etc.)
Local data protection laws

Data Protection Summary

🔐 Key Privacy Commitments

No Third-Party Access: All Web Tech, associates, and development partners cannot and do not access your production data

Complete Data Isolation: Your business data is completely isolated and only accessible through your secure account

Enterprise-Grade Security: Industry-standard encryption, secure authentication, and regular security monitoring

Your Data, Your Control: Export, modify, or delete your data at any time through the application

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in:

Application features and functionality
Legal and regulatory requirements
Industry best practices
Community feedback and recommendations

Updated policies will be included in new releases and documented in our changelog.

Contact Information

For questions about this Privacy Policy, data protection, or InvoiceFlow's security practices, please contact us:

Email: privacy@invoiceflow.com
Support: Visit our Support Page
Hosting Provider: All Web Tech (infrastructure only - no data access)

Your Business Privacy

While InvoiceFlow protects your data with enterprise-grade security, you are responsible for:

Creating appropriate privacy policies for your customers
Complying with applicable laws and regulations in your jurisdiction
Obtaining necessary consents from your customers for data processing
Informing your customers how their data is used in your business operations

🔒 Rest Assured: Your data security and privacy are our top priorities. We have implemented strict technical and organizational measures to ensure that All Web Tech and all associated parties have zero access to your production data. Your business information, customer data, and financial records remain completely confidential and are accessible only to you through your secure login.