Privacy Policy

Introduction

At Facturo, we are committed to protecting your privacy and ensuring the security of your personal and business data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoicing application.

This policy complies with the General Data Protection Regulation (GDPR) for users in the European Union and applicable data protection laws in South America, including Brazil's LGPD (Lei Geral de Proteção de Dados).

Data Controller

Facturo is the data controller responsible for processing your personal data. Our contact information is:

Data We Collect

We collect the following types of data to provide and improve our invoicing services:

Personal Data

• User names and email addresses
• Physical addresses
• VAT numbers and tax identification numbers
• Contact information (phone numbers, etc.)
• Account credentials and authentication information

Financial Data

• Invoice details and content
• Payment information processed through Stripe (we do not store full payment card details)
• Transaction history
• VAT and tax calculations

Business Data

• Company information and registration details
• Client and customer details
• Business registration numbers

Analytics & Tracking Data

• Usage analytics via Google Analytics (with your consent)
• Marketing cookies (with your consent)
• Local storage data for application functionality

Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

• Contract: Processing necessary for invoice generation and service provision as part of our contractual relationship with you.
• Consent: For marketing emails and analytics cookies, we rely on your explicit consent, which you can withdraw at any time.
• Legal Obligation: We retain tax records and invoices as required by applicable tax and accounting laws (typically 7-10 years).
• Legitimate Interest: For fraud prevention, service improvement, and security measures, we process data based on our legitimate business interests.

Third-Party Data Processors

We use the following third-party services to process your data:

Stripe (Payment Processing)

We use Stripe to process payments. Stripe handles payment card data in compliance with PCI DSS standards. We do not store full payment card details on our servers. Stripe's privacy policy applies to payment processing: https://stripe.com/privacy

Google Analytics

We use Google Analytics to understand how users interact with our application. Analytics only loads with your consent. We have configured Google Analytics with IP anonymization and data minimization settings. Google's privacy policy applies: https://policies.google.com/privacy

Email Service Provider

We use email service providers to send transactional and marketing emails. These providers process email addresses and content solely for the purpose of delivering emails.

International Data Transfers

Some of our third-party processors (such as Stripe and Google) are based in the United States. When we transfer your data to these processors, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data in accordance with GDPR requirements.

Data Retention

We retain your data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law:

Your Rights

Under GDPR and applicable data protection laws, you have the following rights:

• Right to Access: You can request a copy of all personal data we hold about you.
• Right to Rectification: You can update or correct your personal data through your account settings or by contacting us.
• Right to Erasure (Right to be Forgotten): You can request deletion of your account and personal data, subject to legal retention requirements for invoices and tax records.
• Right to Data Portability: You can request your data in a structured, commonly used format (e.g., JSON, CSV) to transfer it to another service.
• Right to Object: You can object to processing of your data for marketing purposes or based on legitimate interests.
• Right to Restrict Processing: You can request that we temporarily stop processing your data while we resolve a dispute or verify your request.
• Right to Withdraw Consent: You can withdraw your consent for marketing emails or analytics cookies at any time through your account settings or cookie preferences.
• Right to Lodge a Complaint: You have the right to file a complaint with your local data protection supervisory authority if you believe we have violated your data protection rights.

To exercise any of these rights, please contact us using the information provided in the Contact Information section below.

Security Measures

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (HTTPS/TLS) for all data transmission
• Encryption at rest for sensitive data stored in our databases
• Access controls and authentication mechanisms
• Regular security audits and vulnerability assessments
• Privacy by design principles in our development process

Cookies

We use cookies and similar technologies where you use Facturo through a web browser, for example to keep you signed in and to remember certain preferences.

You can control non‑essential cookies through the cookie banner. For analytics in the SaaS application, your choices are respected when you update cookie preferences.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: