Invo

Privacy Policy

Last updated: March 1, 2026

1. Introduction

Usto AI LLC ("we", "us", "our") operates Invo, a free online invoice and receipt generator. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:
Usto AI LLC
Email: support@iloveinvo.com

3. Data We Collect

The data we collect depends on which plan you use:

Free Plan (client-side only)

On the free plan, all invoice and receipt data is processed entirely in your browser. No document data (business names, client details, line items, amounts, logos) is sent to or stored on our servers. Your data stays on your device and is never transmitted to us.

Pro Plan (server-side storage)

If you subscribe to the Pro plan, we collect and store the following on our servers:

  • Account data: Name, email address, and authentication credentials (including via Google OAuth)
  • Invoice/receipt data: Business names, client names, addresses, line items, and amounts — stored for your dashboard and client management features
  • Uploaded content: Logos or images you upload for use on invoices and receipts
  • Payment data: Subscription payments are processed by Stripe. We do not store your card details.

All users

  • Usage data: Pages visited, features used, browser type, and device information

4. Legal Basis for Processing

We process your personal data based on:

  • Contract performance: To provide the Service and manage your account
  • Legitimate interest: To improve the Service, prevent fraud, and ensure security
  • Consent: For optional email communications and marketing (you may withdraw consent at any time)
  • Legal obligation: To comply with applicable laws and regulations

5. How We Use Your Data

For free plan users, we do not process or store any document data — everything runs in your browser.

For Pro plan users, we use your data to:

  • Create and manage your account
  • Store invoices and receipts in your dashboard
  • Provide client management features
  • Send invoices and receipts via email on your behalf
  • Process subscription payments through Stripe

For all users, we use usage data to improve and maintain the Service.

6. Data Sharing

We do not sell your personal data. We share data only with:

  • Supabase: Database hosting and authentication
  • Stripe: Payment processing for premium subscriptions
  • Email providers: To deliver invoices and receipts to your clients on your request

All third-party providers are bound by data processing agreements and comply with GDPR requirements.

7. Data Retention

Free plan: No document data is stored on our servers, so there is nothing to retain or delete.

Pro plan: We retain your personal data and stored documents for as long as your account is active. If you delete your account, we will delete all your personal data and stored invoices/receipts within 30 days, except where retention is required by law.

8. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Request restriction of processing in certain circumstances
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interest
  • Withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at support@iloveinvo.com. We will respond within 30 days.

9. Cookies

We use essential cookies required for authentication and session management. We do not use third-party tracking cookies or advertising cookies. Essential cookies cannot be disabled as they are necessary for the Service to function.

10. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL), secure authentication, and access controls. While we take reasonable steps to protect your data, no method of transmission over the internet is 100% secure.

11. International Data Transfers

Your data may be processed in the United States. Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

12. Children's Privacy

The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact & Complaints

For privacy-related questions or to exercise your rights, contact us at support@iloveinvo.com.

If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority (supervisory authority) in the EU/EEA.