Blog

Privacy & Cookie Policy

Effective Date: March 23, 2026

1. Our Privacy Commitment (Privacy by Design)

We believe that your data belongs to you. Our application is built on the principle of Privacy by Design. This means that your sensitive information—such as customer names, addresses, and financial amounts—is stored locally in your browser and is never saved on our servers.

2. Technical Data & Geo-Detection

To provide a seamless experience (correct currency and language), we process minimal technical data:

  • IP Address: We use your IP address solely for geo-detection (identifying your country) to set the appropriate tax rules, currency, and to show the required Cookie Banner.
  • How: This is handled via server middleware. If detection fails, we may use ipapi.co to determine your country code.
  • Storage: Your IP address is never stored in our database. The resulting country code (e.g., "PL") is saved in a functional cookie (geo_country).
  • Browser Metadata: We use Accept-Language headers to set your interface language and User-Agent to ensure the application renders correctly on your device.

3. Usage Analytics (GA4)

We use Google Analytics 4 to understand how users interact with the app. We respect your privacy through the following measures:

  • For EU/EEA Users: Analytics are disabled by default. We only trigger tracking if you explicitly click "Accept" on our banner (Consent Mode v2). If you decline, data is sent in a strictly anonymous "cookieless" mode.
  • What we track: We track aggregate actions like invoice_created, pdf_downloaded, xml_exported, or language_changed. We do not track the content of your invoices.
  • IP Anonymization: We have enabled full IP masking; Google never stores your complete IP address.

4. Storage: Cookies & Local Storage

We use two types of storage to make the app functional:

A. Functional Cookies (Server-side)

CookiePurposeDuration
geo_countryStores your detected country for regional settings.30 days
preferred_localeStores your manual language selection.
Note: This cookie is only created if you manually change the language in the settings.		1 year

B. Local Storage (Client-side)

The following data is stored locally in your browser's persistent storage:

  • cookie_consent: Remembers your privacy choices (Accepted/Declined).
  • invoices & invoice:{uuid}: All invoice data (records, items, and settings) is stored here.
Important: We cannot access, read, or recover this data. If you clear your browser cache or change devices, your saved invoices will be lost unless you have exported them.

5. Data Processing for File Generation (PDF & XML)

When you generate a PDF or XML file, the data is sent to our server temporarily to be rendered.

  • RAM-only processing: This data is processed entirely in the server's volatile memory (RAM).
  • No Disk Storage: The information is deleted immediately after the file is generated and sent back to your browser. We do not keep copies of your documents.

6. Third-Party Services

  • Google Analytics: For usage statistics.
    Privacy Policy
  • api.country.is: For initial geo-location lookup (country code only).
    Website

7. Your Rights & Global Privacy Control (GPC)

We honor the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, we will automatically treat it as a request to opt-out of all non-essential tracking, even if the banner is not interacted with.

Under GDPR (EU) and CCPA (USA), you have the right to access or delete your data. Since we do not store your data on our servers, you can exercise these rights by simply clearing your browser’s local storage.