Privacy Policy
1. Privacy at a Glance
General Information
The following provides a simple overview of what happens to your personal data when you visit this website.
2. Data Collection on This Website
Who is responsible for data collection?
Data processing on this website is carried out by the website operator (InvoGuard).
What data is collected?
- When using InvoGuard, uploaded PDF invoices are temporarily processed.
- Invoice data is NOT permanently stored.
- Upon registration: Email address for account management.
- For payments: Payment data is processed by Stripe.
3. Your Rights
You have the right to:
- Information about your stored data
- Correction of inaccurate data
- Deletion of your data
- Restriction of processing
- Data portability
- Object to processing
4. Automated Invoice Analysis (AI Processor)
For automated extraction of invoice data we use an AI service provider as a data processor:
- OpenAI (contracting party: OpenAI Ireland Ltd.; processing also by OpenAI, L.L.C., USA): The content of the uploaded invoice is transmitted to the OpenAI API to extract the invoice fields. Invoices may contain personal data (e.g. names, addresses, IBAN of sole proprietors).
- Transfer to the USA: The transfer is based on appropriate safeguards under Art. 46 GDPR, namely the EU Standard Contractual Clauses (Modules 2 and 3) as provided by OpenAI Ireland Ltd.'s Data Processing Addendum (DPA); the DPA will be concluded before any processing of real customer data. We do NOT rely on the EU-U.S. Data Privacy Framework, as OpenAI is not listed among DPF participants; a Transfer Impact Assessment is planned.
- By default, OpenAI does not use API data to train its models.
- Processing serves solely to produce your Excel export; InvoGuard does not permanently store invoice contents.
Further processors:
- Email delivery (sign-in links, notifications): Resend (Resend, Inc., USA). Only the email address and delivery metadata are processed, no invoice content. The switch to an own sender domain occurs before production use; the US transfer is based on Art. 46 safeguards (EU Standard Contractual Clauses).
- An EU-based error/operations monitoring service (content-free technical data only: timestamps, codes, stack traces; no invoice field values) is planned but not currently active.
- We provide data-processing customers with a current sub-processor list and change notifications.
5. Cookies
This website uses only technically necessary session/login cookies (§ 25(2)(2) TDDDG). As no tracking, analytics or marketing cookies are used, no consent (cookie banner) is required.
6. Payment Processing
Payments are processed via Stripe. Stripe's privacy policy applies.