Privacy Policy
Last updated: March 15, 2026
1. Who we are
euinvoice.app is operated by sapplify, based in Slovakia (EU). We are the data controller for personal data processed through this service.
For privacy inquiries, contact us at: privacy@sapplify.com
2. What data we collect
Anonymous users (no account)
If you use euinvoice.app without creating an account, no personal data is sent to our servers. PDF invoices are generated entirely in your browser. The invoice data you enter never leaves your device.
We collect anonymous, aggregated usage statistics via Umami Cloud (see section 5). We also collect error reports via Sentry when something goes wrong (see section 4).
Account holders (free account)
When you create an account, we store the following in our database:
- Email address - for authentication (magic link sign-in)
- Supplier profile - company name, address, city, ZIP, country, tax IDs (e.g. ICO, DIC, IC DPH), IBAN, BIC, phone, website
- Saved invoices - invoice data including supplier/client details, line items, amounts, and notes
3. Why we collect it
| Data | Purpose | Legal basis |
|---|---|---|
| Account creation and sign-in | Contract performance (Art. 6(1)(b) GDPR) | |
| Supplier profile | Auto-fill invoice details | Contract performance (Art. 6(1)(b) GDPR) |
| Saved invoices | Invoice history and duplication | Contract performance (Art. 6(1)(b) GDPR) |
| Anonymous analytics | Improve the service | Legitimate interest (Art. 6(1)(f) GDPR) |
| Error reports | Detect and fix bugs | Legitimate interest (Art. 6(1)(f) GDPR) |
| Payment data (Pro subscribers) | Process subscription payments via Stripe | Contract performance (Art. 6(1)(b) GDPR) |
4. Sub-processors
We use the following third-party services to operate euinvoice.app:
| Service | Purpose | Location |
|---|---|---|
| Supabase | Authentication and database | EU |
| Vercel | Website hosting | EU/US (SCCs in place) |
| Umami Cloud | Privacy-first analytics (no cookies, no personal data) | EU |
| Sentry | Error monitoring (browser, URL, stack trace — no invoice data) | EU/US (SCCs in place) |
| Stripe | Payment processing for Pro subscriptions (name, email, payment method) | EU/US (SCCs in place) |
Data Processing Agreements (DPAs) are in place with all sub-processors. Where data may be transferred outside the EU (Vercel, Sentry, Stripe), EU Standard Contractual Clauses (SCCs) apply as the transfer mechanism under Art. 46(2)(c) GDPR.
5. Analytics and cookies
We use Umami Cloud for website analytics. Umami is privacy-first and does not use cookies, does not track personal data, and does not fingerprint users. All data is aggregated and anonymous.
We use Sentry for error monitoring. When an error occurs in the application, Sentry automatically collects technical information (error message, stack trace, browser type, operating system, and page URL). This data is used solely to detect and fix bugs. No invoice data, personal details, or financial information is sent to Sentry.
euinvoice.app does not use cookies. Authentication tokens are stored in your browser's localStorage, which is strictly necessary for the service to function. No cookie consent banner is required.
6. Data retention
- Account data is retained as long as your account is active.
- Saved invoices are retained as long as your account is active.
- When you delete your account, all personal data and invoices are permanently deleted within 30 days.
- Anonymous analytics data is retained indefinitely (no personal data involved).
7. Your rights (GDPR)
As an EU resident, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data ("right to be forgotten")
- Export your data (data portability)
- Restrict processing of your data
- Object to processing based on legitimate interest
To exercise any of these rights, email privacy@sapplify.com. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority. In Slovakia, this is the Office for Personal Data Protection of the Slovak Republic.
8. Security
We protect your data using industry-standard measures including encryption in transit (TLS), row-level security policies on our database, and secure authentication via magic links (no passwords stored).
9. Children
euinvoice.app is a business tool and is not intended for use by anyone under 16 years of age.
10. Changes to this policy
We may update this privacy policy from time to time. Significant changes will be communicated via email to account holders. The latest version is always available at this URL.