This document describes:

How InvoiceFly treats, stores, process and saves your data including your personal data in the Service according to a Data Protection Laws, specifically the General Data Protection Regulation (“GDPR”).

Data & Privacy Policy

This Data & Privacy Policy (hereinafter as “Privacy Policy”) are subject to Terms of Use. Unless specified otherwise in this Privacy Policy the terms used in this Privacy Policy shall have the same meaning as in the TOU.

Our Data & Privacy Policy describe in detail how all information about you is gathered and processed. As a User of our Service or a visitor to InvoiceFly website, the security of your personal data is our primary focus. To continue using our Service as a User you will need to accept our TOU, agree to our Data Protection Agreement and agree with our Privacy Policy which provide all details on how your data is gathered, processed, and protected.

“LabHouse” or ‘we’ is the provider and operator of the Service, registered as Labhouse Mobile SL, Plaça de Pau Vila, 1, Barcelona, 08003, Spain, Company NIF: B04968699.

‘User’ or ‘you’ means any person which signs up to InvoiceFly and completes the registration process.

‘Data Protection Law/s’ means applicable and binding laws to which InvoiceFly and User is a subject to in the field of personal data protection and privacy especially GDPR.

‘GDPR’ means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

‘Personal Data’ has the meaning given to that term in Data Protection Laws. It’s any information relating to a data subject by which it can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person or legal entity (where applicable).

‘Processing’ has the meanings given to that term in Data Protection Laws (and related terms such as ‘process’ have corresponding meanings).

This policy informs you which of your data and personal data is collected and processed when you visit our website, use our web application or any other services offered, how we use your data and personal data and what rights you have regarding the use of your personal data. This privacy also applies for the access and use of the mobile apps as well as the other available services.

Introduction

InvoiceFly collects and processes some data which are necessary for a proper use of the Service. Some of these data might be personal data which could identify you as a live person and which are subject to Data Protection Legislation and GDPR.

What data we collect about you

We collect and process data:

  1. in your account that you provide to us when you sign up for the account and when you update these information from time to time such as your name, surname, email address, telephone number, e-mail address and others;
  2. in your profile and billing account that you provided to us about your profile and your business and company information, such as your address, business ID number, phone number and others;
  3. from your communications within the Service with us or with other users such as your messages, comments and other form of communication within the Service;
  4. from your entries to fields and forms within the Service such as search queries, forum posts, promotions, surveys and other features of the Service.

When you use the Service and its features we collect data about how you use the Service such as:

  1. data about your interactions with the Service and its features such as your viewed pages, content, search queries, unique numbers of applications and other interactions with the Service;
  2. location data from the device that you use to access the Service and we use various tools to determine your general location information and also precise location information. Location information is required to fullfill local Tax Authorities laws and Regulations and process Invoicing data correctly.
  3. protocols and log data about the method you use the Service such as data from the device that you use to access the Service, your IP address, device events (error reports, failures, system activities, hardware settings), applications that you use to access the Service (i.e. browser), browser language, Web storage site of a browser (including HTML 5 technology) and buffering memory applications, access time and referring URL address, hardware and software information and other similar information;
  4. data regarding all transactions made through the Service made through third party payment systems;
  5. data gathered from cookies and similar technologies (for more information see our Cookies policy below).

We also collect data about you from third parties and we may combine these data with data we have about you such as

  1. data from third parties services and webpages such as Google when you choose to use it to connect to the Service (see details below);
  2. data provided by users that you authorized to use the Service on your behalf;
  3. data from other sources that we may collect to the extent permitted by applicable law.

As long as it is not necessary for the creation and maintenance of a contractual relationship between you and InvoiceFly, we don’t collect, gather and process any personal data which could identify you as a person.

In order to ensure audit-proof processing of the data, the creation, modification or deletion of data may be logged or it may be prevented (especially according to the French anti-fraud law).

How do we process your data

InvoiceFly may, throughout your use of the Service, collect and process some of your data. InvoiceFly will obtain and process these data through technical means and processes in such a way that it will not be able under any circumstances assign them to your User account or to you. Such data are thus fully anonymous.

We generally use, process and store data including personal data that you provided to us and that we collect to:

  1. identify you as a contractual party or representative of a contractual party to us;
  2. enable you to access and use the Service in general or through your User account;
  3. enable you to communicate with us and enable our communication with you such as sending you notifications, messages, reminders and any other form of communication within the Service and otherwise (i.e. email messages);
  4. operate, protect, improve and optimize the Service, its features, its user experience, make it more personal, to provide customer support and to develop new services;
  5. maintain a trusted and safe environment on the Service and to prevent any actual or potential fraud, misconduct or other harmful activity, investigation and risk assessment, enforcing all of our Terms of Use and Privacy Policy and other similar actions which we may do without notifying you;
  6. send you marketing, advertising and promotional messages and information that might be interesting to you about us and our services. You may unsubscribe from these messages anytime;
  7. to administer referral programs, rewards, surveys, sweepstakes, contests, or other promotional activities or events sponsored or managed by InvoiceFly or our third party business partners;
  8. to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties.

We may also process, review, scan and/or analyse your communications with us for fraud prevention, risk assessment, regulatory compliance, investigation, product development, research and customer support purposes and other similar purposes. You consent and agree that we may process, review, scan and/or analyse your communications with us for these purposes.

We may also share or disclose some personal data to:

  1. Third-party service providers: We may use service providers to process data including your personal data on our behalf. This processing is for several purposes, including for example sending out marketing material. Third party service providers process personal data only according to our instructions, under biding legal agreement, are bound by confidentiality clauses and are not allowed to use your personal data for other purposes.
  2. Payment providers and (other) financial institutions: We may need to share certain personal data with the payment service provider and the relevant financial institution to handle payments from you and to you. We may furthermore share data with relevant financial institutions, if we consider it strictly necessary for fraud detection and prevention purposes.
  3. Competent authorities: We disclose personal data to law enforcement insofar as it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud. We may need to further disclose data to competent authorities to protect and defend our rights or properties, or the rights and properties of our business partners.

Unless required by relevant Data Protection Laws InvoiceFly has no influence on and assumes no liability for the compliance with Data Protection Laws standards outside of our Service.

Legal basis for processing of your personal data

When we process personal data about you we are doing so on the following legal basis:

  1. Performance of a contract: The use of your personal data may be necessary to perform the contract that you have with us as set out in our Terms of Use.
  2. Legitimate interests: We may use your personal data for our legitimate interests, such as to enable you to access and use the Service, provide you with the best suitable content in the Service, to sent you informational, promotional and marketing emails and newsletters, to operate, protect, improve and optimize the Service and promote our products and services and the content on our Service, and for administrative, fraud detection and legal purposes.
  3. Performing of a legal obligation: We will process your personal data when and for as long as required by applicable law.
  4. Consent: Where there is no other legal basis for processing we may ask for your consent to process your personal data for the purposes described in these Privacy Policy for the duration of your User account. You may at any time withdraw your consent to the processing of your personal data by writing to us to the company address or to an email address stated in this Privacy Policy.

InvoiceFly does not process your personal data including profiling to make automated decisions.

Maintaining of your personal data

Some data you provide to us in your User account may be personal data. Personal data are provided by you freely and you are responsible to maintain them accurate, true and complete. You may review, update, or delete the personal data in your User account by logging into your User account and reviewing your account settings and profile.

If you provide personal data of other persons to us (for example your authorized personal data of users or your client data) you warrant and guarantee that you are entitled to do so and that you have legal basis for such action.

Transferring of your personal data

InvoiceFly stores and processes your personal data in using the following companies. Processing and storing personal data outside EEA is made in compliance with applicable Data Protection Laws in these companies:

  • Revenue Cat, USA
  • Appsflyer, USA
  • Mixpanel, USA
  • Google Analytics, USA
  • Paypal, USA
  • Stripe, USA

Period of processing of your personal data

InvoiceFly stores and processes your personal data for the period necessary in relation to the purpose of processing as described in this Privacy Policy and local Legislation Authorities. We will process your personal data for as long as you have an active User account and automaticaly delete them 10 years after your last sign-in. We may then anonymize your information for statistical purposes.

We will terminate your personal data associated with your User account after 10 years of inactivity or when your Agreement with us has been terminated and when you request a permanent deletion of your User account.

Deleted data will be removed from InvoiceFly servers its back-ups and all third party companies listed in paragraph „Transferring of your personal data“ of Privacy Policy.

Even if you ask us to destroy your personal data InvoiceFly may be required to process some of your personal data to comply with legal obligations, i.e. to maintain accounting records and other obligations. We will process personal data for this purpose for a period required by applicable laws.

Where we process your personal data based on your consent you may at any time withdraw your consent to the processing of your personal data. We will process personal data for this purpose until you withdraw your consent.

Where you are entitled to object to our processing of your personal data (i.e. direct marketing) we will process personal data for this purpose until you object to such processing (by unsubscribing from our emails).

Data storage and security

InvoiceFly’s servers are operated by Google US with their Firebase service which ensures fast and robust data protection on par with current data protection legislative requirements. All the data you provide to the InvoiceFly website is encrypted according to the security standard TLS (Transport Layer Security). You can recognize the secure TLS connection from the “s” after the “http” in the URL shown in your browser (i.e. https://..), or from the lock symbol depicted in the browser tab. All of your data, including their transmission between your device and the InvoiceFly servers, will be protected by standard security measures with the use of 256-bit SSL encryption.

We also take technical and organizational suitable security measures, in order to protect your data against random or deliberate manipulations, partial or complete losses, destruction and/or against unauthorized access. In order to avoid loss of data, we run a mirrored database setup which means that your data is always stored in two separate locations.

The personal data that we collect is stored in a secure environment within the USA in compliance with Privacy Shield rules and treated confidentially. Access to this data is limited to selected InvoiceFly employees and partially to our subcontractors. We adhere to Data Protection Laws at all times.

We do our utmost to secure your data in the best possible way but we cannot guarantee the safety of your data when transferred over the Internet. When data is transferred over the Internet, there is a certain risk that others can access the data illicitly.

Cookies Policy and Analytic tools

Internet cookies are small text files that are placed on a user’s computer or device when they visit a website. These files contain information about the user’s activity on the website, such as the pages they have visited and the actions they have taken. Cookies are used by websites for a variety of purposes, such as:

  1. Remembering user preferences, such as language or currency settings
  2. Tracking user behavior for analytics purposes
  3. Enabling personalized advertising
  4. Storing login credentials for future visits

You can find more information on how we store and use Cookies in our Cookies Policy (link).

Calendar and appointments

Service may allow its users to connect their calendar, including third party calendars and time organizers (i.e. Google calendar, Apple calendar, etc.) to the Service.

By connecting a calendar to the Service, you shall be able to send invitations to other Users and clients and inform them about the time schedule.

The respective user is responsible for accurate information in the Calendar.

The right for information, correction, blocking and deletion

Subject to the material and territorial scope of the GDPR and Data Protection Laws in EEA you may have these rights granted you by the relevant Data Protection Laws.

You always have the right to access and review the personal data we process about you. You can request an overview of your personal data processed by us by emailing us. You can also request copies of your personal data held by us in writing or (if applicable) in in a structured, commonly used and machine-readable format (data portability right) in accordance with the relevant Data Protection Laws. We will provide you or your designated controller with a copy of the personal data held by us as soon as practicable, and in any event not more than 30 days after receiving a valid request in writing.

You may also request the rectification, erasure and restriction of processing of your personal data and object to processing of your personal data in accordance with the relevant data protection legislation. We will notify you within 30 days of your valid request about the relevant action taken.

You are entitled to access, see and challenge personal data third parties provide to us in accordance with the relevant Data Protection Laws.

Where we process your personal data based on your consent you may at any time withdraw your consent to the processing of your personal data. Withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

You are entitled to object to processing of your personal data for the purpose of direct marketing. You can exercise this right by unsubscribing from our newsletter and informational emails within the body of the email.

You are entitled to lodge a complaint with a supervisory authority in accordance with the relevant Data Protection Laws.

There may be a reasonable charge to process your requests under this section unless expressly stated otherwise in relevant Data Protection Laws.

We will notify you by e-mail whenever there are any changes made to thhe Privacy Policy or General Terms and Agreements.

We may request proof of identification to verify your requests under this section.

For information about your personal data, to exercise your right as well as for further questions about the use of your personal data please send an email to support@labhouse.io

Many of your rights described above can be exercised manually in your User account settings.

This Privacy Policy is effective from April 20-th 2023