Invoice Ninja
Sign in Get started

Legal & Compliance

GDPR Compliance

Compliance & Legal

Questions? Our team is here to help.

legal@invoiceninja.com

What is the GDPR?

The General Data Protection Regulation (GDPR) standardizes data protection law across all 28 EU countries and imposes strict rules on controlling and processing personally identifiable information (PII).

The GDPR not only applies to organizations located within the EU but also to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects, regardless of that company's location. You may read the full list of GDPR regulations at gdpr-info.eu.

Key Issues of User Data & PII

  • User consent to collect & process data
  • User right to access of their data
  • User right of data portability
  • User right to delete / purge data / be forgotten
  • User right to restrict or object data use

PII Data Invoice Ninja Collects

  • Main Account Owner Email
  • Main Account User Name (optional)
  • Company Name (optional)
  • Company Website URL (optional)
  • Company ID #, VAT # (optional)
  • Company Contact: Phone, Address (optional)
  • Account Sub-Users Names & Emails (optional)
  • Company Size & Industry (optional)
  • Geo location based on IP address
  • Billing Information — last 4 digits of credit card & expiration date, billing address (paid accounts only)

Third Party Vendors & Data Access

GDPR requires that Invoice Ninja disclose 3rd party vendors which interact with your data. The following parties receive partial data that you provide:

  • Cloudflare (hosting)
  • OVH Cloud (hosting)
  • Linode (hosting)
  • Google Apps (customer service)
  • Stripe (paid accounts only)
  • PayPal (paid accounts only)
  • Postmark App (transactional emails)
  • MailGun (transactional emails)

Right to Rectification

You may access your account at any time to remove or rectify the following data: Account User Name, Email, Company details, Sub-User details, and billing information. Log in to your account at app.invoiceninja.com and navigate to Settings to update any of these details.

Right of Portability

You may export your data at any time. Navigate to Settings → Import/Export to export in CSV, XLS, or JSON format. Enterprise accounts can also export all documents as a ZIP folder via Reports → Document.

Right of Restriction — Data Erasure

The below methods of data purge are final, total, and irreversible.

  1. Account deletion: Settings → Account Management → Danger Zone → “Delete Company.” Permanently deletes all account & company data.
  2. Company data purge: Settings → Account Management → Danger Zone → “Purge Data.” Purges all account data permanently; login remains active.
  3. Individual client purge: From within the client view page, click the “Edit Client” dropdown → “Purge Client.” All contact info, invoices, quotes, payments, proposals, and projects are permanently removed.

Right to Object

Invoice Ninja does not use your data for any 3rd party marketing, retargeting, profiling, or similar application.

Contact

Users with questions regarding GDPR Compliance, account data use, or any data use matter, should contact: