Privacy policy

Last updated: 2026-05-17

1. Controller

Dtech is the controller for processing of personal data in the 1invoice.online service.

Contact: privacy@1invoice.online

2. What we collect

Account data

  • Email address (for magic-link sign-in)
  • Organisation name and contact details (you fill these in)

Content you upload

  • Member / customer lists (name, email, address, phone)
  • Quotes and invoices you create
  • Company logo (if uploaded)

Technical data

  • IP address (logged by web server for security, deleted after 30 days)
  • Cookies / session tokens (for sign-in)

3. Legal basis

  • Contract — delivery of the service per the terms of use
  • Legitimate interest — security, logging, abuse prevention
  • Consent — advertising cookies (Free tier, via Google Consent Mode)

4. Third parties (processors)

We share data with these sub-processors:

  • Supabase (database + auth) — EU region
  • Inleed AB (Swedish hosting) — Sweden
  • Stripe (payments) — Premium users only
  • Resend (email delivery) — for system mail
  • Google AdSense (ads) — Free-tier users who consented

All are processors covered by a Data Processing Agreement.

5. Ads and tracking (Free tier)

The Free tier is funded by Google AdSense. On first visit you choose your consent via Google's Consent Management Platform. If you decline, no personalised ads are shown (possibly non-personalised ones where the law allows).

Premium users: no ads, no ad tracking.

Public invoice / quote pages (/q/, /i/): never ads, never tracking, never cookies.

6. Retention

  • Account data: until you delete the account
  • Invoices: 7 years (Swedish bookkeeping law if your data lives in our Swedish region)
  • Server logs: 30 days
  • Backups: 30 days rolling

7. Your rights

Under GDPR you have the right to:

  • Request a copy of your personal data
  • Request correction of inaccurate data
  • Request deletion (with exceptions for invoice data we must keep for tax law)
  • Request restriction of or object to processing
  • Data portability (CSV / JSON export)
  • Complain to your national data protection authority

Send requests to privacy@1invoice.online.

8. Security

  • TLS 1.3 for all traffic
  • Row-Level Security in the database (data isolated per organisation)
  • Magic-link sign-in (no passwords stored)
  • Encrypted backups

9. Cookies

We use strictly necessary cookies (session, consent) without consent. Advertising cookies (Free tier) require your active consent.

10. Changes

Material changes are announced via email. The latest version is always on this page.

This policy is a starting point and should be reviewed by a lawyer before commercial launch. Country-specific requirements (e.g. CCPA in California, LGPD in Brazil) may apply on top.