Privacy Policy

Invoice Ninja is a personal invoice management application developed by Rafi. This policy explains what data we collect, why we collect it, and how we handle it.

We do not sell your data. We do not run ads. Your data exists solely to provide this service.

• —Account information: Your name and email address, used to create and manage your account.
• —Invoice data: Invoice records, line items, amounts, and statuses you create within the app.
• —Customer data: Names, email addresses, and details of your clients that you enter.
• —Profile image: An optional photo you upload for your account or customer records.
• —Session token: A short-lived token stored in a secure HTTP-only cookie that keeps you logged in.

• —To provide, operate, and improve the invoice management service.
• —To send transactional emails: invoice delivery, password resets, and account notifications.
• —To authenticate you and maintain your session securely.

We do not use your data for marketing, profiling, or any purpose beyond operating this service.

Your data is stored in a PostgreSQL database hosted on Vercel's infrastructure (US East). Profile and customer images are stored in Vercel Blob storage.

All data is transmitted over HTTPS. Session tokens are stored in HTTP-only cookies and are not accessible to client-side scripts.

We use the following services to operate the app:

• —Vercel: Hosting, database, and file storage.
• —Resend / SMTP: Transactional email delivery. Only the email address and invoice content necessary for delivery are shared.

No data is shared with advertising, analytics, or social platforms.

Invoice Ninja sets one cookie: session, which authenticates your requests. It is HTTP-only, Secure, and expires after 30 days of inactivity. No tracking or advertising cookies are used.

• —Access: All your invoice and customer data is visible in the dashboard at any time.
• —Correction: You can edit your account details and any records you have created.
• —Deletion: You can delete individual records at any time. To request full account deletion, contact us at the address below.
• —Portability: Your invoice data can be exported as PDF at any time.

We retain your data for as long as your account is active. If you request deletion, we will remove your personal data within 30 days.

If we make material changes, we will update the effective date at the top of this page. Continued use after a change constitutes acceptance of the updated policy.

Questions about this policy? Email support@invoice.rafi.ninja.