1. Introduction & Scope
INVIXY (“we”, “us”, “our”) provides an invoice management platform and related services. This Privacy Policy explains how we collect, use, disclose, store, and protect personal data of users, including customers, their employees or clients, and website visitors.
This policy applies to personal data processed in India and globally in connection with our services and is aligned with the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable laws.
2. Definitions
- Personal Data — Information that identifies or can reasonably identify an individual (name, email, phone, IP address, etc.).
- Sensitive Personal Data — Financial, authentication, or other data classified as sensitive under applicable law.
- Processing — Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
3. What We Collect
A. Data You Submit
- Account information (name, email, phone, company name)
- Billing address and business details
- GSTIN, PAN (if provided for billing or compliance)
- Bank details for payouts (if applicable)
- Customer or client data entered into invoices
- Uploaded documents (invoices, PDFs, contracts)
B. Payment Data
INVIXY does not store raw card numbers by default. Payments are processed using PCI-DSS-compliant third-party payment gateways. If a feature requires card storage, applicable PCI compliance standards will apply.
C. Automatically Collected Data
- IP address and device/browser information
- Usage logs, timestamps, and analytics data
D. Cookies & Tracking
We use session cookies, functional cookies, and analytics cookies to operate and improve our services. You can manage cookies through your browser settings.
4. Purpose & Lawful Basis
We process personal data to:
- Provide and maintain the INVIXY platform
- Process billing and payments
- Provide customer support and communications
- Detect fraud, abuse, and security incidents
- Improve product functionality and analytics
- Comply with legal and regulatory obligations
Processing is based on contract performance, legitimate interests, consent (where required), and legal obligations.
5. Sharing & Third Parties
We share personal data only with trusted third parties, including:
- Hosting, analytics, and email service providers
- Payment gateways and banking partners
- Regulators or law enforcement when legally required
All third parties are contractually required to protect data and use it only for permitted purposes.
6. Cross-Border Transfers
If personal data is transferred outside India (for example, using global cloud providers), such transfers will comply with applicable laws and include appropriate safeguards.
7. Data Retention
- Account data: retained while the account is active
- Invoice and tax records: retained as required by Indian tax and GST laws
- Logs and analytics: retained in aggregated or anonymized form
8. Security Measures
- Encryption in transit (TLS) and at rest where applicable
- Role-based access controls and logging
- Regular security reviews and monitoring
- Use of PCI-compliant payment processors
9. Data Breach & Notification
In the event of a personal data breach, we will take reasonable steps to contain and remediate the incident and notify affected users and authorities as required by law.
10. Your Rights & Choices
- Access and correction of personal data
- Data export and portability
- Account deletion (subject to legal retention)
- Withdrawal of consent where applicable
Requests can be made by contacting our Data Protection or Grievance Officer.
11. Children
INVIXY services are not intended for individuals under 18. We do not knowingly collect personal data from children.
12. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notifications.