Privacy Policy
Your privacy and data security are our top priorities
This policy explains how InvoiceBI collects, uses, and protects your information when you use our AI-powered invoice processing platform.
Important Notice
By using InvoiceBI, you agree to the collection and use of information as described in this policy. We recommend reading this policy carefully to understand how we protect your sensitive financial data.
Invoice Data and Financial Information
When you upload invoices to InvoiceBI, we collect and process comprehensive invoice content including: vendor names, addresses, contact information, invoice numbers, purchase order numbers, payment terms, due dates, itemized line items, quantities, unit prices, tax information, discount details, total amounts, currency information, and any custom fields or notes. We also process related financial metadata such as GL codes, cost centers, project codes, and approval workflows to provide accurate AI-powered analysis and business intelligence.
Account and Profile Information
We collect personal and business information necessary for account creation and service provision including: full name, email address, phone number, job title, company name, business address, industry type, company size, tax identification numbers, billing addresses, payment method details (processed securely through our payment processors), subscription preferences, user roles and permissions within your organization, and profile settings including notification preferences and dashboard customizations.
Usage Analytics and Behavioral Data
We automatically collect comprehensive usage information to improve our services including: pages visited, features accessed, time spent on different sections, click patterns, search queries within the platform, report generation activities, export/download actions, API usage patterns, mobile app interactions, session duration and frequency, user workflow patterns, error logs and performance metrics, feature adoption rates, and integration usage statistics.
Technical and Security Data
For security, fraud prevention, and service optimization, we collect: IP addresses, browser types and versions, operating system information, device identifiers, screen resolution, time zone settings, geographic location (country/region level), network information, referring URLs, login timestamps, failed login attempts, security event logs, API authentication tokens, and other technical identifiers that help us maintain platform security and performance.
Communication and Support Data
When you interact with our support team or communication channels, we collect: support ticket contents, chat transcripts, email correspondence, phone call recordings (with consent), feedback survey responses, feature requests, bug reports, training session recordings, webinar participation data, and any other communications you have with our team to provide effective customer support and service improvement.
Integration and Third-Party Data
When you connect InvoiceBI with other systems, we may collect: ERP system data, accounting software information, procurement platform data, banking and payment system details, document management system contents, workflow automation data, and other business system information necessary to provide seamless integrations and comprehensive analysis capabilities.
AI-Powered Invoice Analysis and Processing
We use your invoice data to provide comprehensive AI-powered analysis including: automated data extraction using OCR and machine learning, duplicate invoice detection, pricing discrepancy identification, vendor performance analysis, spend pattern recognition, contract compliance checking, fraud detection algorithms, missing discount identification, payment term optimization, and predictive analytics for cash flow management. Our AI models continuously learn from invoice patterns to improve accuracy and provide more sophisticated business insights.
Business Intelligence and Reporting
Your data enables us to generate detailed business intelligence including: spend analytics dashboards, vendor performance scorecards, category spend analysis, budget variance reports, cost center analytics, seasonal spending patterns, procurement efficiency metrics, compliance reporting, audit trail generation, custom KPI tracking, benchmark comparisons, and automated alerting for unusual spending patterns or potential cost savings opportunities.
Platform Security and Fraud Prevention
We use collected data for comprehensive security measures including: user authentication and authorization, suspicious activity detection, fraud prevention algorithms, security breach monitoring, access pattern analysis, device fingerprinting for security, geographic anomaly detection, automated threat response, security audit logging, compliance monitoring, and maintaining detailed security incident records to protect your sensitive financial information.
Service Enhancement and Machine Learning
We analyze aggregated and anonymized usage patterns to: improve our AI model accuracy, develop new feature capabilities, optimize user interface design, enhance processing speed and performance, identify common user workflows, develop predictive capabilities, create industry-specific insights, improve integration capabilities, optimize mobile app functionality, and develop advanced analytics features that benefit all users while maintaining individual privacy.
Customer Communication and Support
We use your contact information and usage data to provide: service notifications and system alerts, security incident communications, billing and subscription updates, feature announcements and product updates, personalized onboarding and training, proactive customer success outreach, technical support assistance, service disruption notifications, compliance and regulatory updates, and educational content tailored to your usage patterns and business needs.
Legal and Regulatory Compliance
We process your data as necessary for: compliance with financial regulations and reporting requirements, anti-money laundering (AML) monitoring, know your customer (KYC) procedures, tax reporting and documentation, audit support and documentation, regulatory examination support, legal discovery processes, dispute resolution procedures, contract enforcement, intellectual property protection, and maintaining records as required by applicable laws and regulations.
Research and Development
Using aggregated and anonymized data, we conduct research to: develop new AI capabilities and algorithms, improve invoice processing accuracy, create industry benchmarks and insights, develop new product features, enhance integration capabilities, optimize system performance, study spending trends and patterns, develop predictive analytics models, and contribute to academic and industry research while ensuring individual customer data remains protected and anonymous.
No Sale of Personal Data
InvoiceBI does not sell, rent, or trade your personal information or invoice data to third parties for marketing purposes.
Service Providers
We may share data with trusted service providers who assist in operating our platform, such as cloud hosting, payment processing, and customer support, under strict confidentiality agreements.
Legal Requirements
We may disclose information when required by law, court order, or to protect our rights, safety, or the rights and safety of others.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to equivalent privacy protections.
Encryption
All invoice data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Our databases and file storage systems maintain military-grade security standards.
Access Controls
We implement strict access controls, multi-factor authentication, and role-based permissions to ensure only authorized personnel can access your data on a need-to-know basis.
Infrastructure Security
Our platform is hosted on enterprise-grade cloud infrastructure with 24/7 monitoring, intrusion detection, and automated security updates.
Data Isolation
Each customer's data is logically separated and isolated, preventing unauthorized access between different organizations using our platform.
Retention Periods
We retain your invoice data and account information for as long as your account is active or as needed to provide services. Deleted data is permanently removed within 30 days.
Account Deletion
When you delete your account, we will delete all your invoice data, analytics, and personal information, except as required for legal compliance or legitimate business purposes.
Backup Systems
Data may persist in our backup systems for up to 90 days after deletion for disaster recovery purposes, after which it is permanently destroyed.
Legal Holds
In some cases, we may need to retain data longer due to legal obligations, investigations, or disputes, but only for the minimum time required.
Access and Portability
You can access, download, and export your invoice data and analytics at any time through your account dashboard or by contacting our support team.
Correction and Updates
You can update your account information, correct inaccuracies in your data, and modify your preferences through your account settings.
Data Deletion
You can delete individual invoices, analytics reports, or your entire account at any time. Some data may be retained for legal compliance as described above.
Marketing Communications
You can opt out of marketing emails at any time using the unsubscribe link or by updating your communication preferences in your account.
GDPR Compliance
For users in the European Union, we comply with the General Data Protection Regulation (GDPR) and provide all required rights and protections.
CCPA Compliance
For California residents, we comply with the California Consumer Privacy Act (CCPA) and provide additional rights regarding personal information.
SOC 2 Type II
InvoiceBI maintains SOC 2 Type II certification, demonstrating our commitment to security, availability, and confidentiality controls.
Industry Standards
We follow industry best practices for financial data handling and maintain compliance with relevant financial services regulations.
Automated Data Processing
Our AI systems automatically process your invoice data using advanced machine learning algorithms including optical character recognition (OCR), natural language processing (NLP), and computer vision technologies. These systems extract, categorize, and analyze invoice information to identify patterns, anomalies, and insights without human intervention, ensuring consistent and accurate processing of your financial documents.
Machine Learning Model Training
We use aggregated and anonymized invoice data to train and improve our machine learning models. This includes training models for better OCR accuracy, improved fraud detection, enhanced duplicate identification, and more sophisticated spend pattern recognition. Individual customer data is never used to train models that benefit other customers, and all training data is stripped of personally identifiable information.
Algorithmic Decision Making
Our platform uses algorithmic decision-making for automated invoice validation, risk scoring, and anomaly detection. These systems flag potentially fraudulent invoices, identify duplicate payments, suggest optimal payment timing, and highlight unusual spending patterns. You maintain full control over final decisions and can always override algorithmic recommendations.
Data Anonymization and Aggregation
For research and model improvement purposes, we aggregate and anonymize invoice data to create industry benchmarks, spending trend analyses, and performance metrics. This anonymized data cannot be traced back to individual customers or specific invoices and is used solely for improving our services and providing industry insights.
Global Infrastructure
InvoiceBI operates globally with data centers and infrastructure in multiple regions including the United States, European Union, and other jurisdictions. Your data may be processed and stored in these regions to provide optimal performance, redundancy, and disaster recovery capabilities.
Cross-Border Transfer Safeguards
When transferring personal data internationally, we implement appropriate safeguards including: Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions where applicable, binding corporate rules for intra-group transfers, and additional technical and organizational measures to ensure data protection standards are maintained across all jurisdictions.
Regional Data Residency Options
For enterprise customers with specific data residency requirements, we offer regional data processing options that ensure your invoice data remains within specified geographic boundaries. Contact our sales team to discuss data residency requirements and available options for your organization.
Government Access and Legal Requests
We may be required to disclose data to government authorities in jurisdictions where we operate. We carefully review all legal requests, challenge overbroad requests where legally possible, provide the minimum data required, and notify affected customers when legally permitted to do so.
Age Restrictions
InvoiceBI is designed for business use and is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.
Parental Notification
If you are a parent or guardian and believe your child has provided personal information to InvoiceBI, please contact us immediately at privacy@invoicebi.com so we can take appropriate action to remove such information from our systems.
Educational and Training Use
In cases where InvoiceBI is used for educational or training purposes in academic institutions, we require appropriate consent from parents or guardians for any users under 18, and we limit data collection to only what is necessary for the educational purpose.
Incident Detection and Response
We maintain comprehensive security monitoring systems that detect potential data breaches or security incidents in real-time. Our incident response team follows established procedures to contain, investigate, and remediate any security incidents promptly and effectively.
Customer Notification Procedures
In the event of a data breach that may affect your personal information or invoice data, we will notify you within 72 hours of discovering the incident, as required by applicable law. Notifications will include details about the nature of the breach, the type of information involved, steps we have taken to address the incident, and recommendations for protecting your information.
Regulatory Reporting
We will report data breaches to relevant regulatory authorities as required by applicable laws, including the GDPR, CCPA, and other data protection regulations. We maintain detailed incident logs and work closely with regulators to ensure full compliance with notification requirements.
Post-Incident Improvements
Following any security incident, we conduct thorough post-incident reviews to identify areas for improvement in our security measures, update our procedures as necessary, and implement additional safeguards to prevent similar incidents in the future.
Access Controls and Permissions
InvoiceBI employees are granted access to customer data only on a need-to-know basis and only to the extent necessary to perform their job functions. We implement role-based access controls, regular access reviews, and automated access provisioning and deprovisioning processes.
Background Checks and Screening
All employees with potential access to customer data undergo comprehensive background checks appropriate to their level of data access. This includes criminal background checks, employment verification, and ongoing monitoring as required by our security policies.
Privacy and Security Training
All InvoiceBI employees receive mandatory privacy and security training upon hiring and annually thereafter. This training covers data protection principles, handling of sensitive information, incident reporting procedures, and compliance with applicable privacy laws and regulations.
Confidentiality Agreements
All employees, contractors, and third-party service providers with access to customer data are required to sign comprehensive confidentiality agreements that survive the termination of their relationship with InvoiceBI.
Automated Invoice Processing
InvoiceBI uses automated processing to analyze invoices, detect anomalies, identify duplicates, and generate insights. These automated systems are designed to assist and enhance human decision-making rather than replace it entirely. You always retain the ability to review and override automated recommendations.
Profiling for Business Insights
We create profiles of spending patterns, vendor relationships, and procurement behaviors to provide personalized business insights and recommendations. This profiling is based solely on business data and is designed to help optimize your financial processes and identify cost-saving opportunities.
Right to Human Review
You have the right to request human review of any automated decision that significantly affects your use of our services. You can also request an explanation of the logic behind automated processing and challenge decisions you believe are incorrect.
Opt-Out Options
While automated processing is integral to our service functionality, you can opt out of certain types of automated analysis or profiling by contacting our support team. Note that opting out may limit some platform features and insights.
Merger and Acquisition Scenarios
In the event InvoiceBI is involved in a merger, acquisition, or sale of assets, your personal information and invoice data may be transferred to the acquiring entity. We will provide notice of any such transfer and ensure that the acquiring entity maintains equivalent privacy protections.
Due Diligence Protections
During any business transfer process, we limit access to customer data to only what is necessary for due diligence purposes, require potential acquirers to sign comprehensive confidentiality agreements, and ensure that any data sharing is conducted under strict security protocols.
Customer Rights During Transfers
You retain all rights regarding your personal information during business transfer processes. This includes the right to object to the transfer, request data deletion (subject to legal requirements), and receive notice of any changes to privacy practices following a transfer.
Bankruptcy or Dissolution
In the unlikely event of bankruptcy or business dissolution, we will provide advance notice to customers and work to ensure continued data protection during any asset liquidation process. Customer data will be treated as a protected asset with restricted access during such proceedings.
Questions About This Policy?
If you have any questions about this Privacy Policy or how we handle your data, please don't hesitate to contact us.