Last updated: December 26, 2024
This Data Processing Agreement ("DPA") forms part of the Terms of Service between Invoice Extractor ("Processor", "we", "us") and the customer ("Controller", "you") for the processing of personal data in connection with our invoice extraction service.
This DPA applies to the processing of Personal Data contained in invoice documents that you upload to our Service for the purpose of data extraction.
We process Personal Data for the following purposes:
Personal Data processed may include:
Data Subjects may include your customers, suppliers, business partners, and employees whose information appears on invoices.
As the Controller, you are responsible for:
As the Processor, we commit to:
We implement the following technical and organizational measures to protect Personal Data:
You authorize our use of the following sub-processors for Personal Data processing:
| Sub-processor | Purpose | Location |
|---|---|---|
| AI Service Provider | AI document processing and data extraction | International |
| Stripe | Payment processing | USA/EU |
| Google Cloud | Authentication | USA/EU |
| Resend | Email delivery | USA |
We will notify you of any intended changes to sub-processors, giving you the opportunity to object. If you have a reasonable objection, we will work with you to find an alternative solution or you may terminate the affected services.
Personal Data may be transferred to countries outside the European Economic Area (EEA). When such transfers occur, we ensure appropriate safeguards are in place:
Note: Invoice documents are processed by AI services that may have servers in various international locations. By using our Service, you acknowledge and accept this transfer. Documents are processed in real-time and not retained by the AI provider.
We will assist you in fulfilling your obligations to respond to Data Subject requests including:
Due to our 7-day automatic deletion policy, most data will be deleted before such requests are received. For urgent requests, contact us immediately at privacy@invoiceextractor.app
In the event of a Personal Data breach, we will notify you without undue delay (and within 72 hours where feasible) providing:
We retain Personal Data as follows:
Upon termination of services or at your request, we will delete or return all Personal Data within 30 days, except where retention is required by law.
Upon reasonable request and subject to confidentiality obligations, we will provide you with information necessary to demonstrate our compliance with this DPA. We may satisfy audit requests by providing third-party certifications, audit reports, or other documentation demonstrating our security practices.
Each party's liability under this DPA is subject to the limitations set forth in the Terms of Service. Nothing in this DPA limits either party's liability for breaches of Data Protection Laws where such limitation is not permitted by law.
This DPA remains in effect for the duration of your use of our Service. Upon termination, our data processing obligations continue until all Personal Data has been deleted or returned in accordance with Section 10.
This DPA is governed by the same laws that govern our Terms of Service. For EU/EEA users, nothing in this DPA limits any rights under GDPR or other applicable Data Protection Laws.
For DPA-related inquiries or to exercise your rights:
Data Protection Contact: privacy@invoiceextractor.app
Legal Inquiries: legal@invoiceextractor.app
See also: Terms of Service • Privacy Policy