Lite Invoice

Privacy Policy

Last updated: December 14, 2025

Overview

Lite Invoice is built by Billie Workers Cooperative ("Billie," "we," "us," or "our"). We are committed to protecting your privacy and being transparent about our data practices. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

By using Lite Invoice, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our services.

Information We Collect

We collect information to provide and improve our service. Here's what we collect and why:

Account Information

  • Email address — Required if you create an account. Used for authentication and account recovery. You can use the app without signing up, but syncing across devices requires an account.
  • Authentication data — We use passwordless authentication via one-time passwords (OTP) sent to your email. We never store passwords.

Invoice & Business Data

  • Your business information — Business name, address, email, phone number, and logo as you choose to enter them for your invoices.
  • Client information — Names and contact details of your clients that you add to the app.
  • Invoice details — Line items, prices, taxes, notes, payment status, and invoice history.

This data is stored to enable core app functionality: creating invoices, syncing across your devices, and generating shareable invoice links.

Device & Usage Information

  • Device information — Device type, operating system version, and unique device identifiers for troubleshooting.
  • Usage analytics — Anonymous data about app usage patterns (screens visited, features used, session duration).
  • Crash reports — Technical information when errors occur to help us fix bugs.

What We Don't Collect

  • We don't track your precise location
  • We don't access your contacts, photos, or files without explicit action from you
  • We don't read your emails or messages
  • We don't connect to your bank accounts
  • We don't collect or store payment card information (any future payment processing will be handled by third-party processors)
  • We don't sell your personal data to anyone

Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Contract performance — Processing necessary to provide you with the Lite Invoice service (storing your invoices, syncing data, authentication).
  • Legitimate interests — Processing for our legitimate business interests, such as improving the app, preventing fraud, and ensuring security, where these interests are not overridden by your rights.
  • Consent — Where you have given explicit consent, such as for optional analytics or marketing communications. You may withdraw consent at any time.
  • Legal obligation — Processing necessary to comply with legal requirements.

How We Use Your Information

  • To provide the service — Storing and syncing your invoices, authenticating your account, generating shareable invoice links.
  • To improve the app — Analyzing usage patterns, identifying bugs, optimizing performance.
  • To communicate with you — Responding to support requests, sending important service updates (not marketing).
  • To ensure security — Detecting and preventing fraud, abuse, or security incidents.

How We Don't Use Your Information

  • We don't sell, rent, or trade your personal data to third parties
  • We don't share your invoice or client data with third parties for their own purposes
  • We don't use your data for targeted advertising
  • We don't use your data to train AI or machine learning models
  • We don't profile you for automated decision-making that has legal effects

Third-Party Services

We use the following third-party services to operate Lite Invoice. Each processes data according to their own privacy policies:

  • Supabase — Database and authentication (data hosted on AWS in the United States)
  • PostHog — Product analytics
  • Firebase — Analytics and push notifications
  • Sentry — Error tracking and crash reporting
  • Crisp — Customer support chat
  • Google Play Services — Android app distribution
  • Apple — iOS app distribution

We have agreements with these providers to ensure they handle your data appropriately and in compliance with applicable laws.

Data Storage & International Transfers

Your data is stored on servers located in the United States via our infrastructure provider Supabase (which uses Amazon Web Services). If you are located outside the United States, your data will be transferred to and processed in the United States.

For users in the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses approved by the European Commission and other lawful transfer mechanisms to ensure your data receives adequate protection when transferred internationally.

Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (TLS/HTTPS for all connections)
  • Encryption at rest (database encryption)
  • Row-level security policies (you can only access your own data)
  • Passwordless authentication via one-time passwords
  • Regular security reviews and updates

While we take security seriously and implement reasonable safeguards, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using commercially reasonable measures.

Data Retention

We retain your data for as long as your account is active or as needed to provide you with the service. Specifically:

  • Account and invoice data — Retained while your account is active. Deleted within 30 days of account deletion request.
  • Analytics data — Retained in anonymized/aggregated form. Individual session data typically retained for 90 days.
  • Support communications — Retained for up to 2 years to provide context for ongoing support.
  • Legal requirements — We may retain certain data longer if required by law or to protect our legal rights.

Your Rights

You have control over your data. Depending on your location, you may have the following rights:

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Request correction of inaccurate or incomplete data.
  • Deletion — Request deletion of your personal data (with some exceptions for legal requirements).
  • Export/Portability — Receive your data in a portable format.
  • Restriction — Request that we limit how we use your data.
  • Objection — Object to processing based on legitimate interests.
  • Withdraw consent — Where processing is based on consent, withdraw it at any time.

You can exercise most of these rights directly in the app (view, edit, export, and delete your data from Settings). For other requests, contact us at privacy@liteinvoice.app.

We will respond to valid requests within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests.

Your Rights Under GDPR (EEA, UK, Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • The right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.
  • The right not to be subject to automated decision-making, including profiling, that produces legal effects (we do not engage in such processing).

Data Controller: Billie Workers Cooperative is the data controller responsible for your personal data. Contact us at privacy@liteinvoice.app.

Your Rights Under CCPA/CPRA (California)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know — You can request information about the categories and specific pieces of personal information we have collected about you.
  • Right to Delete — You can request deletion of your personal information, subject to certain exceptions.
  • Right to Correct — You can request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing — You have the right to opt out of the "sale" or "sharing" of your personal information. We do not sell or share your personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination — We will not discriminate against you for exercising your privacy rights.

To exercise your California privacy rights, contact us at privacy@liteinvoice.app or use the in-app settings to access, export, or delete your data.

Categories of Personal Information Collected: Identifiers (email), commercial information (invoice data), and internet activity (usage analytics). See "Information We Collect" above for details.

Children's Privacy

Lite Invoice is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@liteinvoice.app and we will delete such information.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, provide additional notice (such as in-app notification or email). We encourage you to review this page periodically. Your continued use of Lite Invoice after changes become effective constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all inquiries within 30 days.