This Privacy Policy explains how Facturio processes personal data when users access the web application, create an account, issue invoices, manage clients, products and services, send documents by email, use payment reminders, reports, exports and other service features.
Facturio is intended for business use and helps users manage invoices, client data, documents, payment statuses and related workflows.
1. Service operator
The controller responsible for the processing of personal data is:
Creative Brain OÜ
Reg. No.: 14375123
VAT ID: EE102063301
Address: Paepargi tn 47-9, 11417 Tallinn, Estonia
Email: info@facturio.eu
Website: facturio.eu
In this Policy, the words “we”, “us” and “Facturio” refer to Creative Brain OÜ.
2. Who this Policy applies to
This Policy applies to Facturio users, visitors of the website or application, persons who create an account, use free or paid features, contact support or otherwise interact with Facturio.
Facturio is primarily intended for business use. If a user enters data relating to their clients, contractors, employees or contact persons into Facturio, the user is responsible for having a lawful basis for such processing.
3. What data we process
Account data
Email address, login, password in protected form, interface language, authentication data, plan information, paid feature access status and technical data related to account access.
User company data
Company name, registration details, address, tax numbers, contact details, bank details, logo and other information needed to create invoices and documents.
User client data
Company name or client name, address, email address, contact person, tax data, document history and other information entered by the user into the service.
Invoice, document and transaction data
Invoice line items, products and services, prices, currencies, taxes, discounts, payment dates, payment statuses, credit notes, debt-related data, PDF files, CSV/DATEV exports and related documents.
Email sending data
Sender and recipient email addresses, email templates, message text, attachments, sending settings and technical delivery information.
Payment and plan data
Selected plan, paid access period, payment amount, currency, payment status, payment date, Stripe customer ID, Stripe checkout/session ID and related payment events. Facturio does not store full bank card details when payments are processed through Stripe.
Google OAuth data
If a user registers or logs in through Google, Facturio may receive the user's email address, Google ID, email verification status, display name and profile image if these data are provided by Google as part of the OAuth process.
Technical data
IP address, device type, browser, date and time of requests, technical logs, errors, security events and other data required for operating, protecting and diagnosing the service.
Google Analytics data
Facturio uses Google Analytics to analyse service usage, improve the interface, diagnose issues, evaluate feature demand and improve product quality. Where applicable law requires consent for analytics cookies or similar technologies, such technologies are used on the basis of the user's consent.
Support data
Name, email address, support request content, attachments and communication history if the user contacts support.
4. Where we get data from
from the user during registration and use of the service;
from data entered by the user into Facturio;
from the user's actions inside the application;
from Stripe when payments are processed;
from Google when Google OAuth is used;
from Google Analytics when analytics is used;
from technical logs created during service operation;
from user support requests.
The user is responsible for the lawfulness, accuracy and relevance of the data they enter or upload into Facturio.
5. Purposes, data and legal bases of processing
| Purpose of processing | Categories of data | Legal basis |
|---|---|---|
| Creating and maintaining an account | email, login, password in protected form, interface language, authentication data | performance of a contract or steps prior to entering into a contract |
| Providing Facturio features | account, company, client, invoice, document, product, service and settings data | performance of a contract |
| Creating, storing and exporting documents | company, client, invoice, tax, product, service, PDF/CSV/DATEV export data | performance of a contract; user's legitimate interest in maintaining business documentation |
| Email sending and reminders | sender and recipient addresses, message text, templates, attachments, technical delivery data | performance of a contract; user instructions; legitimate interest in providing the sending feature |
| Processing payments | plan, paid period, amount, currency, payment status, Stripe identifiers | performance of a contract; compliance with legal accounting and tax obligations |
| Google OAuth | Google ID, email, verification status, name, avatar URL | performance of a contract; authentication method chosen by the user |
| Google Analytics | usage events, device/browser data, approximate location, traffic source | user consent where required; legitimate interest in improving the service where consent is not required by applicable law |
| Security and abuse prevention | IP address, logs, security events, account activity | legitimate interest in protecting the service, users and data |
| User support | email, support request content, attachments, communication history | performance of a contract; legitimate interest in supporting users |
| Compliance with legal obligations | payment data, invoices, accounting information, logs, communications | compliance with legal obligations |
6. Legitimate interests of Facturio
ensuring the security of the service;
preventing fraud, abuse and unauthorised access;
diagnosing errors and maintaining service stability;
improving the interface, performance and quality of the product;
maintaining technical logs;
protecting the rights and legitimate interests of Facturio, users and third parties.
7. Required and optional data
Some data are required to use the service. For example, an email address is required to create an account, company and client data are required to create an invoice correctly, and payment data are required to access a paid period through Stripe.
Other data may be optional, such as a company logo, additional details, individual email settings or optional document fields. If the user does not provide optional data, some features may be unavailable or limited.
8. User client data
For data relating to clients, contractors and contact persons entered into Facturio by the user, the user usually acts as the controller and Facturio acts as the processor, unless the specific situation indicates otherwise.
The user must ensure that they have a lawful basis for entering, storing and processing such data in Facturio.
Facturio does not determine invoice content, client lists, the lawfulness of issuing documents, the tax correctness of data or the lawfulness of the user's communication with their clients. Processing of such data may additionally be governed by the Data Processing Agreement.
9. Email sending and reminders
If the user uses email sending features, Facturio may send invoices, documents, payment reminders or other messages on behalf of the user or using settings specified by the user.
The user is responsible for the content of sent messages, the correctness of recipient email addresses and having a lawful basis for sending such messages.
If the user connects their own email account, SMTP settings or other sending data, such data are used only to provide the relevant feature and must be stored using reasonable security measures.
10. Payments through Stripe
Payment for paid plans and access periods may be processed through Stripe.
Stripe may process payment data in accordance with its own privacy policy. Facturio may receive limited information from Stripe that is necessary to display payment status, confirm payment, provide access to the selected plan, maintain payment history and fulfil accounting obligations.
Facturio does not store full bank card details when payments are processed through Stripe.
11. Google OAuth
If the user chooses to register or log in through Google, Facturio may receive and process data required for authentication: Google ID, email address, email verification status, display name and profile image.
These data are used to create an account, log in to the service, protect the account and link the user's profile to the selected authentication method. Use of Google OAuth is also governed by Google's terms and policies.
12. Google Analytics, cookies and local storage
Facturio uses Google Analytics to analyse service usage and improve the product.
Google Analytics may use cookies or similar technologies. If consent is required for the use of Google Analytics, analytics cookies and similar technologies are used after such consent has been obtained.
Facturio may also use cookies, local storage or similar technologies for authentication, saving user settings, interface language, session state, security and correct operation of the application.
Technically necessary cookies and local storage are used for the operation of the service. Analytics cookies and similar technologies are used in accordance with applicable law and the Cookie Policy.
13. External service providers
To operate Facturio, we may use external service providers that access personal data only to the extent necessary to perform their functions.
Stripe - payment processing and payment events;
Google OAuth - registration and login through Google;
Google Analytics - service usage analytics;
hosting, server infrastructure and data storage providers;
email delivery or SMTP infrastructure providers;
technical support, monitoring, logging and security providers, where such services are used.
Service providers process personal data to the extent necessary to provide the relevant services to Facturio and on the basis of applicable contractual obligations, including confidentiality and data protection obligations where required by law.
14. International data transfers
Some service providers, including Stripe, Google OAuth and Google Analytics, may process data outside the user's country or the European Economic Area.
Where personal data are transferred to countries with a different level of data protection, we apply available legal safeguards where required by applicable law. Such safeguards may include standard contractual clauses, adequacy decisions or other legal instruments provided by law.
The user may request additional information about applicable safeguards by contacting info@facturio.eu.
15. Data retention periods
We retain personal data only for as long as necessary for the purposes described in this Policy, unless a longer retention period is required by law.
Account data and user work data are usually retained for the period during which the user uses Facturio.
The user may request account deletion by contacting info@facturio.eu. After account deletion or termination of service use, we delete or anonymise account data and work data within 30 days, unless further retention is required to comply with legal obligations, resolve disputes, prevent abuse, ensure security or protect our rights.
Data related to payments, invoices, accounting, tax reporting and other legal obligations may be retained for a longer period required by applicable law.
Backups may be retained for a limited time as part of technical recovery and security processes, after which they are deleted or overwritten in accordance with internal procedures.
16. Data security
We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, alteration, disclosure or destruction.
Such measures may include access control, protected storage of sensitive data, access right limitations, backups, logging and security monitoring.
However, no internet service can guarantee absolute security. The user is also responsible for protecting their credentials and should use a strong password and secure access to their email account.
17. User rights
access their personal data;
correct inaccurate data;
delete data;
restrict data processing;
object to processing;
receive a copy of data in a portable format;
withdraw consent where processing is based on consent;
lodge a complaint with a data protection supervisory authority.
To exercise their rights, the user may contact us at info@facturio.eu.
18. Complaint to a supervisory authority
Since the service operator is an Estonian company, the competent supervisory authority may be the Estonian Data Protection Inspectorate / Andmekaitse Inspektsioon, unless another supervisory authority is competent under applicable law.
19. Automated decisions
Facturio does not make decisions that produce legal effects for the user solely on the basis of automated processing, unless expressly stated in the service.
Some features may automatically calculate amounts, statuses, reminders, reports or technical notifications, but the user is responsible for checking final documents and data before using them.
20. Changes to this Policy
We may update this Privacy Policy if service features, legal requirements, service providers used or data processing methods change.
The current version of the Policy is published in the application or on the Facturio website. If changes are material, we may notify users by an available method.
21. Contact
For questions about privacy and personal data processing, you can contact us:
Creative Brain OÜ
Reg. No.: 14375123
VAT ID: EE102063301
Address: Paepargi tn 47-9, 11417 Tallinn, Estonia
Email: info@facturio.eu
Website: facturio.eu