Privacy Policy

Last updated: February 20, 2026

1. Introduction

Nexus Collective (“Company”, “we”, “us”) operates the Invoica platform. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect your email address and authentication credentials (via OAuth providers like GitHub and Google, or email/password).

Invoice Data

We process invoice data you submit through our API, including amounts, currencies, customer information, tax details, and payment metadata. This data is stored to provide the Service.

Usage Data

We collect information about how you use the Service, including API call logs, feature usage, and performance metrics.

Technical Data

We automatically collect IP addresses, browser type, operating system, and device information for security and analytics purposes.

3. How We Use Your Information

  • To provide and maintain the Service
  • To process invoices and calculate taxes on your behalf
  • To manage your account and subscription
  • To communicate with you about the Service, updates, and security alerts
  • To detect and prevent fraud, abuse, and security incidents
  • To improve the Service and develop new features
  • To comply with legal obligations

4. Data Sharing

We do not sell your personal data. We may share data with:

  • Service Providers: Third parties that help us operate the Service (Supabase for database, Vercel for hosting, Stripe for payments)
  • Legal Requirements: When required by law, subpoena, or legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Invoice data is retained for the period required by applicable tax and financial regulations (typically 7 years). You may request deletion of your account and personal data at any time.

6. Data Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, role-based access controls, and regular security audits. API keys are stored as SHA-256 hashes. However, no method of transmission or storage is 100% secure.

7. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a portable format
  • Objection: Object to certain types of processing
  • Restriction: Request restriction of processing

To exercise these rights, contact us at privacy@invoica.ai.

8. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies. Analytics cookies (if any) are anonymized and used only to improve the Service.

9. International Data Transfers

Your data may be processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place, including standard contractual clauses where required by GDPR.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Service.

12. Contact Us

For privacy-related inquiries, contact us at privacy@invoica.ai.