Privacy Policy
Last updated: May 2026
1. What We Collect
When you create an account, we store:
- Your email address and a hashed password (we never see the actual password)
- Your trade and business name (if provided)
- Invoices, estimates, clients, and line items you create
2. How We Use It
Your data is used exclusively to provide the invoicing service — generating PDFs, sending emails, and displaying your records. We do not sell, share, or monetise your data.
3. Email Sending
If you configure SMTP settings to send invoices via email, your SMTP password is encrypted at rest. Emails are sent directly from your SMTP provider — we do not relay or store your outbound email.
4. Cookies
We use a single session cookie to keep you logged in. No tracking, no analytics, no third-party cookies.
5. Data Retention
Your data stays in your account until you delete it. You can delete individual invoices, clients, or your entire account from the Settings page.
6. Security
All traffic is encrypted via HTTPS. Passwords are hashed with bcrypt. We follow OWASP ASVS Level 2 security standards.
7. Your Rights (UK GDPR)
You have the right to access, correct, or delete your personal data at any time. Contact us from your account's Settings page to request a data export or full account deletion.
8. Beta Disclaimer
TradesInvoice is currently in early testing. While we take data protection seriously, you should treat this as a beta service — data may be reset as we iterate. Do not rely on it as your sole invoicing system yet.