Back to Home

Privacy Policy

Last updated: 19 February 2026

1. Introduction

Welcome to e-Invoice.app ("we," "our," or "the Platform"). We are committed to protecting your personal information and your right to privacy. e-Invoice.app is operated from New South Wales, Australia.

This Privacy Policy explains how we collect, use, and share information when you use our e-invoicing compliance tracking platform, vendor directory, procurement wizard, and related services. It applies to all visitors, whether browsing as an unauthenticated guest or as a signed-in user.

This policy complies with the Australian Privacy Act 1988, the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

2. Information We Collect

2.1 Information from LinkedIn

When you sign in with LinkedIn, we collect:

  • Your full name
  • Email address
  • LinkedIn profile picture
  • LinkedIn profile URL
  • Professional headline/job title (if publicly available)

2.2 User-Generated Content

We collect content you create on the Platform, including:

  • Comments and discussions about e-invoice requirements
  • Feedback and issue reports
  • Vendor upvotes and endorsements

2.3 Automatically Collected Information

We automatically collect certain information when you use the Platform:

  • Device information (browser type, operating system, screen resolution)
  • Usage data collected via third-party analytics (pages viewed, session duration, navigation paths)
  • Referrer URL and page path
  • IP address (used for rate limiting and general location; not stored long-term)
  • General location data derived from IP address

2.4 Procurement Wizard Data

When you use our Vendor Match procurement wizard, we collect:

  • Company information (industry, size, entity count, headquarters location, budget range)
  • Invoice volume and processing requirements
  • ERP systems and integration preferences
  • Country coverage requirements
  • Contact details (name, email, phone number, job title, company name, website, LinkedIn URL)

This data is stored as wizard sessions and is shared with our appointed procurement partner only upon your explicit consent at the submission step.

2.5 Sponsorship Analytics

We track anonymised impressions and clicks on sponsored content to measure sponsorship performance. This tracking uses a temporary session-based identifier (cleared when you close the tab). Sponsorship analytics are not used for behavioural advertising or user profiling.

2.6 Colleague Invitations

When you invite colleagues via the Platform, we collect the email addresses of the people you invite. These email addresses are stored solely to send the invitation and track invite history. We do not add invited individuals to marketing lists or share their email addresses with third parties. Invited individuals' data is retained only as part of your invite history.

2.7 Public Profile Visibility

If you have discoverability enabled (the default setting), your name, company, job title, and LinkedIn URL are visible to other signed-in users via the community discovery feature. You can disable discoverability at any time in your profile settings.

3. How We Use Your Information

We use your information to:

  • Provide and improve our e-invoice tracking and vendor directory services
  • Verify user identity and prevent fraudulent activity
  • Enable community discussions and professional collaboration
  • Match you with relevant vendors through our procurement wizard
  • Measure sponsored content performance
  • Send important updates about e-invoice compliance changes
  • Analyse platform usage to improve user experience
  • Enforce rate limits and prevent abuse
  • Log API access for security monitoring
  • Track your last active timestamp to maintain platform health
  • Send invitations to colleagues on your behalf when you use the invite feature

4. Information Sharing

We share information in the following circumstances:

4.1 Public Information

Your name, profile picture, and comments are visible to all users (authenticated and unauthenticated) to maintain transparency and accountability in our professional community. If you have discoverability enabled, your name, company, job title, and LinkedIn URL are also visible to other signed-in users.

4.2 Service Providers

We use the following categories of third-party service providers to operate the Platform:

  • Database & Authentication Provider — stores user profiles, content, and handles secure sign-in via LinkedIn OAuth
  • Hosting & Deployment Provider — serves the Platform globally via edge network infrastructure
  • Analytics Provider — collects anonymised website usage data (pages viewed, session duration, navigation paths) via cookies; may process data outside the EU
  • Content Delivery & Security Provider — provides CDN, DDoS protection, and web performance analytics
  • Email Delivery Provider — sends transactional emails (invitations, RFP submissions, inquiry confirmations)
  • Rate Limiting Provider — request throttling to prevent abuse

We use LinkedIn as our sole authentication provider. No other social media platforms are integrated.

4.3 Data Sharing with Procurement Partner

When you submit a procurement request through our Vendor Match wizard, your submission data (company details, requirements, and contact information) is shared with our appointed procurement partner for vendor matching and selection support. This sharing occurs only upon your explicit consent at the submission step and is transmitted via encrypted email through our email delivery provider.

4.4 Sponsor Lead Data

When you submit contact or quote requests via sponsor inquiry forms, your data (name, email, company name, and message) is shared with the relevant sponsor vendor for direct follow-up. Sponsor lead data is provided for the sponsor's own use only and may not be sold, transferred, sub-licensed, or distributed to third parties. Sponsor vendors are contractually required to handle lead data in accordance with applicable privacy laws.

4.5 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect our rights, users, or the public from harm or illegal activities.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide our services. When you delete your account:

  • Your personal profile information is permanently deleted
  • Your comments are transferred to a system account to preserve community discussions
  • Vendor upvotes remain to maintain directory integrity

Specific retention periods:

  • Account data — retained while your account is active; deleted upon account deletion
  • Wizard sessions — 24 months, then anonymised
  • API access logs — 12 months
  • Sponsorship and vendor analytics — 24 months
  • Rate limiting data — expires within minutes
  • Analytics data — 14 months (per our analytics provider's configuration)
  • Invite history — retained while your account is active; deleted upon account deletion
  • Comment views — retained for 24 months for analytics purposes

6. Your Rights

6.1 All Users

Regardless of your location, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate information
  • Deletion — request deletion of your account and personal data
  • Data Portability — receive your data in a structured, machine-readable format
  • Object — object to processing of your data for analytics or profiling
  • Restrict Processing — request restriction of processing in certain circumstances
  • Opt-out — unsubscribe from non-essential communications

To exercise these rights, contact us at: team@e-invoice.app

6.2 Australian Privacy Act 1988

If you are located in Australia, you have the right to:

  • Access and correct personal information held about you
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you are unsatisfied with our handling of your data

We collect personal information only for purposes directly related to our functions and activities, as required by Australian Privacy Principle 3.

6.3 GDPR (EU/EEA/UK Residents)

If you are located in the EU, EEA, or UK, you have additional rights under the GDPR:

  • Right to lodge a complaint with your local Data Protection Authority
  • Right to withdraw consent at any time (where processing is based on consent)
  • Right to data portability between service providers

Our legal bases for processing are: consent (wizard submissions, sponsor inquiries), legitimate interest (analytics, vendor directory listings per Article 6(1)(f), platform security), and contract performance (account services).

6.4 CCPA (California Residents)

If you are a California resident:

  • We do not sell personal information
  • You have the right to know what personal information we collect, disclose, and sell
  • You have the right to request deletion of your personal information
  • You have the right to opt out of any sale of personal information
  • We will not discriminate against you for exercising your privacy rights

Analytics opt-out: You can opt out of analytics data collection by adjusting your browser settings or by installing your analytics provider's opt-out browser add-on.

7. Cookies and Tracking

7.1 Essential Cookies

Authentication session cookies and CSRF protection tokens are required for sign-in functionality. These cookies are strictly necessary and cannot be disabled while using authenticated features.

7.2 Analytics Cookies

We use third-party analytics cookies (such as _ga and _gid) to measure pages viewed, session duration, and navigation paths. You can opt out via your browser settings or by installing your analytics provider's opt-out browser add-on. Our CDN provider may also set a performance measurement beacon; this does not use persistent cookies.

7.3 Local and Session Storage

We store a first-visit flag in your browser's local storage (contains no personal data) and a temporary session identifier for analytics purposes (automatically cleared when you close the tab).

We do not use advertising cookies, retargeting pixels, or sell data to advertisers.

8. Data Security

We implement industry-standard security measures including:

  • Encrypted data transmission (HTTPS/TLS)
  • Access control policies on all database tables
  • LinkedIn OAuth for secure authentication
  • Distributed rate limiting to prevent abuse
  • IP-based access controls and request throttling
  • Regular security audits and updates

Data breach notification: In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme (Part IIIC of the Privacy Act 1988). For EU/EEA users, we will also notify the relevant Data Protection Authority within 72 hours as required by GDPR Article 33.

9. Children's Privacy

Our Platform is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe we have collected information from a minor, please contact us immediately.

10. Legal Basis for Processing (GDPR)

For users in the EU/EEA/UK, we process personal data under the following legal bases:

  • Consent — wizard/RFP submissions, sponsor lead inquiries, colleague invitations
  • Legitimate interest (Article 6(1)(f)) — vendor directory listings compiled from publicly available information, platform security, fraud prevention, analytics for service improvement
  • Contract performance — account creation, authentication, core service delivery
  • Legal obligation — compliance with tax/regulatory requirements, law enforcement requests, data breach notifications

11. Automated Decision-Making

Vendor rankings on the Platform are computed algorithmically based on multiple factors including data quality, coverage, and community engagement. These rankings affect vendor visibility on the Platform but do not produce legal effects or similarly significant effects on individuals. You may contact us at team@e-invoice.app to query any automated processing relating to your data.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your own. Specifically:

  • Our database is hosted on cloud infrastructure in the EU region
  • Our application is served via a global edge network
  • Our analytics provider may process data in the United States
  • Our CDN/security provider operates a global network

Where data is transferred outside of the EU/EEA, we rely on adequacy decisions, standard contractual clauses, or other GDPR-compliant safeguards to ensure your data is protected.

13. Governing Law & Severability

This Privacy Policy is governed by the laws of New South Wales, Australia. If any provision of this Privacy Policy is found to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Platform after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

This Privacy Policy complies with the Australian Privacy Act 1988, GDPR (EU), CCPA (California), and other applicable data protection regulations. By using e-Invoice.app, you acknowledge that you have read and understood this Privacy Policy. See also our Terms of Service.