Privacy Policy for InvoSync

Last Updated: April 25, 2025

RNM Rainmaker GmbH ("we," "us," or "our"), located at Auerspergstraße 1, 1080 Wien, Österreich, operates the InvoSync software-as-a-service platform (www.invosync.app). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our services ("Service").

1. Data We Collect

We collect the following types of data to provide and improve our Service:

  • Account Information: When you sign up, we collect your name, email address, and other information you provide to create and manage your account.
  • Google Account Data: To synchronize invoices from Gmail and store them in Google Drive, we access your Google account data (e.g., emails, attachments, and Google Drive files) with your explicit consent via Google OAuth.
  • Invoice Data: We process emails and attachments containing invoices using Azure Document Analysis and Open AI to extract relevant information (e.g., invoice number, date, amount).
  • Usage Data: We collect analytics data via PostHog, including IP address, browser type, device information, and interactions with the Service to improve functionality and user experience.

2. How We Use Your Data

We use your data to:

  • Provide the Service, including syncing invoices from Gmail to Google Drive.
  • Analyze email content and attachments to extract invoice details using Azure Document Analysis and Open AI.
  • Monitor and improve the Service through PostHog analytics.
  • Communicate with you about your account or updates to the Service.
  • Comply with legal obligations under applicable laws, such as GDPR.

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Consent: For accessing your Google account and processing invoice data.
  • Contract: To provide the Service as per our agreement with you.
  • Legitimate Interests: For analytics and service improvements, where your interests and rights are not overridden.
  • Legal Obligation: To comply with applicable laws.

4. Data Sharing

We share your data with:

  • Third-Party Processors:
    • Microsoft Azure: For document analysis of invoices.
    • Open AI: For AI-based invoice data extraction.
    • PostHog: For usage analytics.
    • Google: To access Gmail and Google Drive with your consent.
  • Legal Authorities: If required by law or to protect our rights.

We ensure all third parties comply with data protection standards, including GDPR where applicable.

5. Data Security

We implement technical and organizational measures to protect your data, including encryption, access controls, and secure data storage on Hetzner servers located in Frankfurt, Germany. However, no system is completely secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your data only as long as necessary to provide the Service or comply with legal obligations. Account and invoice data are deleted upon your request or after one year of account inactivity, unless required by law. Analytics data is anonymized and retained for statistical purposes.

7. Your Rights

Under GDPR, you have the right to:

  • Access, rectify, or erase your personal data.
  • Restrict or object to data processing.
  • Data portability.
  • Withdraw consent at any time (without affecting prior processing).

You may request deletion of your data at any time. To exercise these rights, contact us at [insert contact email]. We will respond within one month, as required by GDPR.

8. International Data Transfers

Your data may be transferred to third-party processors outside the EEA (e.g., Azure, Open AI, PostHog). We ensure such transfers comply with GDPR through Standard Contractual Clauses or other safeguards.

9. Cookies and Tracking

We use PostHog for analytics, which may involve cookies or similar technologies. You can manage cookie preferences through your browser settings.

10. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or through the Service.

11. Contact Us

If you have questions or concerns about this Privacy Policy, contact us at:

RNM Rainmaker GmbH Auerspergstraße 1, 1080 Wien, Austria kgruber@rnm.dev