Invoice Maker Tofu & Estimates App
Privacy Policy

Effective Date: July 4, 2025

INTRODUCTION AND SCOPE

This Invoice Maker Privacy Policy (“Privacy Policy”) is delivered on behalf of GetPaid Inc. (“GetPaid,” “we”, “us”, and “our”) and governs the Personal Data (as defined below) and other data collected from or processed about you when you use the Invoice Maker website available at or the Invoice Maker mobile application (“Invoice Maker”, “App or Web”), including by downloading, installing, registering with, accessing or otherwise using the application (collectively referred to herein as “Use”).

We provide this Privacy Policy to explain our practices for collecting, using, processing, and disclosing the Personal Data and other data we process about Invoice Maker users (“users”, “you”, or “your”, as applicable), and to tell you about the rights you may have in relation to your Personal Data and choices you may be able to make in relation to it. By Personal Data we mean (i) information that is associated with an identified or identifiable natural person, and (ii) protected as personal data under applicable data protection laws.

Please read this Privacy Policy carefully to understand our privacy practices. We also encourage you to get acquainted with our Terms of Use to understand how we provide services to you.

By accepting this Privacy Policy, you acknowledge that you understand and agree to the processing of your Personal Data and other information as described in this Privacy Policy.

If you do not wish to have your data processed in accordance with this Privacy Policy, please refrain from using the Invoice Maker.

Questions? If you have any questions about this Privacy Policy or Invoice Maker, please contact us at support@tofu.com. For additional contact information, please see Section 14: How to Contact Us.

U.S. State Supplements:

This Privacy Policy is designed to comply with data privacy laws across the United States,
including:

If you are a resident of California, please see our California Notice at Collection and Privacy Notice, which provides detailed information about your rights and additional disclosures specific to California.

If you are a resident of Colorado, Connecticut, Virginia, Texas, Oregon, Tennessee, or any other U.S. state with privacy laws, please see our U.S. State Privacy Supplement (Non-California). The rights granted to you under these laws are also outlined in this Privacy Policy. These include:

TABLE OF CONTENTS

1. PERSONAL DATA WE COLLECT AND HOW WE COLLECT IT

We may collect Personal Data from and about you:


2. PERSONAL DATA YOU PROVIDE TO US DIRECTLY


You may provide Personal Data to us directly, or to service providers that act on our behalf, when you Use Invoice Maker. The Personal Data you provide depends on which features of Invoice Maker you Use and how you interact with the app.

3. PERSONAL DATA AND OTHER DATA WE COLLECT AUTOMATICALLY

When you Use Invoice Maker, we or third parties we permit to do so, may automatically collect certain information, including Personal Data, from you (this is subject to your consent where this is required by law). The information collected from you automatically when you Use Invoice Maker may include:

We and third parties may use cookies, Software Development Kits (SDKs), and other tracking technologies to automatically collect the Personal Data and other data set forth above. For more information regarding our use of these technologies, please see Section 6: Cookies, Software Development Kits, and Other Tracking Technologies.

4. THE PURPOSES AND OUR LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA

We may use your Personal Data and other data for a variety of purposes depending on the category of Personal Data and the way you Use and interact with the Invoice Maker, including the following:

5. TO WHOM WE DISCLOSE DATA

We may disclose the information we process about you, including any Personal Data, as follows:

6. COOKIES, SOFTWARE DEVELOPMENT KITS, AND OTHER TRACKING TECHNOLOGIES

Analytics providers. When you Use Invoice Maker, we and our service providers, vendors, and partners, including third parties, may use technologies to collect or receive certain information about you and/or your Use of Invoice Maker. We also use third-party analytics tools like Google Firebase, AppsFlyer, and others to help us measure traffic and usage trends for Invoice Maker and for other purposes. Such analytics tools collect information via third-party SDKs incorporated into Invoice Maker, which includes information about features of Invoice Maker you visit or Use, your actions in Invoice Maker, and information about your subscription. Such information may be used to provide content, advertising, or functionality or to measure and analyze ad performance on Invoice Maker or other websites or platforms. Third parties may also use such information for their own purposes. For the avoidance of doubt, we do not use Image Data for advertising purposes.

Consumption Information. If we receive a refund request for an in-app purchase, we may provide Apple with information about your in-app purchase activity.

This data may include:

We process this data solely to assist Apple in evaluating refund requests, ensuring compliance with applicable laws and regulations, including GDPR and CCPA. Users can withdraw their consent to this processing at any time through the app settings or by contacting us.

Users can withdraw their consent to this processing at any time by adjusting the app settings: Open the App > Go to Settings > Analytics > Toggle Off "Share consumption information".
For further assistance or to withdraw consent directly, users can also contact us via support@tofu.com.

Your Choices. Most browsers and devices are configured to accept cookies and similar tracking technologies automatically. You may be able to set your browser and device options so to limit such technologies. You can visit the Digital Advertising Alliance (“DAA”) Web choices tool at www.aboutads.info to learn more about this interest-based advertising and how to opt out of this kind of advertising by companies participating in the DAA self-regulatory program, and http://www.aboutads.info/appchoices for information on the DAA’s mobile app opt-out program. You can also opt out of receiving interest-based ads from members of the Network Advertising
Initiative (“NAI”) by visiting the NAI consumer opt-out page at http://optout.networkadvertising.org/?c=1#!/. Opting out of receiving interest-based ads does not mean that you will no longer receive ads from us, but rather that the ads will not be tailored to
your perceived interests.

For users in the European Economic Area, United Kingdom and United States. You can opt out from processing of Personal Data via cookies, SDKs and other tracking technologies by clicking sending a request to support@tofu.com.

You may find that some parts of the app may not function properly if you have refused certain tracking technologies, and you should be aware that disabling certain tracking technologies may prevent you from accessing some of our content. Your choices are typically device and browser-specific.

We honor Global Privacy Control (GPC) signals as required by U.S. and international privacy laws. GPC is a browser or device setting that allows you to control the sale or sharing of your personal data. If GPC is enabled on your device, we will process it as a valid opt-out request under applicable laws. For more information on enabling GPC, please visit globalprivacycontrol.org.

7. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA

Access, modification, correction and erasure. You can send us an email at support@tofu.com to request access to, modification, correction, update, erasure or portability of any Personal Data that you have provided to us and that we have about you. You can also request deletion of your account inside the app, both for iOS and Android users. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

EEA/UK individuals. Individuals in the European Economic Area (“EEA”) and the United Kingdom (“UK”) have certain statutory rights in relation to their Personal Data including under the General Data Protection Regulation (Regulation (EU) 2016/679) (“EEA GDPR”) and the UK version of the EEA GDPR (“UK GDPR”) (collectively, the “GDPR”), including the rights specified below. You can exercise these rights by contacting us (for contact information, please see Section 14: How to Contact Us). We will do our best to accommodate your request or objection but please note that not all rights are absolute.

Please keep in mind that in case of a vague request to exercise any of the aforementioned rights we may engage with you in a dialogue to ask for more details if so needed to complete your request. In case this is impossible, we reserve the right to refuse granting your request. Following the provisions of the applicable law, we might also ask you to prove your identity (for example, by requesting your username or some other proof of your identity) in order for you to invoke the mentioned rights. This is made to ensure that no right of third parties is violated by your request, and the mentioned rights are exercised by an actual Personal Data subject or an authorized person.

Third-Party Data Responsibility.

If you include any third-party Personal Data in the Invoice Maker App including but not limited to email addresses of third parties (when sending invoices, estimates, payment requests, or archives), uploaded documents, client names, or contact details, you represent and warrant that you have obtained all necessary consents, authorizations, or other valid legal bases required under applicable law to collect, use, and disclose such data via the App.

We do not independently verify the lawfulness of your use of third-party data and accept no responsibility or liability for your failure to comply with applicable legal obligations regarding such data. You remain solely responsible for the lawful processing of any third-party data you submit to the app.

Prohibited Content and User Responsibility

By using Invoice Maker, you agree not to upload any illegal, harmful, or unlawful content, including but not limited to:

Uploading such content is done at your own risk and responsibility. You are solely responsible for ensuring that the documents you upload do not contain illegal or unlawful material or content you do not have the right to share.

In the event that we detect unlawful content in the documents uploaded by users, we reserve the right to report such content to the relevant authorities for further investigation. This may include providing user-uploaded content or other relevant information to law enforcement or other regulatory bodies, as required by law.

We do not bear responsibility for any legal consequences arising from the uploading of prohibited content.

Manage your privacy rights. To enhance your experience, we provide in-app tools to manage your privacy rights, such as:

For additional assistance, contact us at support@tofu.com.

Requests related to personal or other data. We will process your requests related to personal data within 45 days from the date we receive them. If additional time is required due to complexity or volume of requests, we may extend this period by an additional 45 days. In such cases, we will notify you within the initial 45-day period.

You may submit your request by contacting us at support@tofu.com or through the app’s privacy settings.


8. YOUR CHOICES ABOUT OUR COMMUNICATIONS WITH YOU

Necessary communications. If you are using Invoice Maker you may receive electronic communications from us (e.g., by posting in-app notices in Invoice Maker, push notifications or emails). We send some of these communications to you, such as those related to your subscriptions, technical and security notices and updates to the Privacy Policy and Terms of Use, where necessary to perform our contract with you to provide Invoice Maker or otherwise based on our legitimate interest in contacting you.

Communications related to the functionality of the App. Our app allows users to send emails containing invoices, estimates, payment requests, or archive files either to themselves or to third parties. Email delivery is always initiated manually by the user within the app interface.

Third-Party Recipients. If you choose to enter and use the email address of a third party (e.g., to send an invoice or estimate), you are solely responsible for ensuring that you have obtained the necessary consent from that person, as required by applicable data protection laws. We do not verify or validate the ownership of recipient email addresses entered by users. OTP Delivery. For authentication purposes, we may send you a One-Time Password (OTP) via email. These emails are also processed via the providers mentioned above and initiated only by user request (e.g., during login or identity verification).

Marketing & Promotional Emails. If you wish to opt-out of our promotional and marketing emails, you can do so by following the opt-out links in any marketing email sent to you or by contacting us at support@tofu.com.

If required by law, we will ask for your consent to send you promotional and marketing emails, in-app communications and push notifications about new products, features or offers from Invoice Maker.

Push Notifications. If you wish to opt-out of push notifications, you can do so through your mobile device settings by tapping “Settings” -> “Notifications” -> Choose Invoice Maker -> press the toggle to allow or forbid push notifications from the app.


9. DATA SECURITY

We use reasonable and appropriate information security safeguards to help keep your Personal Data and other data secure and, in an effort, to protect it from accidental loss and unauthorized access, use, alteration and disclosure. Unfortunately, the transmission of information via the internet is not completely secure. Although we take measures to do our best to protect your Personal Data, we cannot guarantee the security of the collected information transmitted to or through Invoice Maker or an absolute guarantee that such information may not be accessed, disclosed, altered, or destroyed.

Any transmission of your Personal Data is at your own risk. We are not responsible for the circumvention of security measures contained in Invoice Maker. Please understand that there is no ideal technology or measure to maintain 100% security.

The safety and security of your information also depends on you. For instance, we are not responsible for how you choose to share the photos or other information processed in your Invoice Maker account, such as via social media services. We are not responsible for the functionality, privacy, or security measures of any other organization.

If you believe your data has been compromised, please contact us immediately at support@tofu.com.


10. DATA RETENTION

We retain Personal Data and other data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (e.g. for tax, accounting, or legal compliance).

Specific retention periods include:

You may request account deletion by contacting support@tofu.com or using the in-app functionality.

Even if we delete some or all your Personal Data and other data, we may continue to retain and use anonymized data previously collected that can no longer be used for personal identification.


11. CROSS-BORDER DATA TRANSFERS

Certain of our service providers are incorporated in the United States. Accordingly, your Personal Data may be transferred to and stored in the United States.

Where required under the EEA GDPR, in case of transfers of personal data from the EEA to countries outside the EEA, where we cannot rely on adequacy decisions adopted by the European Commission (for more information, please see here) we ensure appropriate safeguards are in place to guarantee the continued protection of your personal data, particularly by signing the Standard Contractual Clauses of the European Commission (article 46(2)(c) GDPR). For more information on these Standard Contractual Clauses, please see here.

Where required under the UK GDPR, in case of transfers of personal data to countries outside the United Kingdom, we ensure appropriate safeguards are in place to guarantee the continued protection of your personal data, particularly by signing the UK Addendum to the EU Standard Contractual Clauses or the UK International Data Transfer Agreement, whichever is more appropriate in the given situation. For more information on UK Addendum and the UK International Data Transfer Agreement please see here. We may also guarantee the protection of your personal data by relying on adequacy decisions adopted or approved by the authorities in the United Kingdom.


12. CHILDREN’S PRIVACY

General age limitation. Invoice Maker is not intended for or directed at children under 13, and we do not knowingly collect or solicit any information from anyone under the age of 13 or knowingly allow such persons to Use Invoice Maker. If you are under 13, do not: (i) Use or provide any information in Invoice Maker or through any of its features, or (ii) provide any information about yourself to us, including your name, address, telephone number or email address. If you are a parent or guardian and believe we have collected information from your child who is under the age of 13, please contact us at support@tofu.com.

If we discover that we have collected data from a child under the applicable age without verifiable parental consent, we will promptly delete that information and take steps to prevent further access to the Invoice Maker.

Age limitation for EEA and/or UK individuals. You must be at least 16 years old in order to Use Invoice Maker. We do not allow Use of Invoice Maker by EEA and/or UK individuals younger than 16 years old. If you are aware of anyone younger than 16 Using Invoice Maker, please contact us (for contact information, please see Section 14: How to Contact Us), and we will take the required steps to delete the information provided by such persons.


13. THIRD-PARTY WEBSITES AND SERVICES

We are not responsible for the practices employed by any websites or services linked to or from Invoice Maker, including the information or content contained within them. Where we have a link to a website or service, linked to or from Invoice Maker, we encourage you to read the privacy policy stated on that website or service before providing information on or through it.


14. HOW TO CONTACT US

General contact details. If you have any questions about this Privacy Policy or Invoice Maker, please contact us via email at support@tofu.com.

Data protection officer. If you are an individual in the EEA or the UK and you wish to exercise your rights under Section 7, or you have any questions about this Privacy Policy or Invoice Maker, you can contact our data protection officer via email at support@tofu.com.


15. CHANGES TO OUR PRIVACY POLICY

The date this Privacy Policy was last revised is indicated at the top of the page. We may modify or update this Privacy Policy from time to time. Some changes do not require your consent. However, if we determine that the changes may pose risk to your rights and freedoms, we will ask for your consent to those changes separately from this Privacy Policy.