INTRODUCTION AND SCOPE
This Invoice Maker Privacy Policy (“Privacy Policy”) is delivered on behalf of GetPaid Inc. (“GetPaid,” “we”, “us”, and “our”) and governs the Personal Data (as defined below) and other data collected from or processed about you when you use the Invoice Maker website available at or the Invoice Maker mobile application (“Invoice Maker”, “App or Web”), including by downloading, installing, registering with, accessing or otherwise using the application (collectively referred to herein as “Use”).
We provide this Privacy Policy to explain our practices for collecting, using, processing, and disclosing the Personal Data and other data we process about Invoice Maker users (“users”, “you”, or “your”, as applicable), and to tell you about the rights you may have in relation to your Personal Data and choices you may be able to make in relation to it. By Personal Data we mean (i) information that is associated with an identified or identifiable natural person, and (ii) protected as personal data under applicable data protection laws.
Please read this Privacy Policy carefully to understand our privacy practices. We also encourage you to get acquainted with our Terms of Use to understand how we provide services to you.
By accepting this Privacy Policy, you acknowledge that you understand and agree to the processing of your Personal Data and other information as described in this Privacy Policy.
If you do not wish to have your data processed in accordance with this Privacy Policy, please refrain from using the Invoice Maker.
Questions? If you have any questions about this Privacy Policy or Invoice Maker, please contact us at support@tofu.com. For additional contact information, please see Section 14: How to Contact Us.
U.S. State Supplements:
This Privacy Policy is designed to comply with data privacy laws across the United States,
including:
- California Consumer Privacy Act (CCPA),
- Colorado Privacy Act (CPA),
- Connecticut Data Privacy Act (CTDPA),
- Virginia Consumer Data Protection Act (VCDPA),
- Texas Data Privacy and Security Act (TDPSA),
- Tennessee Consumer Privacy Act (TCPA),
- Oregon Consumer Privacy Act (OCPA) and other applicable state laws.
If you are a resident of California, please see our California Notice at Collection and Privacy Notice, which provides detailed information about your rights and additional disclosures specific to California.
If you are a resident of Colorado, Connecticut, Virginia, Texas, Oregon, Tennessee, or any other U.S. state with privacy laws, please see our U.S. State Privacy Supplement (Non-California). The rights granted to you under these laws are also outlined in this Privacy Policy. These include:
- The right to access, correct, delete, or receive a copy of your personal data.
- The right to opt out of the sale or sharing of your personal data, targeted advertising, and profiling with legal or significant effects.
TABLE OF CONTENTS
1. PERSONAL DATA WE COLLECT AND HOW WE COLLECT IT
We may collect Personal Data from and about you:
- Directly from you when you provide it to us.
- Automatically when you Use Invoice Maker. Information collected automatically may include Usage details and internet protocol (“IP”) addresses.
- From third parties, for example, our service providers, partners and vendors.
2. PERSONAL DATA YOU PROVIDE TO US DIRECTLY
You may provide Personal Data to us directly, or to service providers that act on our behalf, when you Use Invoice Maker. The Personal Data you provide depends on which features of Invoice Maker you Use and how you interact with the app.
- Business Information. When you create or manage your business profile, you may provide the business name, first and last name of a contact person, contact email, phone number, and address. This information may relate to your own business or to you personally if you are doing business as an individual.
- Client Information. When you create client records to issue invoices or estimates, you may provide clients’ names (first and last name or business name), emails, phone numbers, and addresses (if needed). These details (specifically, clients’ names and emails) are essential for the core functionality of the Invoice Maker; without this information, it would be impossible to create and share an invoice. Please note that providing your clients’ phone numbers and physical addresses is optional; you may add them using the Invoice Maker functionality if you wish.
- When you generate invoices or estimates, you may use previously saved or manually entered client and business contact information, such as business name, first and last name of a contact person, contact email, phone number, and address.
- Authentication Data. When you create or access your personal account:
- If using Google - we may collect your name and email address via Google’s authentication gateway (API).
- If using Apple - we may collect your name and email address, depending on your Apple ID sharing preferences.
- If using email - you provide your email address and verify it via a one-time password sent to your inbox.
- These credentials are stored in the Invoice Maker to maintain your account and profile.
- Photos and documents that you upload to Invoice Maker. When you generate invoices or estimates you may (if supported by the App’s functionality) upload any of the documents, files, images or other data from Photo Library, Cloud Services, or that you create, scan, edit, or otherwise share using the Invoice Maker. If you grant us permission to access your camera or your device’s photo library, we will process the photos you select to upload to Invoice Maker to provide features of the app that you choose to use.
- If you contact us or communicate with us, we will collect and receive records and copies of your correspondence with us and contact details that you have provided us while making your inquiries (such as your name, postal addresses, email addresses and phone numbers or any other identifier by which you may be contacted).
- Sensitive data. We do not intentionally use or process sensitive data beyond what is necessary to provide the core functionality of the app. Sensitive data may include, but is not limited to:
- Personally Identifiable Information (PII), such as names, addresses, phone numbers, or financial information.
- Medical, biometric, or other confidential information.
Sensitive information is provided solely at the user’s discretion and under their control.
In cases where sensitive data is uploaded unintentionally:
- We do not knowingly collect or process any sensitive personal data except to the extent strictly necessary to provide you with the Service you have requested.
- We do not analyze the content you upload; therefore, we cannot actively monitor or identify sensitive data within your uploads.
If we become aware that sensitive data has been uploaded unintentionally, we will make reasonable efforts to delete it promptly, where technically feasible.
Please note we rely on you to avoid uploading sensitive personal data (such as health information, biometric data, or data revealing racial or ethnic origin) unless it is strictly necessary for your use of the Service. By uploading documents, you acknowledge that the decision to include sensitive information is yours, and we are not liable for any sensitive
3. PERSONAL DATA AND OTHER DATA WE COLLECT AUTOMATICALLY
When you Use Invoice Maker, we or third parties we permit to do so, may automatically collect certain information, including Personal Data, from you (this is subject to your consent where this is required by law). The information collected from you automatically when you Use Invoice Maker may include:
- Log file information. Log file information is automatically reported by your browser each time you make a request to access (ie, visit) a web page or app. It can also be provided when the content of the webpage or app is downloaded to your browser or device. When you use Invoice Maker, our servers automatically record certain log file information, including your web request, IP address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on the Invoice Maker, domain names, landing pages, pages viewed, and other such information. We may also collect similar information from emails sent to our Users which then help us track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of our services.
- Subscription and device data. Information related to your subscription and device used for technical authorization.
- Marketing and cookies data. Collected through cookies and analytics services integrated into the app.
- Device information. Information about your mobile device and internet connection, including your IP address, the device’s unique device identifier, operating system and version, mobile network information, device type and device language.
- App and country information. Information regarding the version of the app that you are using and the country version of the app store from which you downloaded Invoice Maker.
- Geolocation data. The state or country associated with your IP address.
- In-app events. When you use our Invoice Maker, analytics tools automatically record your activity information (tutorial steps, levelling up, payments, in-app purchases, custom events, progression events, method of limiting the processing of user data).
- Usage details. Details of your Use of Invoice Maker, including frequency of Use, areas and features of the application that youaccess and information regarding engagement with particular features of the app.
- Invoice and Payment Data. We may collect and store invoice-related information, including invoice number and metadata (issue date, due date, etc.), recipient name and email, item descriptions, and total amounts due or paid. This data is collected solely for the purpose of generating and managing invoices, providing you with transaction records, and fulfilling our legal and contractual obligations (e.g., tax reporting and accounting).
- Details about your in-app purchases. For example, details regarding the time you made certain purchases.
- Third-party emails. Email addresses of third parties provided for document signing or sharing.
- Permissions for Camera, Photos and videos, Files. After you grant us the relevant permission, we may have technical access to your camera that is required to be able to scan documents via the Invoice Maker and/or to take photos you want to add to your documents. Additionally, if you try to upload any image, photo or file from your Photo Library/Gallery or Files to the Invoice Maker, the relevant technical access of the Invoice Maker to your Photos and videos or Files is required. The technical access you provide to your Photos and videos (either limited or full), Files is necessary for us solely to enable you to upload photos, images, files from your device to the Invoice Maker, use them to create and edit documents in the Invoice Maker, i.e. to operate the Invoice Maker Services and provide you with the Invoice Maker functionality. You can manage, change access permissions to your Camera, Photos and videos, Files at any time via the Settings app on your device.
- Payments. When enabling payment processing, you may integrate with Stripe. You may initiate the creation of a Stripe account, which opens in a web interface embedded in the Invoice Maker. The payment account details are stored by Stripe, not by us. Payment links or QR codes may be generated and shared to facilitate client payments.
- (If you have provided your consent) IDFA or Android Advertising ID, whichever is applicable to your device. If you want to disable the collection of IDFA and/or Android Advertising ID by Invoice Maker, please follow the instructions below.
If you use an iOS device:
1. Go to Privacy settings to see a list of apps that request to track your activity. On iPhone or iPad, go to Settings > Privacy > Tracking.
2. Tap to turn off or turn on permission to track for Invoice Maker.
We and third parties may use cookies, Software Development Kits (SDKs), and other tracking technologies to automatically collect the Personal Data and other data set forth above. For more information regarding our use of these technologies, please see Section 6: Cookies, Software Development Kits, and Other Tracking Technologies.
4. THE PURPOSES AND OUR LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA
We may use your Personal Data and other data for a variety of purposes depending on the category of Personal Data and the way you Use and interact with the Invoice Maker, including the following:
- To present to you and others with Invoice Maker and its contents and any other information, products or services that you request from us, including to provide various features of the app and its functionality. We do so to provide you with the services according to our contractual obligation.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us in relation to Invoice Maker (e.g., the Terms of Use). This is for the performance of our contract with you and for our legitimate interests in performing and enforcing our contracts with you.
- To provide you with customer and technical support, investigate your concerns, respond to your inquiries and to monitor and improve our responses to your and other users’ inquiries in relation to Invoice Maker. It is our legitimate interest to provide you with high-quality support.
- To communicate with you, such as to notify you about changes to Invoice Maker or any products or services we offer or provide through Invoice Maker, including by sending you technical notices, notices about your account/subscription, including expiration and renewal notices, updates, security alerts and support and administrative messages, which we may send through an in-app or a push notification (you may opt-out of push notifications by changing the settings on your mobile device). It is our legal obligation to keep you informed about your subscription and your account and otherwise in our legitimate interests of keeping you informed about your Invoice Maker account.
- To conduct research, analytics and monitor performance and other metrics regarding Invoice Maker and your Use of Invoice Maker. This may include data regarding the total number of users of our app, traffic, and demographic patterns related to the use of our app. Where this data is collected through the technologies described in Section 6 and where required by law, we rely on your consent; otherwise, it is our legitimate interest to conduct analytics as it helps us understand our business metrics and improve our product.
- To improve, test, and monitor the effectiveness of Invoice Maker. It is our legitimate interest to conduct such analyses to understand our product and business metrics.
- To provide personalized content and information to you in relation to Invoice Maker and so that we, and third parties on which we rely, can advertise to you. This may include using your Personal Data to build advertising audiences that we believe are similar to our user base, serving online ads to you, or engaging in other forms of advertising. Where required by law, we rely on your consent to engage in such activities and/or offer you the opportunity to opt-out. Please see Section 3 and Section 6 for more information.
- To send marketing and promotional communications to you, such as via email, push notification or in-app messaging either with your consent or as otherwise permitted by law. Please see Section 8: Your Choices About Our Communications With You for more information.
- In any other way as we may describe when you provide the information or otherwise at your direction or with your consent.
- As permitted or required by law, including for auditing, fraud and security monitoring purposes.
- We may use automated decision-making technologies, including profiling, to improve app functionality, provide personalized content, and optimize advertising. For example, automated profiling may be used to recommend features based on your usage patterns. You have the right to:
- Request more information about any automated decision-making processes,
- Object to profiling that significantly affects you, and
- Request human intervention in cases where automated decisions impact your rights under applicable laws.
5. TO WHOM WE DISCLOSE DATA
We may disclose the information we process about you, including any Personal Data, as follows:
- We may disclose your Personal Data, and other collected information to third-party organizations such as contractors, business partners, service providers, and vendors that we use to support our business and who assist us in providing Invoice Maker. Such service providers may include:
- Email delivery providers. Our app allows users to send emails containing invoices, estimates, payment requests, or archive files either to themselves or to third parties. Email delivery is always initiated manually by the user within the app interface. Our email
providers may process recipient email addresses, subject lines, and message metadata solely for the purpose of delivering emails and monitoring delivery status.
Our email delivery providers may include: - We use Stripe as our third-party payment processor. All payment-related information including card details, billing address, and other financial data is provided directly by you to Stripe and is not stored, processed, or accessed by us at any point. Stripe independently collects, processes, and stores your payment information in accordance with its own Privacy Policy and Terms of service. We do not retain any sensitive payment data submitted through Stripe forms. For more information, please refer to Stripe’s Privacy Policy and Stripe Connected Account Agreement.
- We may disclose your Personal Data in the event that we or any of our affiliates, subsidiaries or lines of business is merged, acquired, divested, financed, sold, disposed of or dissolved, including in the course of a transaction like a merger, divestiture, restructuring, reorganization, acquisition, bankruptcy, dissolution, liquidation. In such cases, your Personal Data and any other collected information may be among the items sold, transferred, or otherwise disclosed as part of that transaction or proceeding.
- We may disclose your Personal Data in response to legal requests and for purposes of preventing harm. We may access, preserve and share your information in response to a legal (like a search warrant, court order or subpoena), government or regulatory request if we have a good faith belief that the law requires us to do so. This may include responding to legal, government or regulatory requests from jurisdictions where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards. We may also access, preserve and share information when we have a good faith belief it is necessary to: (i) detect, prevent and address fraud and other illegal activity; (ii) protect ourselves, you and others, including as part of investigations; and (iii) prevent death or imminent bodily harm. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.
6. COOKIES, SOFTWARE DEVELOPMENT KITS, AND OTHER TRACKING TECHNOLOGIES
Analytics providers. When you Use Invoice Maker, we and our service providers, vendors, and partners, including third parties, may use technologies to collect or receive certain information about you and/or your Use of Invoice Maker. We also use third-party analytics tools like Google Firebase, AppsFlyer, and others to help us measure traffic and usage trends for Invoice Maker and for other purposes. Such analytics tools collect information via third-party SDKs incorporated into Invoice Maker, which includes information about features of Invoice Maker you visit or Use, your actions in Invoice Maker, and information about your subscription. Such information may be used to provide content, advertising, or functionality or to measure and analyze ad performance on Invoice Maker or other websites or platforms. Third parties may also use such information for their own purposes. For the avoidance of doubt, we do not use Image Data for advertising purposes.
Consumption Information. If we receive a refund request for an in-app purchase, we may provide Apple with information about your in-app purchase activity.
This data may include:
- Account Tenure: the duration of your account's existence;
- App Account Token: an anonymous account identifier used for the transaction;
- Consumption Status: the extent to which the in-app purchase was used or consumed;
- Delivery Status: confirmation of whether the purchased content was successfully
delivered; - Lifetime Dollars Purchased: the total amount spent on in-app purchases in our app, in
USD; - Lifetime Dollars Refunded: the total amount refunded to you for in-app purchases, in
USD; - Platform: the platform where the in-app purchase was consumed;
- Play Time: the total time spent using our app;
- Sample Content Provided: whether a free trial or sample of the in-app purchase was available before purchase;
- User Status: the current status of your account.
We process this data solely to assist Apple in evaluating refund requests, ensuring compliance with applicable laws and regulations, including GDPR and CCPA. Users can withdraw their consent to this processing at any time through the app settings or by contacting us.
Users can withdraw their consent to this processing at any time by adjusting the app settings: Open the App > Go to Settings > Analytics > Toggle Off "Share consumption information".
For further assistance or to withdraw consent directly, users can also contact us via support@tofu.com.
Your Choices. Most browsers and devices are configured to accept cookies and similar tracking technologies automatically. You may be able to set your browser and device options so to limit such technologies. You can visit the Digital Advertising Alliance (“DAA”) Web choices tool at www.aboutads.info to learn more about this interest-based advertising and how to opt out of this kind of advertising by companies participating in the DAA self-regulatory program, and http://www.aboutads.info/appchoices for information on the DAA’s mobile app opt-out program. You can also opt out of receiving interest-based ads from members of the Network Advertising
Initiative (“NAI”) by visiting the NAI consumer opt-out page at http://optout.networkadvertising.org/?c=1#!/. Opting out of receiving interest-based ads does not mean that you will no longer receive ads from us, but rather that the ads will not be tailored to
your perceived interests.
For users in the European Economic Area, United Kingdom and United States. You can opt out from processing of Personal Data via cookies, SDKs and other tracking technologies by clicking sending a request to support@tofu.com.
You may find that some parts of the app may not function properly if you have refused certain tracking technologies, and you should be aware that disabling certain tracking technologies may prevent you from accessing some of our content. Your choices are typically device and browser-specific.
We honor Global Privacy Control (GPC) signals as required by U.S. and international privacy laws. GPC is a browser or device setting that allows you to control the sale or sharing of your personal data. If GPC is enabled on your device, we will process it as a valid opt-out request under applicable laws. For more information on enabling GPC, please visit globalprivacycontrol.org.
7. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
Access, modification, correction and erasure. You can send us an email at support@tofu.com to request access to, modification, correction, update, erasure or portability of any Personal Data that you have provided to us and that we have about you. You can also request deletion of your account inside the app, both for iOS and Android users. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
EEA/UK individuals. Individuals in the European Economic Area (“EEA”) and the United Kingdom (“UK”) have certain statutory rights in relation to their Personal Data including under the General Data Protection Regulation (Regulation (EU) 2016/679) (“EEA GDPR”) and the UK version of the EEA GDPR (“UK GDPR”) (collectively, the “GDPR”), including the rights specified below. You can exercise these rights by contacting us (for contact information, please see Section 14: How to Contact Us). We will do our best to accommodate your request or objection but please note that not all rights are absolute.
- Access to your Personal Data. You have a right to request information about whether we have any Personal Data about you, and to receive a copy of such Personal Data.
- Rectification of your Personal Data. You are responsible for ensuring the accuracy of your Personal Data that you provide to us. Inaccurate information may affect your experience when Using Invoice Maker features and our ability to contact you as described in this Privacy Policy. If you believe that your Personal Data is incomplete or inaccurate, you have a right to contact us and ask us to correct such Personal Data.
- Restriction of processing. You also have the right to demand restriction of processing of your Personal Data, for example, if you contest the accuracy of the Personal Data which inaccuracy is verified by us.
- Erasure of your Personal Data. In certain circumstances, you may ask us to erase your Personal Data. Please be aware that erasing some Personal Data may affect your ability to Use Invoice Maker.
- Right to portability of your Personal Data. In certain circumstances, you have the right to request us to receive any Personal Data you provided us in a structured, commonly used and machine-readable format. You may further ask us to give that Personal Data to another party.
- Right to object to processing or otherwise using your Personal Data. Where we are processing your Personal Data based on our legitimate interest, you may object to the processing or otherwise using your Personal Data. Please be aware that our inability to
process or otherwise use some of your Personal Data may affect your ability to Use Invoice Maker. If you have opted in to receiving marketing communications, you have the right to opt out of those at any time. - Right to withdraw your consent at any time. Where you may have provided your consent to the processing of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. The withdrawal of your consent does not affect the lawfulness of the processing based on your consent before its withdrawal.
- Right to lodge a complaint with a supervisory authority. Subject to the GDPR, you have the right to lodge a complaint with a local data protection authority in the country of your residence, where you work or where an alleged infringement of the applicable data protection law took place. Please see a list of EU member states’ supervisory authority here, and the UK’s supervisory authority (ICO) here.
Please keep in mind that in case of a vague request to exercise any of the aforementioned rights we may engage with you in a dialogue to ask for more details if so needed to complete your request. In case this is impossible, we reserve the right to refuse granting your request. Following the provisions of the applicable law, we might also ask you to prove your identity (for example, by requesting your username or some other proof of your identity) in order for you to invoke the mentioned rights. This is made to ensure that no right of third parties is violated by your request, and the mentioned rights are exercised by an actual Personal Data subject or an authorized person.
Third-Party Data Responsibility.
If you include any third-party Personal Data in the Invoice Maker App including but not limited to email addresses of third parties (when sending invoices, estimates, payment requests, or archives), uploaded documents, client names, or contact details, you represent and warrant that you have obtained all necessary consents, authorizations, or other valid legal bases required under applicable law to collect, use, and disclose such data via the App.
We do not independently verify the lawfulness of your use of third-party data and accept no responsibility or liability for your failure to comply with applicable legal obligations regarding such data. You remain solely responsible for the lawful processing of any third-party data you submit to the app.
Prohibited Content and User Responsibility
By using Invoice Maker, you agree not to upload any illegal, harmful, or unlawful content, including but not limited to:
- Personal Data of third parties without their consent,
- Sensitive personal data of third parties, such as medical, financial, or biometric data,
unless you have explicit consent, - Infringing content, including but not limited to copyrighted material, trademark violations,
or any content that breaches intellectual property rights, - Defamatory or offensive material, including hate speech, threats, or discriminatory content,
- Pornographic, sexually explicit, or obscene content,
- Fraudulent or deceptive content, such as phishing attempts, scams, or misleading information.
- And other types of information which could be considered as illegal.
Uploading such content is done at your own risk and responsibility. You are solely responsible for ensuring that the documents you upload do not contain illegal or unlawful material or content you do not have the right to share.
In the event that we detect unlawful content in the documents uploaded by users, we reserve the right to report such content to the relevant authorities for further investigation. This may include providing user-uploaded content or other relevant information to law enforcement or other regulatory bodies, as required by law.
We do not bear responsibility for any legal consequences arising from the uploading of prohibited content.
Manage your privacy rights. To enhance your experience, we provide in-app tools to manage your privacy rights, such as:
- Accessing your personal data,
- Deleting your account and associated data,
- Managing consent for tracking and analytics technologies.
For additional assistance, contact us at support@tofu.com.
Requests related to personal or other data. We will process your requests related to personal data within 45 days from the date we receive them. If additional time is required due to complexity or volume of requests, we may extend this period by an additional 45 days. In such cases, we will notify you within the initial 45-day period.
You may submit your request by contacting us at support@tofu.com or through the app’s privacy settings.
8. YOUR CHOICES ABOUT OUR COMMUNICATIONS WITH YOU
Necessary communications. If you are using Invoice Maker you may receive electronic communications from us (e.g., by posting in-app notices in Invoice Maker, push notifications or emails). We send some of these communications to you, such as those related to your subscriptions, technical and security notices and updates to the Privacy Policy and Terms of Use, where necessary to perform our contract with you to provide Invoice Maker or otherwise based on our legitimate interest in contacting you.
Communications related to the functionality of the App. Our app allows users to send emails containing invoices, estimates, payment requests, or archive files either to themselves or to third parties. Email delivery is always initiated manually by the user within the app interface.
Third-Party Recipients. If you choose to enter and use the email address of a third party (e.g., to send an invoice or estimate), you are solely responsible for ensuring that you have obtained the necessary consent from that person, as required by applicable data protection laws. We do not verify or validate the ownership of recipient email addresses entered by users. OTP Delivery. For authentication purposes, we may send you a One-Time Password (OTP) via email. These emails are also processed via the providers mentioned above and initiated only by user request (e.g., during login or identity verification).
Marketing & Promotional Emails. If you wish to opt-out of our promotional and marketing emails, you can do so by following the opt-out links in any marketing email sent to you or by contacting us at support@tofu.com.
If required by law, we will ask for your consent to send you promotional and marketing emails, in-app communications and push notifications about new products, features or offers from Invoice Maker.
Push Notifications. If you wish to opt-out of push notifications, you can do so through your mobile device settings by tapping “Settings” -> “Notifications” -> Choose Invoice Maker -> press the toggle to allow or forbid push notifications from the app.
9. DATA SECURITY
We use reasonable and appropriate information security safeguards to help keep your Personal Data and other data secure and, in an effort, to protect it from accidental loss and unauthorized access, use, alteration and disclosure. Unfortunately, the transmission of information via the internet is not completely secure. Although we take measures to do our best to protect your Personal Data, we cannot guarantee the security of the collected information transmitted to or through Invoice Maker or an absolute guarantee that such information may not be accessed, disclosed, altered, or destroyed.
Any transmission of your Personal Data is at your own risk. We are not responsible for the circumvention of security measures contained in Invoice Maker. Please understand that there is no ideal technology or measure to maintain 100% security.
The safety and security of your information also depends on you. For instance, we are not responsible for how you choose to share the photos or other information processed in your Invoice Maker account, such as via social media services. We are not responsible for the functionality, privacy, or security measures of any other organization.
If you believe your data has been compromised, please contact us immediately at support@tofu.com.
10. DATA RETENTION
We retain Personal Data and other data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (e.g. for tax, accounting, or legal compliance).
Specific retention periods include:
- User account data. Retained until the user deletes their account.
- Uploaded and created documents. Retained for as long as needed to provide the requested services. Documents can be deleted at any time from within the app. Once deleted, they are permanently removed from our servers.
You may request account deletion by contacting support@tofu.com or using the in-app functionality.
Even if we delete some or all your Personal Data and other data, we may continue to retain and use anonymized data previously collected that can no longer be used for personal identification.
11. CROSS-BORDER DATA TRANSFERS
Certain of our service providers are incorporated in the United States. Accordingly, your Personal Data may be transferred to and stored in the United States.
Where required under the EEA GDPR, in case of transfers of personal data from the EEA to countries outside the EEA, where we cannot rely on adequacy decisions adopted by the European Commission (for more information, please see here) we ensure appropriate safeguards are in place to guarantee the continued protection of your personal data, particularly by signing the Standard Contractual Clauses of the European Commission (article 46(2)(c) GDPR). For more information on these Standard Contractual Clauses, please see here.
Where required under the UK GDPR, in case of transfers of personal data to countries outside the United Kingdom, we ensure appropriate safeguards are in place to guarantee the continued protection of your personal data, particularly by signing the UK Addendum to the EU Standard Contractual Clauses or the UK International Data Transfer Agreement, whichever is more appropriate in the given situation. For more information on UK Addendum and the UK International Data Transfer Agreement please see here. We may also guarantee the protection of your personal data by relying on adequacy decisions adopted or approved by the authorities in the United Kingdom.
12. CHILDREN’S PRIVACY
General age limitation. Invoice Maker is not intended for or directed at children under 13, and we do not knowingly collect or solicit any information from anyone under the age of 13 or knowingly allow such persons to Use Invoice Maker. If you are under 13, do not: (i) Use or provide any information in Invoice Maker or through any of its features, or (ii) provide any information about yourself to us, including your name, address, telephone number or email address. If you are a parent or guardian and believe we have collected information from your child who is under the age of 13, please contact us at support@tofu.com.
If we discover that we have collected data from a child under the applicable age without verifiable parental consent, we will promptly delete that information and take steps to prevent further access to the Invoice Maker.
Age limitation for EEA and/or UK individuals. You must be at least 16 years old in order to Use Invoice Maker. We do not allow Use of Invoice Maker by EEA and/or UK individuals younger than 16 years old. If you are aware of anyone younger than 16 Using Invoice Maker, please contact us (for contact information, please see Section 14: How to Contact Us), and we will take the required steps to delete the information provided by such persons.
13. THIRD-PARTY WEBSITES AND SERVICES
We are not responsible for the practices employed by any websites or services linked to or from Invoice Maker, including the information or content contained within them. Where we have a link to a website or service, linked to or from Invoice Maker, we encourage you to read the privacy policy stated on that website or service before providing information on or through it.
14. HOW TO CONTACT US
General contact details. If you have any questions about this Privacy Policy or Invoice Maker, please contact us via email at support@tofu.com.
Data protection officer. If you are an individual in the EEA or the UK and you wish to exercise your rights under Section 7, or you have any questions about this Privacy Policy or Invoice Maker, you can contact our data protection officer via email at support@tofu.com.
15. CHANGES TO OUR PRIVACY POLICY
The date this Privacy Policy was last revised is indicated at the top of the page. We may modify or update this Privacy Policy from time to time. Some changes do not require your consent. However, if we determine that the changes may pose risk to your rights and freedoms, we will ask for your consent to those changes separately from this Privacy Policy.
