We take the security of your invoice data seriously. Here's how we protect your information.
Uploaded PDF files are processed entirely in memory and never written to permanent storage. After conversion, the parsed invoice data is retained for 1 hour so you can re-download the XML from your dashboard. After 1 hour, all invoice data is permanently and automatically deleted from our servers. No backups, no archives, no recovery.
All connections to InvoicePeppol are encrypted using TLS 1.3. We enforce HTTPS everywhere with HSTS headers. Your data is protected from the moment it leaves your browser to the moment it reaches our servers.
Our primary servers are located in Frankfurt, Germany. For AI-assisted data extraction, invoice content is transmitted via encrypted channels to our processing provider and handled transiently — it is not stored beyond the duration of the request. Full details on our sub-processors and data transfer safeguards are available in our Data Processing Agreement.
We use Razorpay for all payment processing. We never see, handle, or store your credit card information. Razorpay is PCI DSS Level 1 certified — the highest level of payment security certification.
Our application implements industry-standard security measures:
If you discover a security vulnerability, please contact us at [email protected]. We appreciate responsible disclosure and will respond promptly.
You can request complete deletion of your account and all associated data at any time by emailing [email protected]. We will permanently delete your account within 30 days of your request. For details on what data we hold and how long, see our Privacy Policy.
For business customers: our Data Processing Agreement (DPA) is available for download.
Download DPA (PDF)