Privacy policy
Last updated: 07 February 2026
This is how we handle your data. Written in plain English, without lawyer-speak.
1. Who we are
Invoicegenerators.in ("we", "us") is a free invoice generator operated from India. Contact: [email protected].
2. What data we collect
If you don't sign up (which is the default):
- Your invoice details (business name, addresses, items, tax, totals) — stored only in your browser's localStorage. We never see this data.
- Anonymous traffic analytics (page URL, browser type, country) — collected via a self-hosted lightweight analytics script. No cookies.
If you sign up:
- Your email address (for login).
- Your name and optional avatar (from Google OAuth if you use it).
- Invoices you explicitly save to the cloud.
- Login history (IP, timestamp) for security audit.
3. What we don't collect
- Your customer's data — unless you save the invoice to cloud.
- Your bank details.
- Cookies for advertising or cross-site tracking.
- Behavioural data for third-party marketing.
4. Why we collect what we collect
- Legitimate interest: to run the service, prevent abuse, and improve the product.
- Consent: when you sign up, you consent to us storing your account data.
- Contract: to fulfil the (free) service we offer.
5. How long we keep data
- Browser localStorage: until you clear your browser cache or click "Reset".
- Signed-up account data: as long as your account is active. Delete anytime from the dashboard or by emailing us.
- Auth logs: 90 days.
- Anonymous analytics: 6 months, then aggregated.
6. Who we share data with
Nobody. We do not sell, rent or license your data to any third party. Exceptions:
- Cloud hosting provider (currently Hetzner / DigitalOcean / your chosen cPanel host) — bound by their own DPA.
- Google OAuth (if you sign in with Google) — subject to their privacy policy.
- Legal orders from Indian authorities where we are legally compelled.
7. Your rights
Under India's DPDP Act 2023 and EU GDPR (if applicable), you can:
- Ask what data we hold about you.
- Correct any inaccurate data.
- Delete your data.
- Export your data as JSON.
- Withdraw consent at any time.
Write to [email protected] — we respond within 7 days.
8. Cookies
We use a single session cookie (IGSESS) purely for logged-in session tracking. It's HTTP-only, SameSite=Lax. No third-party cookies.
9. Security
- All traffic is served over HTTPS (TLS 1.3).
- Passwords are hashed with bcrypt (cost 12).
- Database access is IP-restricted.
- We run monthly security reviews.
10. Children
The service is not directed at anyone under 18. If you believe we've accidentally collected such data, email us and we'll delete it.
11. Changes to this policy
We'll update the "Last updated" date at the top when we change anything material. For major changes, we'll email signed-up users at least 14 days in advance.
12. Contact
Questions? Complaints? Write to [email protected].