How we protect invoice data, keep processing compliant, and stay transparent.
This Trust Center provides an overview of our security and privacy practices. For the legally binding terms and full details, please refer to our Data Processing Agreement (DPA) and Privacy Policy.
Authoritative documents: Read the full Privacy Policy ยท Read the full Data Processing Agreement (DPA)
Primary infrastructure is hosted in Frankfurt (Germany). Some sub-processors may process data in the EU/EEA and, where necessary, in third countries under Standard Contractual Clauses (SCCs).
Invoice files are processed and removed immediately after conversion.
TLS in transit and encryption at rest for stored metadata.
Primary infrastructure runs in Frankfurt (Germany). Where required for service delivery, sub-processors may process data in the EU/EEA and in third countries under SCCs.
Invoice files are processed transiently and removed immediately after conversion. We do not store invoice content. Account data follows legal and contractual retention requirements.
We use vetted providers for hosting, AI processing, payments, and analytics. For the authoritative list and processing locations, see the DPA (Annex 1) and the Privacy Policy.
Payments
Subscription billing and invoicing.
Authentication
User accounts and access management.
Infrastructure
Hosting, storage, and delivery.
We investigate security incidents quickly and notify affected customers as required by law.