At InvoiceSorter.app, your privacy is our top priority. We believe in complete transparency about how we handle your data. This policy explains exactly what we collect, what we don't, and where your data goes.
We never store your emails. Here's exactly what happens when you use InvoiceSorter.app:
We use read-only OAuth 2.0 to scan your inbox for invoice-related emails. We never modify, delete, or send emails.
Our AI reads the email content in real-time and extracts only invoice metadata: vendor, amount, date, invoice number.
Only the extracted invoice metadata is stored in our encrypted database. No email content, no attachments, no personal messages.
All exports go directly to your Google Drive, Google Sheets, QuickBooks, DATEV, or CSV download. We keep no copies.
Your Gmail emails and attachments are never stored on our servers. We only extract and store structured invoice metadata (vendor name, amount, date, invoice number, category). All file exports go directly to your own cloud storage or accounting software. You can delete all your data from our system at any time.
InvoiceSorter.app is a product of Sport group d.o.o., a company registered in Slovenia.
Company Name
Sport group d.o.o.
Registered Address
Osojnikova 4, 2000 Maribor, Slovenia
VAT ID
SI72133449
Contact Email
privacy@invoicesorter.app
When you sign up with Google OAuth, we receive and store:
When our AI scans your Gmail for invoices, we extract and store only the following structured metadata:
We collect anonymized usage metrics such as page views, feature usage frequency, and error logs to improve our service. We do not use third-party tracking or advertising cookies. We do not sell or share analytics data with any third party.
Transparency and data security are extremely important to us. We want to clearly explain how InvoiceSorter handles your data.
InvoiceSorter processes invoice emails only for the purpose of extracting invoice data and supporting your selected exports. We do not permanently store or retain your email data on our servers.
We do NOT store:
We store only extracted invoice metadata (such as vendor, amount, date, and invoice number) and your account information in our encrypted database so you can use the dashboard and your chosen exports.
When you delete an invoice from the dashboard, that invoice’s metadata is permanently removed from our database.
Invoice attachments (such as PDF invoices) may be processed temporarily to extract invoice information and complete exports. These files are not permanently stored by InvoiceSorter and are removed after processing.
If you enable Google Drive export or sync, invoices are saved directly to your own Google Drive account, where you remain the full owner and controller of your documents.
InvoiceSorter.app's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Limited access: We only request the minimum Gmail scopes needed to read email messages for invoice extraction. We request gmail.readonly scope. For export features, we request only the minimum destination scopes required (for example, Google Drive scopes when you enable Drive export).
Limited use: We only use Gmail data to extract invoice information. We do not use it for advertising, market research, or any purpose other than providing the invoice extraction service.
Limited storage: We do not store email content. Only extracted invoice metadata is retained. OAuth tokens are encrypted at rest using AES-256 encryption.
No sharing: We do not sell, rent, lease, or transfer your Google user data to third parties for advertising, data brokering, or information reselling. We only share data with contracted subprocessors as needed to provide the service (for example, hosting, payments, and AI extraction).
We use the data we collect solely for the following purposes:
Provide the service: Extract, categorize, and display your invoice data in your dashboard.
Enable exports: Send your invoice data to your chosen destination (Google Drive, Google Sheets, QuickBooks, DATEV, or CSV download) when you enable those integrations.
Generate analytics: Show you spending insights, trends, and reports based on your own invoice data.
Account management: Manage your subscription, billing, and account preferences.
Service improvement: Improve AI extraction accuracy and user experience using anonymized, aggregated data.
Communication: Send essential service notifications (e.g., billing alerts, usage limits). We do not send marketing emails without your explicit opt-in.
When you export your invoice data, it goes directly to your chosen destination. We act as a pass-through and do not retain copies of exported data after export processing completes.
Files are saved directly to your own Google Drive account.
Data is written directly to a spreadsheet in your Google account.
Invoice data is pushed directly to your QuickBooks account via their API.
Export files are generated in DATEV format and delivered to your system.
File is generated on-the-fly and downloaded directly to your device.
Invoices are formatted and downloaded directly to your device.
We implement industry-standard security practices to protect your data:
All stored data is encrypted using AES-256 encryption in our PostgreSQL database hosted on Neon.
All communication uses TLS 1.3 encryption. No data is ever transmitted over unencrypted connections.
We never see or store your Google password. Authentication is handled entirely by Google's secure OAuth flow.
Your Gmail OAuth access and refresh tokens are encrypted at rest and only decrypted at the moment of use.
Our backend runs on Vercel serverless functions with no persistent servers to compromise.
We store only invoice metadata. No email content, no attachments, no unnecessary data.
We use the following third-party services to operate InvoiceSorter.app:
| Service | Purpose | Data Shared |
|---|---|---|
| Google OAuth / Gmail API | Authentication & email scanning | Email address, OAuth tokens, email content (read-only, not stored) |
| Neon (PostgreSQL) | Database hosting | Account info, invoice metadata |
| Vercel | Application hosting & serverless functions | Application code, API requests |
| Stripe | Payment processing | Payment details (handled entirely by Stripe, we never see card numbers) |
| OpenAI | AI invoice data extraction | Email content sent for processing (not stored by OpenAI per our Data Processing Agreement) |
We do not share your data with any advertising networks, data brokers, or analytics companies.
As a company based in the European Union (Slovenia), we are fully compliant with the General Data Protection Regulation (GDPR). Under GDPR, you have the following rights:
Right of access: You can request a copy of all personal data we hold about you at any time via your dashboard or by emailing us.
Right to rectification: You can update or correct your personal data through your account settings.
Right to erasure ("Right to be forgotten"): You can request complete deletion of your account and all associated invoice metadata. We will delete all your data within 30 days of your request.
Right to data portability: You can export all your invoice data at any time via Google Drive, Google Sheets, CSV, or other supported formats.
Right to restriction of processing: You can request that we stop processing your data while maintaining your account.
Right to object: You can object to any processing of your data. Contact us at privacy@invoicesorter.app.
Right to withdraw consent: You can revoke Gmail access at any time through your Google Account settings. You can delete your InvoiceSorter account at any time.
Legal basis for processing: We process your data based on (a) your consent when you connect your Gmail account, (b) contractual necessity to provide the invoice extraction service, and (c) legitimate interest to improve our service using anonymized analytics.
Data Processing Agreements: We have DPAs in place with all our sub-processors (Neon, Vercel, Stripe, OpenAI). We can provide a DPA upon request for enterprise customers.
Supervisory authority: If you believe we are processing your data unlawfully, you have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia (www.ip-rs.si).
| Data Type | Retention Period | Deletion |
|---|---|---|
| Account information | Until account deletion | Deleted within 30 days of account deletion request |
| Invoice metadata | Until account deletion | You can delete individual invoices or all data at any time |
| OAuth tokens | Until you revoke access | Immediately deleted when you disconnect Gmail |
| Email content | Not stored | Never stored - processed in real-time only |
| Email attachments | Not stored | Never stored on our servers |
| Payment information | Managed by Stripe | Contact Stripe or us to delete billing data |
| Usage analytics | 12 months (anonymized) | Automatically purged after 12 months |
We use only essential cookies required for the service to function:
Session cookie: Maintains your login session. Expires when you close the browser or after 7 days.
Language preference: Remembers your selected language. Stored in localStorage.
Billing cycle preference: Remembers your monthly/yearly toggle selection. Stored in localStorage.
We do not use advertising cookies, tracking cookies, or any third-party analytics cookies. We do not participate in any ad networks.
InvoiceSorter.app is a business tool not intended for use by children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@invoicesorter.app and we will promptly delete it.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email and/or a prominent notice on our website at least 30 days before the changes take effect. We will also update the "Last updated" date at the top of this page. Your continued use of InvoiceSorter.app after the changes become effective constitutes acceptance of the updated policy.
If you have any questions about this Privacy Policy, your data, or your rights, please contact us:
Email: privacy@invoicesorter.app
Mail: Sport group d.o.o., Osojnikova 4, 2000 Maribor, Slovenia
Response time: We aim to respond to all privacy-related inquiries within 5 business days.
We built InvoiceSorter.app with a privacy-first approach. No email storage, no data selling, no tracking. Just a simple, secure tool to organize your invoices.