GDPR Compliance

What is GDPR?

The General Data Protection Regulation standardizes data protection requirements across EU member states and applies to organizations worldwide that serve EU residents.

Personal Data Collected

• Account username and email address
• Company details (name, website, ID, VAT number, phone, address)
• Sub-user names and emails
• Company size and industry classification
• Geolocation data via IP address
• Billing information (last four card digits, expiration, billing address — paid accounts only)

Data NOT Collected

Health records, genetic data, biometric information, racial/ethnic data, political opinions, or sexual orientation details.

Third-Party Vendors with Data Access

• Cloudflare
• OVH Cloud
• Linode
• Google Apps
• Stripe
• Postmark App
• MailGun

Your Rights Under GDPR

Right of Access & Rectification

Modify account information anytime through account settings.

Right of Portability

Export data in CSV, XLS, or JSON formats. Enterprise users can download documents as ZIP files.

Right to Erasure

• Delete entire company and account
• Purge all data while maintaining login access
• Remove individual client records permanently

Right to Object

Invoice Ninja does not use customer data for third-party marketing, retargeting, or profiling.

Contact

For GDPR matters: compliance@invoiceninja.com or legal@invoiceninja.com.