Privacy Policy
1. Who we are
Sendinvo is operated by Unobtrusive Ltd ("we", "us", "our"). We provide a cloud-based invoicing platform for small businesses. Contact us at andy@unobtrusive.design.
2. What data we collect
Account data. When you register we collect your name, email address, and password (stored as a one-way hash — we never see it in plain text).
Company and invoicing data. We store the business details, contacts, invoice content, and payment records that you enter into the platform.
Usage data. We collect basic server logs (IP address, timestamps, HTTP method and path) for security and debugging. These are retained for 30 days.
3. How we use your data
We use the data you provide to operate and improve Sendinvo — specifically to send invoices on your behalf, process payments, and communicate with you about your account. We do not use your data for advertising and we do not sell it to third parties.
4. Third-party processors
We share data with the following sub-processors who act on our instructions:
- Stripe — Online payment processing. Handles card payments made by your customers via Pay Now links. Stripe Privacy Policy.
- Render — Cloud infrastructure. Hosts our application servers and database in the United States (Oregon). Data transfers are covered by Standard Contractual Clauses.
- Resend — Transactional email delivery. Used to send invoice emails and account notifications on your behalf.
5. Legal basis for processing
We process your data on the basis of contract (to deliver the Sendinvo service you have signed up for) and legitimate interests (security, fraud prevention, and improving the service).
6. Data retention
We retain your account and invoicing data for as long as your account is active, plus 7 years to comply with UK tax and accounting record-keeping requirements. You can request earlier deletion by contacting us.
7. Your rights
Under UK GDPR you have the right to access, correct, or erase your personal data; to restrict or object to processing; and to data portability. To exercise any of these rights, email andy@unobtrusive.design. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
8. Security
All data is transmitted over TLS. Passwords are hashed using Argon2. Database access is restricted to application servers. We conduct regular dependency and security reviews.
9. Changes to this policy
We may update this policy from time to time. We will notify registered users of material changes by email at least 14 days before they take effect.
10. Contact
Questions about this policy: andy@unobtrusive.design