Privacy Policy

1. Data we collect

Data you provide

• Invoice data — shipper and consignee details, line items, HS codes, tax IDs, incoterms, declared values, and shipment metadata. Stored so we can generate, retain, and deliver your PDFs.
• Account data — your email address (used as the primary identifier) and optionally a display name when you create an account. We authenticate via magic links; we do not store passwords.
• Saved profiles — reusable shipper / consignee parties you choose to save to your account.
• API keys — SHA-256 hashes of the keys you mint. Raw keys are never stored — only the hash and a short display prefix.
• Watchlists & alert preferences — items you choose to monitor (e.g. HS codes, sanctioned-name queries, trade lanes, news topics or countries) and the email or webhook destinations you configure for alerts. Stored so we can run scheduled diff / re-screening jobs against the underlying data and notify you of changes.
• Compliance & audit records — when you generate a timestamped artefact (e.g. a sanctions screening record, a landed-cost quote, a classification opinion), we retain a copy of the inputs, the resolved data snapshot, and the rendered PDF so the artefact remains verifiable later.
• CBAM tool data — when you use the CBAM calculator or scope checker, we log a pseudonymous audit row (one-way IP hash, CN code, country, tonnage, calculated cost inputs and outputs) so we can enforce per-IP rate limits and measure usage. This data is retained for 90 days, then deleted. When you purchase a CBAM cost report PDF, we also store the email you supplied at checkout, the full inputs snapshot used to render the PDF, and a record of your acceptance of the CBAM Disclosure (timestamp + version) so the PDF carries an audit-grade consent receipt. CBAM cost report rows are retained for the life of your account (or 7 years from purchase, for anonymous orders) under our receipts retention policy.
• CBAM Pro client roster (CBAM Pro subscribers only) — if you save importer-client profiles for use with the bulk CSV processor or declaration draft generator, those rows contain personal or business data about your clients, not you. As CBAM Pro subscriber you are the data controller for that client data; we are a data processor only. We do not access, mine, or share that data outside the operations necessary to run your bulk uploads and reports. Deleting a client profile or your CBAM Pro subscription removes the associated rows.
• Billing data — processed directly by our merchant of record (currently Lemon Squeezy). We receive transaction metadata (order ID, plan / variant, status, amount, currency, billing country for tax) but not card numbers.

Data we collect automatically

• Request logs — IP address, user agent, timestamp, and requested path. Retained by our hosting provider for security and abuse prevention for up to 30 days.
• Strictly necessary cookies — authentication cookies set by the Supabase SSR library to maintain your signed-in session. These cookies are required for the Service to function and are not used for tracking or profiling.

We do not sell personal data, run third-party advertising cookies, or use your invoice data to train machine-learning models.

2. Why we use your data (lawful bases)

• To provide the Service (Art. 6(1)(b) GDPR, contract performance) — generate and deliver PDFs, process payments, maintain your account, enforce rate limits.
• To secure the Service (Art. 6(1)(f), legitimate interests) — detect abuse, prevent fraud, monitor uptime.
• To comply with legal obligations (Art. 6(1)(c)) — retain transaction and tax records, respond to lawful requests.
• With your consent (Art. 6(1)(a)) — for any optional processing we introduce that falls outside the above bases (for example, future opt-in product updates). We will ask before we start.

3. Retention

• Generated PDFs — 30 days from creation, after which the download link expires. You may re-download or export your data any time before expiry.
• Invoice records (the JSON data that produced a PDF) — retained for as long as your account is active and up to 24 months thereafter for support, dispute, audit, and tax purposes.
• Saved profiles — until you delete them or your account.
• API keys — revoked keys retain the hash for audit purposes; you may request permanent deletion.
• Request logs — up to 30 days.
• Email and account records — until account deletion plus up to 24 months (legal / tax).

4. Subprocessors

We share data only with the vendors we need to operate the Service. All are bound by data processing agreements.

Each vendor processes data under its own terms and security practices. We update this list as vendors change. You may email privacy@customs-invoice.com to subscribe to subprocessor change notifications.

5. International transfers

Our infrastructure is hosted primarily in the United States and the European Union. If you are located outside those regions, using the Service means your data may be transferred across borders. We rely on the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent safeguards where applicable.

6. Your rights

Depending on where you live (GDPR, UK GDPR, CCPA, Brazil LGPD, and similar regimes), you may have the right to:

• Access — request a copy of the personal data we hold about you;
• Rectification — correct inaccurate data;
• Erasure — ask us to delete your account and associated data;
• Portability — receive your data in a structured, machine-readable format (JSON);
• Restriction — limit how we process your data;
• Objection — object to processing based on legitimate interests;
• Withdraw consent — where processing is based on consent, you may withdraw at any time;
• Complaint — lodge a complaint with your data protection authority (e.g., your national DPA in the EEA).

To exercise any of these rights, email privacy@customs-invoice.com from the address on your account. We respond within 30 days (or the period required by applicable law).

7. Security

We maintain industry-standard administrative, technical, and physical safeguards to protect your data:

• TLS encryption in transit;
• Row-level security on the database;
• Signed, time-limited URLs for generated PDFs;
• API keys stored as SHA-256 hashes;
• Periodic review of third-party subprocessors;
• Principle of least privilege for operational access.

No method of transmission or storage is perfectly secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant authorities without undue delay and within 72 hours where required by law.

8. Children’s data

The Service is intended for businesses and individuals over the age of 18. We do not knowingly collect personal data from children under 16 (or the age of digital consent in your jurisdiction). If you believe we have inadvertently collected data from a child, contact us and we will delete it.

9. Automated decision-making

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing.

10. Cookies

We use only strictly-necessary cookies required for authentication and session management. We do not use advertising, profiling, or third-party analytics cookies at this time. If we introduce optional cookies in the future, we will request your consent via a banner before setting them.

11. Data controller & contact

For the purposes of the GDPR, the data controller is the operator of customs-invoice.com. You can reach us at:

• Privacy & data rights: privacy@customs-invoice.com
• Security incidents: security@customs-invoice.com
• General: hello@customs-invoice.com

12. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top indicates the most recent revision. Material changes will be communicated via the Service or email.