Privacy Policy
Effective Date: 16 June 2026
InvoicePolish is operated by Thomas David (ABN 93 515 693 250), a sole trader based in Victoria, Australia.
1. Introduction
InvoicePolish ("we", "us", "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application and services.
2. Information We Collect
2.1 Information You Provide
- Name and email address
- Account login details
- If you sign up using your Xero account, we receive your name and email address from Xero's OpenID Connect profile to create your account
- Billing information (processed via third-party providers such as Stripe)
- Background images and other visual assets you upload for template customisation (including EPS and AI vector files, which are converted to web-compatible formats)
2.2 Information from Xero
When you connect your Xero account, we may access:
- Invoice and quote data
- Organisation details, including your organisation logo (which we fetch and cache for use in document templates)
- Contact information associated with invoices and quotes
- For users who sign up via Xero, identity information (name and email address) is used to create and manage their InvoicePolish account
We only access data necessary to provide the service. We do not modify your original accounting records in Xero.
2.3 Automatically Collected Information
- Device and browser type
- IP address
- Approximate sign-in location derived from your IP address, such as city, region, and country, for security and account administration purposes
- Usage data (pages visited, actions taken)
3. How We Use Your Information
We use your information to:
- Provide and operate InvoicePolish
- Generate and format invoices and quotes
- Attach generated documents back to Xero
- Improve product performance and user experience
- Monitor account access and support security/admin reviews
- Provide customer support
- Process payments and subscriptions
4. Data Storage and Security
- Data is stored securely using industry-standard practices
- Access tokens for Xero are encrypted and securely stored
- We use HTTPS for all communications
We take reasonable steps to protect your information but cannot guarantee absolute security.
5. Data Sharing and Disclosure
We do not sell your data.
We may share data with:
- Service providers (e.g. hosting, payment processors, email delivery)
- Xero, when required to perform actions initiated by you
- Legal authorities if required by law
6. Third-Party Services
We rely on third-party services including:
- Xero (accounting integration)
- Stripe (billing and payments)
- Resend (transactional emails such as account verification and support communications)
- Hosting providers (e.g. Replit)
These providers have their own privacy policies.
7. Data Retention
We retain your data:
- While your account is active
- As required to provide the service
- As necessary to comply with legal obligations
You may request deletion of your data at any time.
8. Your Rights
Depending on your location, you may have rights to:
- Access your data
- Correct inaccurate data
- Request deletion
- Withdraw consent
To exercise these rights, contact: support@invoicepolish.com
9. Cookies and Tracking
We may use cookies or similar technologies to:
- Maintain sessions
- Improve user experience
- Analyse usage
You can control cookies through your browser settings.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised effective date.
11. Contact
Email: support@invoicepolish.com
Website: https://invoicepolish.com
