UpInvoice
Home
Login Sign Up

Privacy Policy

Last Updated: September 13, 2025

David Motilla Sánchez (hereinafter referred to as "UpInvoice," "we," "our," or "us") is committed to safeguarding your privacy and ensuring the protection of your personal data. This Privacy Policy outlines our practices concerning the collection, use, and disclosure of your information when you access our website (https://upinvoice.eu) or utilize our application. We are dedicated to collecting only the minimum data necessary to provide a high-quality service and do not sell your data to third parties.

Table of Contents

1. Information We Collect

To provide our services, we must collect certain information. We adhere to the principle of data minimization, collecting only what is essential for the functionality of our application:

1.1. Data Provided by the User:

  • Contact and Account Information: Email address, company name, and Company Identification Number (CIF/NIF) for account creation and billing.
  • ERP Integration Data: URL and API keys for your Dolibarr instance to enable the automated integration of invoice data.

1.2. Data Processed Through the Service:

  • Invoice Content: We process the documents you upload, which may contain personal data of third parties (your suppliers). This data is processed solely to extract the necessary information to be sent to your ERP for the corresponding automatic registration.
  • Extracted Invoice Data: This includes, but is not limited to, supplier data, amounts, concepts, product references, tax rates, and quantities, which are extracted from the documents.
  • File Metadata: We temporarily log the names of uploaded files for operational purposes. The invoice files themselves are deleted from our servers immediately after being processed and sent to your ERP.

1.3. Automatically Collected Data (Cookies):

We use essential and functional cookies for:

  • Authentication
  • Session management
  • Google identification
  • Statistical purposes

2. Purpose of Data Collection

Your data is used exclusively to provide and improve our services:

2.1. Service Provision:

To create and maintain your account, process payments, and facilitate the core functionality of the application—extracting data from invoices and integrating it into your Dolibarr ERP.

2.2. AI-Powered Document Processing:

Our service relies on advanced Artificial Intelligence models (e.g., Google Gemini, Anthropic Claude, OpenAI ChatGPT) to accurately extract data from the invoices you upload. The documents are sent to these third-party services for the sole purpose of data extraction. We are committed to continuously monitoring the privacy policies of these providers and will select those who guarantee the highest level of data privacy and confidentiality, ensuring that your data is not used for training their models or for any other purpose beyond the requested service.

2.3. Communication:

To send you important notifications about your account, service updates, and to respond to your inquiries.

2.4. Security and Fraud Prevention:

To monitor account activity, detect and prevent fraudulent or unauthorized activities, and ensure the integrity of our platform.

3. Data Sharing and Third-Party Processors

We do not sell, trade, or rent your personal data to third parties. We only share information with trusted third-party service providers (sub-processors) who are essential for delivering our service. We are committed to strictly supervising the privacy and security policies of these providers to ensure your data is protected:

  • Artificial Intelligence Providers: As mentioned, we use third-party AI services to process invoices. These providers are contractually obligated to protect the confidentiality and security of the data they process on our behalf.
  • Infrastructure and Service Providers: We use providers for hosting, payment processing, and other operational necessities.
  • Legal Compliance: We may disclose your information if required by law or in response to a valid legal process from a competent authority.

4. Your Rights

In accordance with the GDPR and Spanish Organic Law on Data Protection (LOPD-GDD), you have the following rights over your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request that we correct any inaccurate or incomplete information.
  • Right to Erasure ("Right to be Forgotten"): You can request that we delete your personal data, subject to certain legal obligations.
  • Right to Object: You can object to the processing of your personal data for specific reasons.
  • Right to Data Portability: You can request that we transfer your data to another organization in a structured, machine-readable format.

To exercise these rights, please contact us at the email address provided in the Contact section.

5. Data Security

We implement robust technical and organizational security measures to protect your personal data. This includes using SSL/TLS encryption for all data in transit, both between you and our servers, and between our servers and our third-party AI providers. We select partners who demonstrate a strong commitment to data security and privacy.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

7. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

8. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at info@upinvoice.eu.