Security & privacy
A product built on "show your work" should show its own. This page lists what InvoiceJet does with your data, nothing more. The legally binding versions live in the terms and the privacy policy.
Your documents stay yours
- You own the documents you submit and the data extracted from them.
- We process them solely to provide the service. We do not sell your data.
- Your documents are never used to train AI models. We route only to providers under policies that prohibit training on your data, and we send only the document content needed for extraction.
How data is protected
- All traffic is encrypted in transit.
- Documents live in private, per-account storage with per-account access rules and time-limited signed URLs.
- API keys are stored only as SHA-256 hashes. We cannot read your key back, and neither can anyone else.
- Webhook payloads are signed so your systems can verify every delivery came from us.
Retention
- Documents and extracted data: kept until you delete them or your account.
- API request logs: deleted after 90 days.
- Idempotency records: deleted after 24 hours.
- Error and delivery logs: kept for operational debugging and pruned periodically.
You can leave, completely, on your own
- Export your invoice data as CSV or JSON from the app at any time.
- Delete individual invoices whenever you want.
- Delete your entire account under Settings. This permanently removes your documents, extracted data, vendors, keys, and logs tied to your account. No email thread with support required.
No system is perfectly secure. If we learn of a breach affecting your data, we will notify you without undue delay.
Security questions, or something to report? Email support@invoicejet.ai.