Privacy Policy

Last updated: 3 May 2026

This Privacy Policy explains how MadeMeInvoice ("we", "us", or "our") collects, uses, and protects your personal data when you use our Service at www.mademeinvoice.com. We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

MadeMeInvoice

Morocco

Email: contact@mademeinvoice.com

2. Personal Data We Collect

2.1 Account and profile data

When you register, we collect your name, email address, and password (stored as a one-way hash). You may optionally add a company name, logo, address, and phone number to appear on your invoices.

2.2 Billing and payment data

We do not store your payment card details. All payment transactions are handled by Paddle.com Market Ltd ("Paddle"), our Merchant of Record. Paddle may collect your billing address, payment method, and transaction history in accordance with their own privacy policy. We receive limited billing metadata from Paddle (e.g. subscription status, plan type) to manage your access to the Service.

2.3 Invoice and client data

When you create invoices you may enter personal data about your clients, including their name, company, email address, postal address, and phone number. You are the data controller for your clients' data; we process it on your behalf as a data processor.

2.4 Usage data

We automatically collect technical data when you use the Service, including your IP address, browser type and version, device type, pages visited, actions taken within the app, and timestamps. This data is used to operate and improve the Service.

2.5 Communications

If you contact us by email or through the app, we retain the content of your message and your contact details to respond to your enquiry and for quality assurance purposes.

3. How We Collect Data

  • Directly from you when you register, update your profile, or contact us.
  • Automatically through the Service via server logs and essential cookies when you navigate the site.
  • From Paddle, who shares limited transactional data with us after a successful purchase.

4. Purposes and Legal Basis for Processing

We only process your personal data where we have a lawful basis under GDPR Article 6:

PurposeLegal basis
Providing and operating the ServiceArt. 6(1)(b) — performance of a contract
Processing your subscription and billingArt. 6(1)(b) — performance of a contract
Sending transactional emails (receipts, password reset)Art. 6(1)(b) — performance of a contract
Improving and securing the ServiceArt. 6(1)(f) — legitimate interests
Complying with legal obligations (e.g. tax records)Art. 6(1)(c) — legal obligation
Responding to your support enquiriesArt. 6(1)(b) — performance of a contract
Fraud prevention and security monitoringArt. 6(1)(f) — legitimate interests

5. Third Parties We Share Data With

We do not sell your personal data. We share it only with the following trusted service providers who process it on our behalf:

Paddle.com Market Ltd

Payment processing and subscription management (Merchant of Record)

Location: United Kingdom / United States

Privacy policy →

Vercel Inc.

Cloud hosting and infrastructure for the Service

Location: United States

Privacy policy →

Resend Inc.

Transactional email delivery (account emails, receipts)

Location: United States

Privacy policy →

We may also disclose your data if required by law, court order, or to protect the rights, property, or safety of MadeMeInvoice, our users, or the public.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Policy:

  • Account data — for the duration of your Account, plus 30 days after deletion to allow recovery.
  • Invoice and client data — retained until you delete it or close your Account.
  • Billing records — retained for 7 years to meet tax and accounting legal obligations.
  • Server logs — retained for 90 days for security and debugging purposes.
  • Support correspondence — retained for 2 years.

7. Your Rights

Depending on your location, you have the following rights regarding your personal data:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Ask us to correct inaccurate or incomplete data.
Right to erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal obligations.
Right to portability: Receive your data in a structured, machine-readable format.
Right to restriction: Ask us to pause processing of your data in certain circumstances.
Right to object: Object to processing based on legitimate interests.
Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
CCPA rights (California residents): Right to know, delete, and opt-out of sale of personal information (we do not sell your data).

To exercise any of these rights, email us at contact@mademeinvoice.com. We will respond within 30 days. We may need to verify your identity before processing your request.

8. Cookies and Tracking

8.1 What we use

We use strictly necessary cookies to operate the Service, including session cookies to keep you logged in and CSRF tokens for security. We do not use third-party advertising or tracking cookies.

8.2 Managing cookies

You can control cookies through your browser settings. Disabling strictly necessary cookies will prevent the Service from functioning correctly.

9. International Data Transfers

Some of our service providers (Vercel, Resend, Paddle) are located outside the European Economic Area (EEA). Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or reliance on adequacy decisions.

For more information about the safeguards applicable to a specific transfer, contact us at contact@mademeinvoice.com.

10. Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has provided us with personal data, please contact us immediately and we will delete it promptly.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR Article 33.

If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay and provide information on the nature of the breach and the steps you can take to protect yourself.

12. Supervisory Authority

If you are in the EU and believe we are processing your data unlawfully, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes take effect constitutes acceptance.

14. Contact Us

For any questions, data access requests, or privacy concerns, please contact:

MadeMeInvoice — Privacy Team

Morocco

Email: contact@mademeinvoice.com

We aim to respond to all requests within 30 days.