Privacy Policy
Last updated: February 7, 2026
This Privacy Policy explains how Daniil Chebotarev (“we,” “us,” or “our”), operating the Fakturio invoicing platform (“Service”), collects, uses, stores, and protects your personal data. This policy complies with the Swiss Federal Act on Data Protection (nFADP/revDSG), effective September 1, 2023, and aligns with the EU General Data Protection Regulation (GDPR) for users in the European Economic Area.
1. Data Controller
For data protection inquiries, contact us at the email address above.
2. Personal Data We Collect
2.1 Account Registration Data
When you create an account via our authentication provider (Clerk), we collect:
- Email address — provided during sign-up or via SSO
- First and last name — provided during sign-up
- Authentication identifiers — Clerk user ID, session tokens
2.2 Business Profile Data
During onboarding and in account settings, we collect:
- Full name (personal or business)
- Company name (optional)
- Street address, postal code, city, country
- Phone number (optional)
- VAT/UID number (optional)
- Swiss canton (optional, for Swiss users)
- Default currency (e.g., CHF, EUR, CZK)
- Company logo (optional, uploaded image file)
- VAT registration status and verification details
2.3 Financial and Invoicing Data
When you use our invoicing features, we process:
- Invoice data — numbers, dates, currency, amounts, line items, notes, payment terms, status
- Sender information — your business name, address, VAT number, bank details
- Recipient information — your client's name, company, address, email, VAT number
- Bank account details — IBAN, BIC/SWIFT, bank name, currency
- Expense data — vendor name, amounts, currency, dates, categories, VAT amounts, receipt URLs
- Recurring invoice settings — frequency, delivery preferences
2.4 Client/Contact Data
You may store your clients' details including name, company, email, phone, address, VAT number, and contact person information.
2.5 Project and Time Tracking Data
- Project details — name, description, status, hourly rate, budget, dates
- Time entries — date, start/end times, duration, descriptions, billable status
2.6 Tax Calculation Data
For users of our Swiss tax calculator: filing status, religious confession, canton, municipality, income, and deduction figures.
2.7 Technical and Usage Data
- IP address — for geolocation (country detection) and rate limiting
- Browser and device information — via Sentry error tracking
- Page views and performance metrics — via Vercel Analytics and Speed Insights
- Error and crash reports — via Sentry, including masked session replays
2.8 Guest User Data
Users who create invoices without registering have their data stored locally in the browser (localStorage/sessionStorage). No personal data is transmitted to our servers until registration.
3. Purpose and Legal Basis for Processing
We process your data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Account creation and authentication | Contract performance |
| Providing invoicing services | Contract performance |
| Expense tracking and project management | Contract performance |
| Sending invoices via email | Contract performance |
| Payment processing and subscriptions | Contract performance |
| OCR receipt/invoice scanning | Contract performance |
| IP-based country detection | Legitimate interest |
| Error monitoring and debugging | Legitimate interest |
| Analytics and performance monitoring | Legitimate interest |
| Legal compliance (invoice retention) | Legal obligation |
4. Third-Party Services and Data Processors
We use the following services to operate Fakturio:
Clerk
Authentication and account management
Supabase
Database hosting and file storage
Stripe
Payment processing
Vercel
Hosting, analytics, performance monitoring
Sentry
Error tracking and session replay
Resend
Transactional email delivery
Google Cloud Vertex AI
OCR receipt/invoice scanning
Svix
Webhook signature verification
We also use: ipapi.co (IP geolocation fallback), zippopotam.us (postal code lookup), ARES & Zefix (business registry lookups), VIES (EU VAT number verification).
5. International Data Transfers
Some of our service providers process data outside Switzerland (primarily in the US). We ensure adequate protection through Standard Contractual Clauses (SCCs), the EU-U.S. Data Privacy Framework, and binding data processing agreements. Google Cloud Vertex AI data is processed in the EU (europe-west4).
6. Data Retention
| Data Type | Retention |
|---|---|
| Invoices and invoice PDFs | 10 years (Art. 958f OR) |
| Account profile and all other data | Until account deletion |
| Guest data (localStorage) | Controlled by your browser |
| Error logs and session replays | 90 days (Sentry default) |
When you delete your account, all personal data is permanently removed except invoices, which are retained for 10 years as required by Swiss law.
7. Your Rights
Under the nFADP and GDPR, you have the right to:
To exercise your rights, contact us at support@fakturio.ch. We will respond within 30 days.
8. Cookies and Local Storage
Fakturio uses essential cookies for authentication (Clerk) and security (CSRF/CSP tokens). These are strictly necessary and do not require consent.
Vercel Analytics and Speed Insights collect anonymized data without cookies. Browser localStorage is used for guest invoice data and UI preferences. Sentry may use cookies for error tracking with all text masked and media blocked.
9. Data Security
- Encryption in transit — all data transmitted via HTTPS/TLS
- Row-Level Security (RLS) — database-level access control
- Content Security Policy (CSP) — nonce-based headers to prevent XSS
- Rate limiting on API endpoints
- Input validation with Zod schemas
- JWT-based authentication via Clerk
- Webhook signature verification (Stripe, Clerk)
- File upload restrictions (1MB logos, 5–10MB OCR files)
- No credit card storage — handled entirely by Stripe
10. Children's Privacy
Fakturio is a business tool. We do not knowingly collect data from children under 16. Contact us at support@fakturio.ch if you believe a child has provided us with personal data.
11. Changes to This Policy
We may update this policy and will notify you by posting the updated version and updating the “Last updated” date. Registered users will be notified via email for significant changes.
12. Right to Lodge a Complaint
You may lodge a complaint with:
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1, CH-3003 Bern, Switzerland
edoeb.admin.chEU/EEA users may also contact their local supervisory authority.
13. Contact
For any questions about this Privacy Policy or your personal data: