Privacy Policy

This Privacy Policy explains how invoicemakerfree.co.uk ("we", "us", "our") handles your personal data when you use our free online invoice generator. We are the data controller for the information described below. If you have any questions, you can reach us at privacy@invoicemakerfree.co.uk.

• You can use the invoice maker without an account. Your draft invoice stays in your browser (localStorage) and is never sent to our servers.
• If you choose to save and share an invoice, you create an account and the invoice is stored on our backend.
• We show ads via Google AdSense to keep the tool free. Advertising cookies only load after you accept the cookie banner.
• We don't sell your data. We don't run analytics that profile you beyond what Google AdSense does for ad delivery.

a. Invoice content you enter

Names, addresses, line items, prices, notes, logos and signatures you type or upload into the invoice form. While you're drafting, this lives only in your browser's localStorage. It is sent to our servers only when you click "Save & share".

b. Account data (optional)

If you create an account to save invoices, we store your email address and an authentication identifier. If you sign in with Google, Google additionally shares your name and profile picture with us. We do not see your Google password.

c. Saved invoices and share links

When you save an invoice we store the invoice content, a random unguessable share ID, and — if you set one — a hashed PIN (we never store the PIN in plain text). Anyone with the share link (and PIN, if set) can view and download the invoice as a PDF.

d. Technical data

Standard server logs (IP address, user agent, timestamp, request path) are kept short-term for security and abuse prevention.

e. Advertising data

Google AdSense may set cookies and process data (including your IP address, device identifiers, and browsing behaviour on this site) to serve and measure ads, and — where you have consented — to personalise them. See Google's policies linked in section 8.

• Providing the service (drafting, saving, sharing invoices) — performance of a contract / our legitimate interest in running the tool.
• Account authentication — performance of a contract.
• Security, abuse prevention, server logs — legitimate interests in keeping the service available and safe.
• Advertising cookies (Google AdSense) — your consent, given via the cookie banner. You can withdraw consent any time from the footer's "Cookie settings" link.

We use two categories of storage:

• Strictly necessary (always on): a small amount of browser localStorage that holds your in-progress invoice so the page can remember what you typed. This never leaves your device.
• Advertising (optional, off by default): Google AdSense cookies. These only load after you click "Accept" on the cookie banner. If you reject, the AdSense script is not loaded and no advertising cookies are set by us.

You can change your choice at any time using the Cookie settings link in the footer, or by clearing this site's cookies and localStorage from your browser.

Saved invoices and account data are stored in our backend database (managed by our infrastructure provider) with encryption in transit (HTTPS) and at rest. Access to the database is restricted by row-level security so each account can only read and modify its own invoices. Shared invoices are only accessible through their unguessable share ID, and additionally require a PIN if you set one.

• Local draft (browser): until you clear your browser storage or finish the invoice.
• Saved invoices: until you delete them or close your account.
• Account data: until you ask us to delete your account.
• Server logs: typically up to 30 days.
• Advertising data: as defined by Google's retention policies.

• Google AdSense — for serving and measuring ads, only after you consent to advertising cookies. See Google's advertising policies and Google's Privacy Policy.
• Google OAuth — if you choose "Sign in with Google", Google handles authentication.
• Our hosting and database provider — processes data on our behalf as a sub-processor under a data processing agreement.

We do not sell your personal data, and we do not share invoice content with advertisers.

Some of our service providers (e.g. Google) may process data outside the UK / EEA. Where this happens, transfers are covered by appropriate safeguards such as the UK International Data Transfer Agreement or Standard Contractual Clauses.

Under UK GDPR you have the right to access, correct, delete, restrict or object to processing of your personal data, and to data portability. You can also withdraw consent for advertising cookies at any time via the cookie banner / footer link.

To exercise any of these rights, email privacy@invoicemakerfree.co.uk. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).

This service is not directed at children under 13 and we do not knowingly collect their data.

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect the most recent revision. Material changes will be highlighted on the site.