Protecting your data is our core priority. Your data belongs to you, not to us, and we will treat it that way. In order to provide you with best in class security, privacy, and compliance controls, we undergo independent third-party audits regularly. Third party auditors assess our platform, infrastructure, and operations and conduct penetration tests on a regular basis. We also review new features for security and privacy impact before release to improve privacy by design.
We do not run our own routers, load balancers, DNS servers, or physical servers. We chose to partner with Google as a provider of their Platform as a Service: Google Cloud Platform (GCP). Our application uses GCP as its back end using mainly the following services:
BigQuery (serverless, highly scalable cloud data warehouse)
StackDriver (logging, monitoring and alerting)
Google API (Drive and Document AI)
Google Cloud Platform provides state of the art services with Security at Its Core. All servers are updated on a regular basis to ensure we have the latest security patches installed.
Our team has a strong security culture
Each team member undergoes an extensive background check as well as comprehensive training on data security and privacy protocols and receives yearly training on the topics of data privacy and security. Our staff does not access any of your data unless you request assistance for support purposes and provide your explicit consent. All information, data and documents exchanged with our support staff in this context is subject to strict confidentiality procedures and will not be disclosed.
Your data belongs to you
Invoice to Sheet will not use your documents or your extracted data for any purpose other than providing you the service you subscribed for. We don't sell or re-use your data. Invoice to Sheet stores very limited customer information related to user and usage, as detailed in the table below. These are stored in Google Cloud Platform. We store nothing else, particularly not the extracted content of your invoiced.
Type of data
We do not store
Google email address
Email info and content
Content of the email from which the invoice is extracted. We don’t even process this content.
Invoice info and content
Identifiers of your invoice. Invoice identifier does not contain any personal information.
Identifiers and title of your Google Sheet
Content of the invoice which data is extracted. This content is processed for the purpose of extraction but never stored.
We store data only to the extent that is necessary for Invoice to Sheet to operate and meet its legal obligations. Pursuant to GDPR article 17, you can send us a request to remove some or all of your personal data from our database, and we will permanently do so if one of the grounds set out in GDPR Article 17 applies (e.g. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed). Note however that deleting some or all of this data may interrupt Invoice to Sheet functionality.
We use bank level encryption from A - Z. Whenever you send or retrieve data from the app, the communication is always secured through HTTPS encryption.
Next to encrypting data in transit, we also encrypt all data at rest. Our databases as well as all stored documents are encrypted, from the moment we receive your data until we delete it.
Your login details are one-way hashed using a strong hashing algorithm. Not even our staff can see or access your password.
Compliance with GDPR, CCPA and FERPA
Privacy and security have always been the foundation of Invoice to Sheet approach to product development and business, and we continuously evaluate all our practices in an effort to safeguard your information as effectively as possible. In any case, as more detailed below in relation to each specific regulation, you always remain in full control of any data we process.
The California Consumer Privacy Act (CCPA) is a data privacy law that provides California consumers with a number of privacy protections, including right to access, delete, and opt-out of the “sale” of their personal information. If the CCPA applies to the collection, retention, use, and disclosure by Invoice to Sheet of your personal information, then we ensure through our Data Processing Agreement that we shall not (a) have, derive or exercise any rights or benefits regarding your personal information , (b) sell your personal information, or (c) collect, retain, share or use your personal information except as necessary for the sole purpose of providing you the Invoice to Sheet application and related technical support upon your request.
We can also support education data related use-cases. The Family Educational Rights and Privacy Act (FERPA) is a US Federal privacy law that protects personally identifiable information in students’ education records from unauthorized disclosure. If you intend to use Invoice to Sheet for any purpose or in any manner involving personally identifiable information in students’ education records, please request a Data Sharing Agreement to our group legal team by writing to email@example.com.
Invoice to Sheet is not subject to PCI obligations. All payment instrument processing is outsourced to Stripe.
If you believe you have discovered a problem or have any questions, please contact us at firstname.lastname@example.org.