Privacy Policy

Effective date: June 9, 2026 · Last updated: June 9, 2026

1. Overview

Agentic Invoice Processing System ("AIPS", "we", "our", or "us") is a SaaS platform that automates the ingestion, validation, and routing of invoices on behalf of bookkeepers, accountants, and individual businesses. This Privacy Policy explains how we collect, use, store, and share information when you use our services at aips-demo.ddns.net.

By creating an account or connecting an integration, you agree to this policy. If you do not agree, please discontinue use.

2. Data We Collect

2.1 Account information

  • Name, email address, and password (bcrypt-hashed; we never store plaintext).
  • Account type (bookkeeper/accountant or individual firm).
  • Billing information processed via Paddle (we do not store card numbers).

2.2 Invoice and document data

  • Invoice files (PDF, image, CSV, XML) fetched from connected sources on your behalf.
  • Extracted fields: vendor name, invoice number, amounts, line items, due date.
  • Validation results and routing decisions stored in our audit log.

2.3 Google user data

When you connect Gmail, Google Drive, or Google Sheets, we request the minimum scopes needed to read incoming invoices and deposit processed results:

  • gmail.readonly — read email messages to detect invoice attachments. We never read, store, or transmit personal email content unrelated to invoices.
  • drive.readonly — list and read files in folders you designate as invoice sources.
  • drive.file — create and update files only in folders created by AIPS or explicitly selected by you as destinations.
  • spreadsheets — append processed invoice rows to Google Sheets you designate as a destination.

AIPS's use of data obtained via Google APIs is limited to the functionality described in this policy and complies with the Google API Services User Data Policy, including the Limited Use requirements.

Google user data is never used for advertising, sold to third parties, or used to train AI/ML models other than the invoice-extraction pipeline operating on your behalf.

2.4 Usage and technical data

  • Server logs: IP address, request path, HTTP status, timestamp.
  • Prometheus metrics (aggregate counters only — no personally identifiable information).
  • Session tokens stored as httpOnly cookies (not accessible to JavaScript).

3. How We Use Your Data

  • To authenticate you and maintain your session.
  • To ingest, extract, validate, and route invoices as configured by you.
  • To deliver processed invoices to your chosen destinations (QuickBooks, Xero, Google Drive, etc.).
  • To send exception notifications via email or push when an invoice fails validation.
  • To generate your audit log and billing history.
  • To improve system reliability through aggregate, anonymised metrics.

4. Data Storage and Retention

All data is stored on servers located in the United States (DigitalOcean NYC1 region). Invoice files are stored in MinIO (S3-compatible object storage) on the same server.

  • Active account data is retained for the lifetime of your subscription.
  • Invoice files and extracted data are retained for 7 years to support audit requirements (configurable on request).
  • Google OAuth access tokens are stored encrypted in our database and refreshed automatically; they are deleted immediately when you disconnect an integration.
  • Session tokens expire after 24 hours of inactivity.
  • When you delete your account, all personal data and invoice data is permanently erased within 30 days.

5. Data Sharing and Third Parties

We do not sell your data. We share data only in these cases:

  • Platforms you connect: Google (Gmail, Drive, Sheets), Microsoft (Outlook, OneDrive), Dropbox, QuickBooks, Xero — only to read sources or write destinations you configure.
  • Paddle: processes billing; subject to Paddle's own privacy policy.
  • Legal requirement: if required by a valid court order or applicable law.

No marketing partners. No advertising networks. No data brokers.

6. Security

  • All traffic is encrypted with TLS 1.2+.
  • Passwords are bcrypt-hashed with a minimum cost factor of 12.
  • Multi-factor authentication (email OTP) required for all accounts.
  • OAuth tokens stored encrypted in PostgreSQL.
  • Infrastructure hardened per SOC 2 controls (access logs, principle of least privilege).

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of personal data we hold about you.
  • Correction — ask us to fix inaccurate data.
  • Deletion — request erasure of your account and associated data.
  • Portability — receive your data in a machine-readable format (JSON/CSV).
  • Revoke OAuth consent — disconnect any Google integration at any time in Settings → Integrations; we immediately stop accessing that account and delete the stored token.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

8. Cookies

We use a single httpOnly session cookie (aips_token) required for authentication. We do not use tracking cookies, analytics cookies, or advertising cookies.

9. Children's Privacy

AIPS is a business tool intended for adults. We do not knowingly collect data from anyone under 18. If we discover we have collected data from a minor, we will delete it promptly.

10. Changes to This Policy

We may update this policy periodically. We will notify you by email and display a banner on login at least 14 days before material changes take effect. Continued use after the effective date constitutes acceptance.

11. Contact

Questions about this policy or requests to exercise your rights:

Email: [email protected]