Privacy Policy

Last updated: April 24, 2026

1. About this policy

Invoice Link is a business-to-business invoicing tool operated by Sentinel Holdings Group, Inc. ("Sentinel Holdings", "we", "us"). This policy explains two kinds of data we handle:

• Your account and business data — where we are the Business / Controller (your signup info, subscription billing, business profile).
• Data about your customers — where you, the contractor, are the Business / Controller and we are a Service Provider / Processor acting on your instructions (the clients you invoice, invoice line items, payment records).

This split follows CCPA § 1798.140 and is how tools like Invoice Simple, QuickBooks, and Stripe frame their roles. It affects where rights requests go (see §6).

2. Information we collect

From you when you sign up. Name, email, phone number, business name, billing address, and the payment method you use for your subscription.

From your device. IP address, device type, operating system, app version, and push-notification tokens, collected automatically.

When you use features. Invoices, estimates, and client contact info you enter; photos and receipts you capture or select; contacts you explicitly pick to prefill a customer; GPS only while the Door Knocker screen is open and active; voice audio only while you use the AI assistant (transcribed on-device — raw audio is not retained).

Automatically. Server error logs, authentication events, and feature-usage metrics used to keep the Service running and improve it.

From payment processors. Transaction IDs, card last-4, card brand, and subscription entitlement status from Stripe, PayPal, Apple, Google, and RevenueCat. We never receive or store full card numbers.

3. How we use it

• Run and secure the Service
• Process payments and issue receipts (via Stripe and PayPal)
• Send transactional emails and push notifications you've opted into
• Improve the Service using aggregated, non-identifying usage data
• Comply with legal obligations, including tax reporting

We do not sell personal information, we do not share it for cross-context behavioral advertising, and we do not use it to train AI models.

4. Who we share with

We share data only with the processors we need to run the Service. Each has their own privacy policy which governs what they do.

• Payment processors (Stripe, PayPal) — invoice payments and subscription billing
• Hosting providers (Railway, Vercel) — run our application, database, and web infrastructure
• Email delivery (Postmark via ActiveCampaign) — transactional email
• App stores and subscription (Apple, Google, RevenueCat) — in-app subscription billing and entitlement verification
• Map services (Google) — address autocomplete and Street View imagery for customer addresses
• AI service provider (OpenAI) — only for the AI assistant, which is off by default; provider does not use API inputs to train models
• Push notifications (Apple APNs and Google FCM, relayed via Expo) — invoice-paid alerts and other notifications
• Property data (Rentcast) — optional address lookups
• File storage (Cloudflare R2) — invoice/estimate attachments, photos, business logos
• Error tracking (Sentry) — crash and error reports used only to fix bugs. PII (invoice content, customer details) is scrubbed before transmission.
• Log aggregation (Better Stack) — operational server logs. Email addresses, names, and payment IDs are redacted by the log shipper before they leave our servers.

5. How long we keep it

• Active account data. As long as your account is open, plus 30 days after cancellation so you can recover it.
• Payment and tax records. 7 years from the transaction date, as required by U.S. tax law (IRC § 6001 / 26 CFR § 1.6001-1). For retained rows we strip personally identifiable information so only pseudonymized financial metadata remains.
• Deleted-account data. Removed from production systems within 30 days; encrypted backups expire on a rolling 90-day schedule.
• Security logs. Up to 12 months.
• Legal holds. Retained for as long as legally required.

You can export your data at any time from Settings → Data Export.

6. Your rights

Your rights depend on whose data is involved.

6.1 For your account data (we are the Business)

We honor rights under the California CCPA/CPRA, Virginia CDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, and similar U.S. state privacy laws. You have the right to confirm, access, obtain a portable copy, correct, delete, limit the use of sensitive PI, and opt out of sale, sharing, targeted advertising, and significant profiling. We honor the Global Privacy Control (GPC) signal as an opt-out request.

In the past 12 months we collected these CCPA categories of personal information: identifiers, customer records, commercial information, internet or network activity, geolocation (only when a feature requires it), audio (only when voice input is used), visual (photos you attach), professional information, and inferences drawn from the above. We have not sold or shared personal information.

To exercise your rights, email privacy@invoicelinkapp.com or visit /account-deletion. We respond within 45 days (extendable by 45 days with notice). If we deny your request, you may appeal within 60 days to the same address; we respond to appeals within 60 days.

6.2 For your customers' data (you are the Business)

When you enter a client's contact info or create an invoice, you are the Business under CCPA and we are your Service Provider. You decide how that data is used, corrected, or deleted. If an invoice recipient or one of your clients contacts us directly with a rights request, we will forward the request to you and you will decide how to respond. We may still assist you in fulfilling requests under our Data Processing Addendum with you.

7. Account deletion

You can delete your account at any time through any of these routes:

• In the mobile app: Settings → Profile → Delete Account. Confirm your password and deletion begins immediately.
• On the web: invoicelinkapp.com/account-deletion. We email a signed, single-use confirmation link (valid 24 hours); clicking it finalizes the request.
• By email: support@invoicelinkapp.com with "Account Deletion Request" in the subject.

All three paths feed the retention schedule in §5: production purge within 30 days, backup expiry within 90 days, tax records retained 7 years with PII stripped.

8. Children

The Service is intended for business users aged 18 or older. We do not knowingly collect data from anyone under 13 (COPPA) or under 16 (CCPA). If you believe a minor has created an account, contact us and we will remove it.

9. Cookies

On the web app we use strictly-necessary cookies for authentication and CSRF protection, plus cookieless Vercel Analytics. We do not run advertising cookies. You can clear or block cookies via your browser settings.

10. International users

Invoice Link is offered in the United States. It is not marketed or distributed in the European Union, United Kingdom, or Switzerland.

10a. Data breach notification

We will notify affected users of any material data breach without unreasonable delay and no later than the timeframes required by applicable law, including 72 hours to EU regulators under GDPR Art. 33 and as required by state law in the United States (e.g., N.C. Gen. Stat. § 75-65).

11. Changes

We may update this policy from time to time. For material changes — anything that expands our collection, widens our uses, or extends our retention — we will give existing users at least 30 days' advance notice in-app and by email before the change takes effect.

12. Contact

Sentinel Holdings Group, Inc.
Email: support@invoicelinkapp.com
Privacy: privacy@invoicelinkapp.com

© 2026 Sentinel Holdings Group, Inc. All rights reserved.