Privacy Policy

Effective May 12, 2026

The short version
invioTrack stores only what we need to send your invoices and run your subscription. We never sell or share your data with advertisers. Card numbers are handled by Stripe — we never see them. You can delete any invoice or client right inside the bot, export to CSV on the Business plan, and ask us to close your whole account anytime.

1. Who we are

“invioTrack” (“we”, “us”, “our”) is a Telegram bot and supporting website at inviotrack.com. We help freelancers and small businesses send invoices and collect payments. This policy covers the bot (@invioTrack_bot) and the website.

2. Information we collect

From you, directly

Telegram identity: your Telegram user ID, first name (as shown to the bot), language code, and time zone. We do not see your phone number, Telegram password, or unrelated chats.
Business details you enter: your business name, business email, business address, default currency, late-fee percentage, and (on Business plan) logo and accent color.
Client and invoice data: client names and emails you save, invoice numbers, descriptions, line items, amounts, due dates, and paid/unpaid status.
Waitlist email if you submit one on the landing page — used only to notify you about invioTrack updates.

Created automatically

Server logs: short-lived logs of bot commands and HTTP requests (timestamps, response codes, generic error messages). Used for debugging and abuse prevention. Rotated and discarded within 30 days.
Subscription state: your current plan (Free, Pro, or Business), invoice counts for the current month, and a Stripe customer ID if you upgraded.

From Stripe, when you upgrade

Stripe handles all card details on its own servers. We never see or store your card number, CVV, or full bank details.
Stripe sends us your subscription status (active, past_due, cancelled), the plan you chose, and a customer ID so we can match your account.
Stripe’s privacy practices are governed by their own policy: stripe.com/privacy.

3. What we don’t collect

No advertising IDs, no marketing pixels, no third-party analytics trackers on the bot or the website.
No card numbers, no full bank account numbers.
No content of your Telegram chats outside of messages you send directly to @invioTrack_bot.
No biometric data, no location beyond your declared time zone.

4. How we use your information

To generate, deliver, and track your invoices.
To send polite payment reminders to you (not your clients) at the cadence you control — we never message your clients on your behalf.
To run your subscription with Stripe.
To prevent fraud and abuse (spam, harassment, prohibited use).
To answer your support questions.
To improve invioTrack by reviewing aggregated, non-identifying usage patterns (e.g. “how many invoices were created last week”).

5. How we share your information

We do not sell, rent, or trade your personal data. We share limited information only with the providers we need to run the service:

Telegram — the messaging platform invioTrack runs on. Messages you send the bot pass through Telegram under their Privacy Policy.
Stripe — our payment processor for paid plans. See stripe.com/privacy.
Hetzner — our hosting provider; servers are in the United States. See hetzner.com/legal/privacy-policy.
Zoho Mail — hosts our support and billing mailboxes.
Legal authorities — only if compelled by valid legal process (e.g. a US subpoena).

6. Where your data lives

invioTrack data is stored in a SQLite database on a private Hetzner server in the United States. The database file is locked to owner-only file permissions. Encrypted backups are replicated with Litestream. Backups are retained for 30 days.

7. How we protect your data

HTTPS for everything served from inviotrack.com (managed certificates).
Bot token kept in the server environment, not in plain text on disk.
Database file permissions tightened to owner-only on startup.
HMAC-signed checkout and billing-portal links — they expire after one hour.
No third-party trackers, ad pixels, or session-replay tools on the bot or the website.

No system is perfect. If we ever discover a breach that affects your data, we will email you within 72 hours of confirming the scope.

8. How long we keep it

Account data (clients, invoices, settings): for as long as your account is active.
If you delete your account: we erase your personal data and invoices within 30 days. Backup copies cycle out within 30 days after that.
Billing records (Stripe receipts, invoice metadata): kept for 7 years to comply with US tax and accounting rules. These do not include card numbers.
Server logs: rotated and discarded within 30 days.

9. Your rights

Almost everything is one tap inside the bot:

Delete an invoice: open it from /invoices and tap Delete.
Delete a client: open it from /clients and tap Delete.
Edit your details, currency, language, or reminder cadence: /settings.
Export your invoices to CSV (Business plan): tap Export to CSV from /plan.
Delete your entire account: type /delete_account in the bot — your account, clients, and invoices are erased immediately.

For a full copy of all the data we hold about you, or any other data request we can’t handle in the bot, see Section 13.

Account deletion erases your personal data within 30 days (including from backups), except for the billing records we have to keep under Section 8.

California residents (CCPA / CPRA)

If you live in California, you have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt out of any “sale” or “sharing” of personal information. We do not sell or share your personal information for cross-context behavioral advertising. Use /delete_account in the bot for deletion; for other CCPA requests see Section 13.

10. Children

invioTrack is for adults. We do not knowingly collect data from anyone under 16.

11. International users

invioTrack is operated from the United States and stores data on US servers. EU/UK users keep the same access, correction, and deletion rights described above — see Section 13 for how to reach us.

12. Changes to this policy

If we change anything substantive, we will update the effective date at the top and post a note in the bot (and email any waitlist subscribers). Continued use after a change means you accept the new version.

13. Contact

For anything we can’t handle in the bot — a full data copy, a data-processing complaint, a GDPR or CCPA request, a breach notice, anything you want a human to see — email hello@inviotrack.com. We respond within 30 days.