Privacy Policy
This Privacy Policy explains how nerdy.pro ("we", "us", "our") collects, uses, and protects personal data when you use Invoiceness (the "Service") at invoiceness.me.
We are the data controller for the personal data described in this policy. If you have any questions, contact us at welcome@nerdy.pro.
This policy is written for compliance with the EU General Data Protection Regulation (GDPR).
1. Information we collect
1.1 Information you provide
- Account information: your email address, name, and password (stored only as a salted hash — we never see your plaintext password).
- Profile and billing details: company name, postal address, tax identification number, and bank or payment account details used to generate your invoices.
- Content you create: clients, projects, time entries, invoices, uploaded files (such as logos and attachments), and any other information you enter into the Service. This may include personal data about your own customers or collaborators.
1.2 Information collected automatically
- Technical data: your IP address, browser type and version, operating system, device identifiers, language preference, and timestamps of requests.
- Server logs: HTTP request paths, response status codes, and request durations — used to diagnose errors and monitor performance.
- Cookies and similar technologies: see Section 8 for the full cookie list.
2. How we use your information and our legal bases
| Purpose | Legal basis under GDPR |
|---|---|
| Provide the Service (account, time tracking, invoicing, sharing) | Performance of a contract (Art. 6(1)(b)) |
| Authenticate you and secure the Service | Legitimate interests (Art. 6(1)(f)) — keeping the Service safe |
| Send transactional email (sign-up confirmation, password reset, invitations, billing notices) | Performance of a contract (Art. 6(1)(b)) |
| Process subscription payments | Performance of a contract (Art. 6(1)(b)) |
| Diagnose errors and monitor performance | Legitimate interests (Art. 6(1)(f)) — operating a reliable service |
| Comply with tax, accounting, and other legal obligations | Legal obligation (Art. 6(1)(c)) |
We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.
3. Who we share your data with
We share personal data only with the sub-processors we need to operate the Service. Each sub-processor is bound by a written data processing agreement.
| Sub-processor | Purpose | Location |
|---|---|---|
| Resend, Inc. | Transactional email delivery | United States |
We may also disclose personal data when required by law, to enforce our terms, or to protect the rights, property, or safety of our users or others.
We do not sell your personal data, and we do not share it for cross-context behavioural advertising.
4. International data transfers
Some of our sub-processors are located outside the European Economic Area (EEA):
- United States (Resend): transfers rely on the EU-US Data Privacy Framework where the recipient is certified, and on the European Commission's Standard Contractual Clauses (SCCs) as a supplementary safeguard.
You can request a copy of the relevant safeguards by contacting us at welcome@nerdy.pro.
5. How long we keep your data
| Data | Retention period |
|---|---|
| Account, profile, and content | For as long as your account is active |
| Account data after deletion | Soft-deleted for 30 days to allow recovery, then permanently erased |
| Backups | Purged within 90 days of deletion |
| Server logs | 30 days |
| Invoice and tax records | Up to 10 years, as required by EU and local tax law |
6. How we protect your data
- All traffic to and from the Service is encrypted with HTTPS (TLS).
- Authentication uses secure, HTTP-only session cookies.
- Passwords are stored as salted hashes — never in plaintext.
- Data at rest is encrypted on our hosting providers' infrastructure.
- Access to production systems is limited to authorised personnel and protected by strong authentication.
No system is perfectly secure. If we ever detect a personal data breach affecting you, we will notify you and the competent supervisory authority as required by GDPR.
7. Your rights
Under GDPR you have the right to:
- Access the personal data we hold about you;
- Rectify inaccurate or incomplete data;
- Erase your data ("right to be forgotten"), subject to legal retention obligations;
- Restrict how we process your data;
- Object to processing based on our legitimate interests;
- Data portability — receive your data in a structured, machine-readable format;
- Withdraw consent at any time, where processing is based on consent (this does not affect the lawfulness of prior processing);
- Lodge a complaint with your local data protection supervisory authority.
To exercise any of these rights, email welcome@nerdy.pro. We respond to verified requests within 30 days.
8. Cookies
We use the following cookies:
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
invoiceness-session | Authentication — keeps you signed in | Strictly necessary, HTTP-only | Session |
invoiceness_i18n | Remembers your language preference | Strictly necessary | 1 year |
invoiceness-color-mode | Remembers your theme preference | Strictly necessary | 1 year |
All cookies listed above are strictly necessary for the Service to function and do not require consent. You can block or delete them through your browser settings, but the Service may not work correctly if you do.
9. Children
The Service is not directed at children. We do not knowingly collect personal data from anyone under 16 years of age. If you believe a child has provided us with personal data, contact us and we will delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date below reflects the most recent revision. For material changes, we will notify you by email or through a prominent notice in the Service before the changes take effect.
11. Contact
For any privacy-related question, request, or complaint:
nerdy.pro Email: welcome@nerdy.pro
Last updated: 27 April 2026.