GDPR Compliant

GDPR Compliance at eInvoicePro.ai

We are committed to protecting your personal data and respecting your rights under the General Data Protection Regulation (GDPR).

Right to Access

View all personal data we hold about you at any time through your dashboard or by requesting a data export.

Right to Portability

Export your data in machine-readable JSON format to transfer to another service provider.

Right to Erasure

Request deletion of your account and personal data (subject to legal retention requirements for invoices).

Right to Rectification

Correct any inaccurate or incomplete personal data directly from your account settings.

Right to Restrict Processing

Limit how we process your data while disputes or accuracy concerns are resolved.

Right to Object

Object to processing based on legitimate interests, direct marketing, or automated decision-making.

How We Comply with GDPR

Legal Basis for Processing

We process your data under the following legal bases:

  • Contract Performance: To provide invoicing services you signed up for
  • Consent: For optional features like analytics (you can withdraw at any time)
  • Legal Obligation: To comply with tax laws and regulations (GSTN, ZATCA, etc.)
  • Legitimate Interests: To prevent fraud, ensure security, and improve services

Data Minimization

We collect only the data necessary to provide e-invoicing services and ensure compliance. We do not collect excessive or irrelevant personal information.

Data Security

We implement technical and organizational measures to protect your data:

  • 256-bit AES encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • SOC2 Type II certified infrastructure
  • Regular security audits and penetration testing
  • Role-based access controls and audit logging
  • Multi-factor authentication for all accounts

International Data Transfers

When we transfer data outside the EU/EEA, we use:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all third-party providers
  • Adequacy decisions where available (e.g., UK, Switzerland)

Data Retention

We retain your data only as long as necessary:

  • Account data: While your account is active
  • Invoice data: 7 years (required by tax regulations)
  • Marketing data: Until you opt out
  • Analytics data: 2 years (anonymized)

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Notify affected users without undue delay
  • Describe the nature of the breach and measures taken
  • Provide recommendations to mitigate potential harm

How to Exercise Your Rights

To exercise any of your GDPR rights:

  • Access your dashboard: Most rights can be exercised directly from your account settings
  • Email us: privacy@einvoicepro.ai with your request
  • Contact our Data Protection Officer: dpo@einvoicepro.ai

We will respond to your request within 30 days. If your request is complex, we may extend this by an additional 60 days with explanation.

Supervisory Authority

If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority. A list of EU supervisory authorities can be found at:

https://edpb.europa.eu/about-edpb/board/members_en

Contact Our Data Protection Officer

For GDPR-related questions or to exercise your rights:

  • Email: dpo@einvoicepro.ai
  • Privacy Email: privacy@einvoicepro.ai
  • Phone: +91 94900 30441
  • Address: [Company registered address to be added]