ANIMUS INVOICE

Privacy Policy

Your privacy matters to us. Learn how we collect, use, and protect your data.

Last Updated: February 15, 2026

1. Introduction
2. Data Controller
3. What Data We Collect
4. How We Collect Data
5. Why We Collect Data (Legal Basis)
6. How We Use Your Data
7. Data Sharing and Third Parties
8. Data Security
9. Data Retention
10. Your Rights (UK GDPR)
11. Cookies and Tracking
12. International Data Transfers
13. Children's Privacy
14. Changes to This Policy
15. Contact Us

Introduction

Welcome to the Privacy Policy of ANIMUS CODE LTD ("we", "us", "our"). This policy explains how we collect, use, store, and protect your personal data when you use Animus Invoice (the "Service").

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.

Your Privacy Matters

We do not sell your personal data to third parties. We only use your data to provide and improve the Service.

By using the Service, you consent to the collection and use of your data as described in this Privacy Policy.

Data Controller

The data controller responsible for your personal data is:

ANIMUS CODE LTD

Company Registration No: 16998454

Registered Address:

71-75, Shelton Street

Covent Garden, London

WC2H 9JQ, UNITED KINGDOM

Email: support@animusinvoice.com

Website: animuscode.co.uk

For data protection inquiries, please email us at support@animusinvoice.com with "DATA PROTECTION" in the subject line.

What Data We Collect

We collect the following types of personal data:

3.1 Account Information

Email Address	Required for account creation and login
Password	Hashed and encrypted (we cannot see your password)
Account Creation Date	Timestamp of when you signed up

3.2 Business Information

Business Name	Your company or trading name
Business Address	Your company address (appears on invoices)
VAT Number	Optional tax identification number
Logo	Pro users only - stored in Supabase Storage

3.3 Invoice Data

Client Information: Client names, addresses, email addresses
Invoice Details: Invoice numbers, amounts, line items, dates
Payment Information: Payment links (if Pro user)

3.4 Payment Information

Important: We do NOT store credit card details. All payment processing is handled by our payment processor, Lemon Squeezy. They store:

Credit card information (encrypted)
Billing address
Transaction history

We only receive:

Subscription status (active, cancelled, expired)
Subscription tier (Starter, Pro, Enterprise)
Billing cycle dates

3.5 Usage Data

Login Activity	Timestamps of when you log in
Invoice Count	Number of invoices created (for Starter tier limits)
Feature Usage	Which features you use (anonymized analytics)
IP Address	For security and fraud prevention
Device Information	Browser type, OS, screen resolution (for bug fixes)

3.6 Beta Feedback (If Applicable)

Survey responses (37-question feedback form)
Feature requests and bug reports
Testimonials (with your consent)

How We Collect Data

4.1 Directly From You

When you create an account
When you fill out your business information
When you create invoices and add client data
When you upload a logo (Pro users)
When you contact customer support
When you complete the beta feedback form

4.2 Automatically

Login activity via Supabase Auth
Usage analytics (anonymized)
Error logs (for debugging)
IP address (from web server logs)

4.3 From Third Parties

Lemon Squeezy: Subscription status and billing events
Supabase: Database and authentication logs

Why We Collect Data (Legal Basis)

Under UK GDPR, we must have a legal basis to process your personal data. We rely on the following:

5.1 Contract (Performance of a Contract)

We need your data to provide the Service as agreed in our Terms of Service:

Creating and managing your account
Generating invoices and PDFs
Processing subscription payments
Storing your data in the cloud

5.2 Legitimate Interests

We have legitimate business interests in:

Improving the Service based on usage data
Preventing fraud and ensuring security
Debugging and fixing technical issues
Analyzing feature usage to prioritize development

5.3 Consent

We ask for your explicit consent for:

Marketing communications (opt-in only)
Using your testimonials or feedback publicly
Non-essential cookies (analytics, if applicable)

5.4 Legal Obligation

We may process data to comply with legal requirements:

Retaining billing records for tax compliance (HMRC requirements)
Responding to lawful requests from authorities
Complying with data subject access requests (UK GDPR)

How We Use Your Data

Purpose	Data Used	Legal Basis
Account creation and login	Email, password	Contract
Invoice generation	Business info, client data	Contract
Subscription billing	Email, subscription tier	Contract
Customer support	Email, account details	Contract
Security and fraud prevention	IP address, login activity	Legitimate Interest
Product improvement	Usage data (anonymized)	Legitimate Interest
Marketing emails	Email address	Consent (opt-in)
Tax compliance	Billing records	Legal Obligation

We Do NOT

Sell your data to third parties
Use your invoice data for advertising
Share client information with anyone except you
Send spam or unsolicited marketing (unless you opt-in)

Data Sharing and Third Parties

7.1 Third-Party Service Providers

We share data with the following trusted third parties who help us operate the Service:

Service	Purpose	Data Shared	Location
Supabase	Database, authentication, storage	All account and invoice data	EU/US (AWS)
Lemon Squeezy	Payment processing	Email, subscription status, billing info	US

These providers are contractually obligated to protect your data and comply with GDPR.

7.2 Legal Disclosure

We may disclose your data if required by law or in response to:

Court orders or legal processes
Requests from law enforcement or government agencies
Protection of our rights, property, or safety
Prevention of fraud or illegal activity

7.3 Business Transfers

If ANIMUS CODE LTD is acquired, merged, or sells assets, your data may be transferred to the new owner. We will notify you via email before any such transfer.

7.4 No Selling of Data

We do NOT sell, rent, or lease your personal data to third parties for marketing purposes.

Data Security

We implement industry-standard security measures to protect your data:

8.1 Technical Safeguards

Encryption: All data in transit uses HTTPS/TLS encryption
Password Hashing: Passwords are hashed using bcrypt (Supabase Auth)
Row Level Security (RLS): Database-level access control ensures you only see your data
Secure Storage: Logo uploads stored in Supabase Storage with access controls

8.2 Organizational Safeguards

Limited employee access to production data
Regular security audits and updates
Incident response plan for data breaches

8.3 Third-Party Security

Supabase: SOC 2 Type II certified, ISO 27001 compliant
Lemon Squeezy: PCI DSS compliant for payment processing

Data Breach Notification

In the unlikely event of a data breach affecting your personal data, we will notify you within 72 hours as required by UK GDPR.

Data Retention

9.1 Active Accounts

We retain your data for as long as your account is active.

9.2 Deleted Accounts

When you delete your account:

Immediate deletion: Account credentials, business info, client data, invoices
30-day grace period: Soft delete allows recovery if you change your mind (email us within 30 days)
Permanent deletion: After 30 days, all data is permanently deleted

9.3 Legal Retention

Some data must be retained for legal compliance:

Billing Records	6 years (UK tax law requirement)
Anonymized Analytics	Indefinitely (no personal identifiers)
Support Emails	3 years (for dispute resolution)

9.4 Backup Data

Deleted data may persist in backups for up to 90 days, after which backups are automatically purged.

Your Rights (UK GDPR)

Under UK GDPR, you have the following data protection rights:

10.1 Right to Access

You can request a copy of all personal data we hold about you. Email support@animusinvoice.com with "DATA ACCESS REQUEST" in the subject line. We will respond within 30 days with a JSON or CSV file.

10.2 Right to Rectification

You can update inaccurate data yourself in Settings → Business Information. For other corrections, contact us.

10.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your data by:

Deleting your account in the app (Settings → Account → Delete)
Emailing us at support@animusinvoice.com

Note: We may retain data required for legal compliance (e.g., billing records).

10.4 Right to Data Portability

You can export your invoices as PDF anytime. For a full data export (JSON/CSV), email us.

10.5 Right to Object

You can object to processing based on legitimate interests (e.g., analytics). Email us to opt out.

10.6 Right to Restrict Processing

You can request we limit how we use your data (e.g., while disputing accuracy). Contact us to request restriction.

10.7 Right to Withdraw Consent

For processing based on consent (e.g., marketing emails), you can withdraw consent anytime:

Click "Unsubscribe" in marketing emails
Update preferences in Settings → Notifications

10.8 Right to Complain

If you believe we are mishandling your data, you can lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK

Cookies and Tracking

11.1 Essential Cookies

We use essential cookies required for the Service to function:

Session Cookie	Keeps you logged in (Supabase Auth)
CSRF Token	Security protection against cross-site attacks

11.2 Analytics Cookies (Optional)

We may use anonymized analytics in the future (e.g., Google Analytics). If implemented, we will:

Ask for your consent via cookie banner
Anonymize IP addresses
Allow you to opt-out

11.3 No Third-Party Advertising

We do NOT use advertising cookies or trackers from third parties (e.g., Facebook Pixel, Google Ads).

11.4 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using the Service.

International Data Transfers

12.1 Data Storage Locations

Your data is stored by our third-party providers:

Supabase: AWS data centers (EU and/or US regions)
Lemon Squeezy: US-based servers

12.2 Adequacy and Safeguards

For transfers outside the UK/EEA, we rely on:

Adequacy decisions: EU Commission has deemed certain countries (e.g., Switzerland) as providing adequate data protection
Standard Contractual Clauses (SCCs): Legally binding contracts that require third parties to protect your data
Provider certifications: Supabase and Lemon Squeezy comply with GDPR requirements

12.3 Your Rights for International Transfers

You can request details about international transfers by emailing us at support@animusinvoice.com.

Children's Privacy

Animus Invoice is not intended for children under 18 years of age. We do not knowingly collect personal data from children.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@animusinvoice.com and we will delete the data immediately.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

14.1 Notification of Changes

When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Notify you via email (to the address associated with your account)
Display a notice in the Service for 30 days

14.2 Your Continued Use

Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, please delete your account.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Data Protection Inquiries