Privacy Policy

Envoice (“Envoice”, “we”, “us”) operates the e-invoicing service at envoice.ae and app.envoice.ae. This policy explains what information we collect, why we collect it, and how we handle it. We wrote this in plain language because legal hedging helps nobody.

We collect three categories of data:

• Account information — your name, business name, email address, TRN (if provided), and password hash. You give us this when you sign up.
• Invoice data — the invoices you create, including client details you enter, line items, amounts, and VAT lines. You control this data.
• Usage logs — basic server logs (IP address, user agent, timestamps, request paths) and aggregated analytics events about which pages and features are used.

We use your data to:

• Provide the invoicing service you signed up for.
• Deliver invoices and notifications to the recipients you specify.
• Support you when you contact us.
• Detect and prevent abuse or fraud.
• Improve Envoice based on aggregate usage patterns.

We do not use your invoice data to train machine-learning models or profile you for advertising.

Your account and invoice data is stored on Amazon Web Services infrastructure in the UAE region (me-central-1). Backups stay within the same region. Data in transit is encrypted with TLS; data at rest is encrypted using AWS-managed keys.

We do not sell your data. We share it only with the specific service providers that run Envoice on our behalf:

• AWS (hosting and storage)
• A transactional email provider to deliver invoices and notifications
• A payment processor to collect subscription payments (we never see or store full card numbers)

We may disclose data if required by a valid legal order in the UAE, but we will push back on overbroad requests.

We encrypt data in transit and at rest, enforce MFA on internal access, limit production access to a small team, and log privileged actions. No system is perfectly secure, but we take reasonable steps in line with industry practice and will notify affected users of any material incident.

You have the right to:

• Access the data we hold about you.
• Correct inaccurate data through your account or by contacting us.
• Export your invoices at any time.
• Delete your account, subject to the retention rules below.

We retain invoice records for the period required by UAE tax law (currently five years) even after account closure, because you may need them for audits. Other account data is deleted within 90 days of account closure unless we are required to keep it longer.

Envoice uses only essential cookies (authentication, CSRF) and privacy-respecting analytics that do not profile you. We do not use advertising cookies. See our Cookie Policy for details.

Envoice is a business tool and is not intended for anyone under 18. We do not knowingly collect data from children.

We may update this policy from time to time. If we make a material change, we will notify account holders by email. The “Last updated” date at the top always reflects the current version.

Privacy questions or requests: privacy@envoice.ae. General support: support@envoice.ae.