1. Who we are
Invoia is operated by Evidentia B.V., a company registered in the Netherlands (Chamber of Commerce: forthcoming). Our registered address is in Amsterdam, the Netherlands. You can contact us at privacy@evidentia.one.
2. Data we collect
When you use Invoia we collect:
- Account data — name, email address, company name, VAT number, provided during sign-up via our identity provider (Zitadel).
- Invoice data — buyer/supplier names, addresses, VAT numbers, line items, and amounts contained in invoices you create or receive.
- Usage data — API request logs, timestamps, IP addresses, and browser/device information for security and operational purposes.
- Billing data — subscription and payment information managed by Mollie. We do not store card numbers.
3. Legal bases and purposes
We process your data on the following GDPR bases:
- Contract performance — to provide the Invoia service, including generating, sending, receiving, and archiving e-invoices.
- Legal obligation — to retain invoice records as required by Dutch, Belgian, and German tax law (up to 7 years).
- Legitimate interests — to secure, operate, and improve the platform; to detect and prevent fraud.
- Consent — for any optional marketing communications (you may withdraw at any time).
4. Data sharing
We share data only as necessary:
- Peppol network — invoice data is transmitted to recipient Peppol participants via our access point provider (B2Brouter). This is core to the service.
- Mollie — payment processing. Subject to Mollie's own privacy policy.
- Infrastructure providers — hosting and database providers processing data under GDPR-compliant data processing agreements.
We do not sell your data to third parties.
5. Data retention
Invoice data is retained for 7 years to meet EU tax-record requirements. Account data is deleted within 30 days of account closure, except where retention is legally required.
6. Your rights
Under the GDPR you have the right to access, rectify, erase, restrict, and port your data, and to object to processing. To exercise any right, email privacy@evidentia.one. You may also lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
7. Cookies
We use a session cookie (HTTP-only, secure) strictly necessary for authentication. We do not use advertising or tracking cookies.
8. Changes
We may update this policy. Material changes will be notified via email or in-app notice at least 14 days before taking effect.
9. Contact
Questions or requests: privacy@evidentia.one