Security & Privacy

Your data in safe hands

Transparency matters to us. Learn exactly how we protect your data, where it's stored, and what rights you have.

Technical architecture

Every invoice follows a clearly defined data flow, from upload to matching. All steps happen within the EU.

1

Upload & storage

Invoices are uploaded over HTTPS and stored encrypted on EU servers in Frankfurt, Germany. No temporary storage on the server.

2

OCR & AI extraction

Our OCR system reads the text locally. Then our EU-based AI extracts structured data: amount, vendor, date. Only the extracted text is sent, never the original document.

3

Matching & scoring

Our matching system compares extracted data with imported bank transactions. This step runs entirely on our servers, with no third parties involved.

4

Export & access

Matches and documents can be exported as ZIP. Temporary download links expire after 60 seconds. No permanent public access.

Subprocessors

We work with a minimal number of third-party providers, all within the EU.

Amazon Web Services (S3)

Frankfurt, Germany

Document storage (encrypted)

Mistral AI

Paris, France

AI extraction of invoice data

MongoDB Atlas

Frankfurt, Germany

Application database

Stripe

EU

Payment processing

Retention & deletion

We store data only as long as needed. You can request full account deletion at any time.

Documents & files

Stored while your account is active. On account deletion, all files are permanently removed within 30 days.

Account data

Email, name, and organization data are removed from the database immediately on account deletion. Logs are deleted after 90 days.

Payment data

Payment data is managed exclusively by Stripe. We do not store credit card or bank details on our servers.

Your GDPR rights

As an EU-based service, we guarantee all rights under the General Data Protection Regulation.

  • Right of access

    Get a complete overview of all data stored about you.

  • Right to rectification

    Request correction of inaccurate personal data.

  • Right to erasure

    Request full deletion of your account and all associated data.

  • Right to data portability

    Export all your data in a machine-readable format.

  • Right to restriction

    Restrict processing of your data under certain circumstances.

  • Right to object

    Object to the processing of your personal data at any time.

Security contact

Have a security question or want to report a vulnerability? Contact our security team.

support@invoice-matcher.io