Privacy Policy — Invoice Flow
Privacy Policy — InvoiceFlow
Last updated: April 21, 2026
This Privacy Policy describes how GiveMeMood ("we", "us", or "our") handles information in connection with the InvoiceFlow mobile application ("the App"), available on Google Play.
InvoiceFlow is developed and maintained by GiveMeMood, an independent individual developer. Our website is givememood.com.
Summary: InvoiceFlow is local-first — all invoices, clients, products, and business data you create are stored only on your device. We collect a small amount of technical data (hashed device identifier, app usage events, crash diagnostics, push notification token) exclusively to prevent abuse of the free trial, improve app stability, and deliver optional notifications. We do not collect names, emails, or any personal information you enter into the App.
1. Information We Collect
Starting with version 1.1.0, InvoiceFlow collects a limited set of technical data through Google Firebase services. We do not collect the personal information you enter into invoices, client lists, or business profiles — that data stays on your device.
1.1 Hashed Device Identifier
To prevent abuse of the 7-day free trial (e.g., users reinstalling the app to reset their trial), we collect a SHA-256 hash of the Android SSAID (Secure Settings Android ID). The raw SSAID never leaves your device. Only the hashed value is stored in our Firestore database, linked to the timestamp when you first started your trial.
- Data stored: SHA-256 hash (64 hex characters), trial start date (ISO timestamp), platform ("android")
- Where: Google Cloud Firestore (region: europe-west, EU)
- Why: Trial protection / anti-abuse (fraud prevention)
- Retention: Automatically purged after 2 years of inactivity
- Not linked to: Your name, email, phone, or any other personal information
1.2 Firebase Cloud Messaging (FCM) Token
To deliver push notifications (invoice reminders, app updates, optional promotional content), the App registers a device-specific FCM token with Google's Firebase Cloud Messaging service. This token is an opaque identifier generated by Google and associated with your device's Firebase Installations ID.
- Data stored: FCM registration token (managed by Google, not by us)
- Why: To deliver push notifications you opt into in Settings → Notifications
- Categories (user-controlled): App updates, invoice reminders, promotions, usage tips — all can be disabled individually in the App settings
- Retention: Token is refreshed periodically by Google; deleted when you uninstall the app
1.3 Analytics Events
We use Firebase Analytics to understand how features are used so we can improve the App. Events collected include:
- App opens, screen views (which screens you visit)
- Feature interactions (e.g., "invoice_created", "subscription_started", "trial_started")
- Automatic events collected by Firebase: device model, OS version, app version, locale, country (approximated from IP, not precise location)
We do not collect: invoice contents, client names, business names, amounts, or any data you enter into the App.
1.4 Crash Reports
We use Firebase Crashlytics to receive diagnostic reports when the App crashes. Reports include: stack trace, device model, OS version, app version. No personal data or user-entered content is included in crash reports.
1.5 Purchase History
When you purchase a subscription, Google Play shares basic purchase information (purchase token, product ID, purchase date) with the App so we can verify your active subscription. This data is processed through Google Play Billing; we do not receive your payment method details (credit card, bank account, etc.).
1.6 Play Integrity Attestation
To protect Firebase resources from abuse, the App uses Firebase App Check with Play Integrity API. When the App communicates with Firebase services, it sends a cryptographic attestation to Google verifying that the App is a genuine build installed through Google Play and running on a legitimate Android device. No personal data is included in this attestation.
2. Data Stored Locally on Your Device
The following data remains exclusively on your device and is never transmitted to us:
| Data Type | Purpose | Storage |
|---|---|---|
| Business profiles | Company name, logo, address, email, phone, tax ID, payment details | Local database on device |
| Invoices & items | Invoice numbers, amounts, dates, status, line items, tax calculations | Local database on device |
| Clients | Client name, company, contact details, notes, avatars | Local database on device |
| Products & inventory | Product names, prices, SKUs, stock quantities | Local database on device |
| Expenses & receipts | Expense descriptions, amounts, receipt images | Local database and file storage on device |
| Time entries | Project names, durations, hourly rates | Local database on device |
| Contracts & signatures | Contract terms, digital signatures | Local database on device |
| Delivery notes | Shipping addresses, tracking info | Local database on device |
| Payments | Payment amounts, methods, references | Local database on device |
| PDF documents | Imported and edited PDF files | Local file storage on device |
| Exchange rates | Currency conversion rates | Local database on device |
| App preferences | Theme, language, font settings, notification preferences | Local preferences on device |
None of the data in the table above is transmitted to us or any third party. This data remains on your device and is fully under your control.
3. Device Permissions
InvoiceFlow may request the following permissions. Each is optional and the App functions without them (with limited features):
| Permission | Why It Is Needed | Data Sent to Servers? |
|---|---|---|
| Camera | To scan QR codes and barcodes for product and invoice references | No |
| Storage | To import/export PDFs, save receipt photos, create data archives | No |
| Post notifications (Android 13+) | To display local reminders for due invoices and optional push notifications | Only FCM token (see section 1.2) |
| Receive boot completed | To reschedule local invoice reminders after the device restarts | No |
| Internet | For Firebase services (analytics, crash reports, trial protection, push notifications) and Google Play subscription verification | See sections 1.1–1.6 |
You can revoke any permission at any time through your device's system settings. You can disable all notification categories (including invoice reminders) in the App under Settings → Notifications.
4. Third-Party Services
The App uses the following Google services, subject to Google's privacy policies:
4.1 Google Firebase
We use the following Firebase services (all provided by Google LLC):
- Cloud Firestore — stores hashed device identifier and trial start date (section 1.1)
- Firebase Analytics — app usage events (section 1.3)
- Firebase Crashlytics — crash diagnostic reports (section 1.4)
- Firebase Cloud Messaging (FCM) — push notification delivery (section 1.2)
- Firebase App Check — anti-abuse protection via Play Integrity API (section 1.6)
Firebase data handling is governed by Firebase's Privacy Policy.
4.2 Google Play Billing
InvoiceFlow offers optional subscription plans processed through Google Play. The purchase transaction is handled entirely by Google Play. We do not have access to your payment information (credit card number, billing address, etc.). Google's handling of your payment data is governed by Google's Privacy Policy.
4.3 Google Sign-In (Optional — Google Drive Backup)
If you choose to back up your data to Google Drive (feature available under Settings → Backup), the App uses Google Sign-In to request OAuth authorization for access to your Google Drive. This authorization grants the App permission to write backup files to a dedicated folder in your own Google Drive. We do not receive, store, or have access to your Google account credentials. You can revoke this authorization at any time in your Google account settings at myaccount.google.com/permissions.
5. Data Sharing
We do not sell, trade, rent, or share your data with third parties for advertising or marketing purposes. Data processed by Firebase services (section 4.1) is handled by Google as our data processor, not as a recipient of data.
The App includes an export feature that allows you to create a data archive for backup or transfer. These exports are generated locally on your device and shared only when you explicitly choose to do so (e.g., by emailing yourself the archive or saving it to Google Drive).
6. Data Retention
Retention depends on the data category:
- Local device data (invoices, clients, products, etc.) — retained until you delete it within the App or clear the App's data via your device settings. We have no ability to access, retain, or recover this data.
- Firestore trial record (hashed device identifier) — automatically deleted after 2 years of inactivity, or upon your request (see section 7).
- Firebase Analytics data — retained according to Firebase defaults (typically 14 months for event data).
- Firebase Crashlytics data — retained for 90 days.
- FCM token — maintained by Google; deleted when you uninstall the app or disable all notifications.
- Purchase history — retained by Google Play per their terms.
7. Your Rights and Data Deletion
Depending on your jurisdiction (GDPR for EU, CCPA for California, LGPD for Brazil, POPIA for South Africa, and other applicable laws), you have rights regarding your data. These include:
- Right to access: request a copy of data we hold about your device
- Right to correction: request correction of inaccurate data (typically not applicable, as our records contain only timestamps and hashes)
- Right to deletion: request deletion of your data from our systems
- Right to object: opt out of non-essential data collection (notification categories in Settings; analytics through your device's system-level opt-out if supported)
- Right to portability: receive a copy of your data in a machine-readable format
7.1 How to Request Data Deletion
To request deletion of data we store about your device, please email givememood@gmail.com with the subject line "Data Deletion Request". Include in your request:
- The approximate date you first installed the App
- The device type or model, if known
We will delete the associated Firestore trial record within 30 days of your verified request.
7.2 How to Delete Local Data Yourself
You can delete all local App data at any time by:
- Deleting individual invoices, clients, or other items within the App
- Clearing the App's data via Android Settings → Apps → InvoiceFlow → Storage → Clear data
- Uninstalling the App (removes all local data; Firestore trial record persists until automatic purge or deletion request)
7.3 How to Opt Out of Optional Data Collection
- Push notifications — disable categories in the App: Settings → Notifications
- Google Drive backup — don't sign in, or revoke authorization at myaccount.google.com/permissions
- All Firebase data collection — not possible while keeping the app functional (analytics and crash reports are essential for our ability to maintain the App; the trial protection is required to enforce our subscription terms)
8. Free Trial and Subscriptions
8.1 Free Trial
InvoiceFlow provides a 7-day free trial that begins automatically when you first set up the App. During the trial, you have full access to all features at no cost. The trial is protected against abuse: it is counted per device (based on the hashed device identifier described in section 1.1). The trial cannot be paused or restarted, and does not require payment information to begin.
After the trial ends, you can still view your data, share existing PDFs, export your data archive, and change invoice statuses. Creating and editing invoices, clients, and products requires an active subscription.
8.2 Subscription Plans
InvoiceFlow offers two auto-renewing subscription plans:
- Monthly: $4.99/month
- Yearly: $29.99/year (equivalent to $2.50/month)
Both plans provide identical full access to all App features. Prices are in US dollars; actual prices may vary by country as determined by Google Play.
8.3 Billing and Cancellation
Subscriptions are processed through Google Play. We do not process, collect, or store any payment information. You can manage or cancel your subscription at any time through your Google Play account settings. After cancellation, your subscription remains active until the end of the current paid period. Your locally-stored data is never deleted regardless of your subscription status.
For full subscription terms, see our Terms of Service.
9. Children's Privacy
InvoiceFlow is a business tool intended for professionals, freelancers, and small business owners aged 16 and older. The App is not directed at children under 16.
We do not knowingly collect personal information from children under 16. If you believe a child has provided us with information through the App, please contact us and we will take steps to delete any such information.
10. Data Security
We implement industry-standard security measures:
- Encryption in transit: All communication between the App and Firebase/Google services uses TLS (HTTPS) encryption
- Encryption at rest: Data stored in Firebase services is encrypted at rest by Google
- Anti-abuse: Firebase App Check with Play Integrity prevents unauthorized access from modified or fraudulent clients
- Minimization: We only collect the data necessary for the purposes described in this policy
Local data on your device is protected by your device's own security measures. We recommend that you:
- Keep your device's operating system up to date
- Use a screen lock (PIN, pattern, fingerprint, or face recognition)
- Regularly use the export feature to create backup archives
11. International Users
InvoiceFlow is available worldwide with no country restrictions, and supports 76 languages. Our Firestore database is hosted in the European Union (Google Cloud region europe-west, multi-region). Firebase Analytics, Crashlytics, and Cloud Messaging data may be processed in data centers operated by Google globally, subject to Google's standard contractual clauses and data protection safeguards.
If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, your data is processed in accordance with the EU General Data Protection Regulation (GDPR). If you are a California resident, your data is processed in accordance with the California Consumer Privacy Act (CCPA). For other jurisdictions, equivalent local data protection laws apply where relevant.
12. Legal Basis for Processing (EU/UK Users)
For users subject to GDPR, our legal bases for processing are:
- Legitimate interests (Art. 6(1)(f)): fraud prevention (trial protection), app stability (crash reports), service improvement (analytics)
- Performance of a contract (Art. 6(1)(b)): subscription management, purchase verification
- Consent (Art. 6(1)(a)): optional notification categories (promotions, usage tips) — you can withdraw consent at any time in App Settings
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the App, legal requirements, or best practices. Any changes will be reflected on this page with an updated "Last updated" date. Material changes will be announced via an in-app notification. Continued use of the App after changes constitutes acceptance of the updated policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the App, please contact us:
- Developer: GiveMeMood
- Email: givememood@gmail.com
- Website: givememood.com
© 2026 GiveMeMood. All rights reserved. | givememood.com