INVOGEN — PRIVACY POLICY
This Privacy Policy explains how we collect, use, store, share, and protect information when you visit our marketing websites, create an account, or use the Invogen application and related Services.
It should be read together with our Terms and Conditions. Capitalised terms used but not defined here have the meaning given in the Terms where applicable.
By using the Service, you acknowledge this Privacy Policy. If you do not agree, do not use the Service.
⚠️ IMPORTANT NOTICE
Invogen is a business invoicing SAAS platform. We process account and billing data to run the Service. Business data you enter about your own customers, products, and invoices is primarily controlled by your organisation. Marketing phrases such as “Encrypted” or “Razorpay Secure” describe security practices and payment-partner safeguards — they are not a promise of absolute security or a certification by a regulator.
1. WHO WE ARE AND HOW TO CONTACT US
Product name: Invogen
Privacy / support email: contact@invogen.in
Registered address: OFFICE NO.1 Marol Neartime Square, Andheri East, Mumbai, Maharashtra 400059.
For privacy requests, email contact@invogen.in with the subject line “Privacy Request”.
2. SCOPE — WHO THIS POLICY COVERS
2.1 This Policy covers:
- visitors to Invogen marketing and public pages (including landing and pricing pages);
- Admin users who register and manage a company workspace;
- Employee users who join a workspace;
- individuals whose business contact details are stored by a Customer inside Invogen (for example customer names, emails, GSTIN on invoices) — see Clause 4.
2.2 Platform operators (Super Admin) are Invogen personnel. Their use of internal tooling is covered by Invogen’s internal policies; this document is the public-facing Customer/user policy.
3. ROLES: CONTROLLER AND PROCESSOR
3.1 For account registration data, subscription billing with Invogen, support tickets you send us, and Service usage needed to operate Invogen, we act as a data controller (or similar role under applicable Indian law).
3.2 For Customer Content stored in your workspace — including your clients’ personal and business data, invoices, templates, logos, signatures, and uploads — your organisation is typically the data controller. Invogen acts as a service provider / processor and processes that data only to provide the Service to you, as instructed by your use of the product, and as described in this Policy and our Terms.
3.3 If you are an Admin, you are responsible for ensuring you have a lawful basis and any required notices/consents to upload personal data of your employees, customers, and contacts into Invogen.
4. INFORMATION WE COLLECT
4.1 Information you provide directly:
Account and Profile
- Name, email address, password (stored in hashed form)
- Phone number (if provided), role (Admin / Employee)
- Portal preference, and authentication-related details
Company / Workspace Profile
- Business name, address, country, GSTIN, PAN
- Bank or payment display details you choose to store for invoices
- Invoice/tax settings, employee join codes, and similar business settings
Branding and Media
- Company logo, signature images, template images
- Other files you upload as part of the Service
Business Records You Create
- Customers, products, discounts
- Invoice and related document content (line items, HSN/SAC, totals, notes, share settings)
- PDF or export artefacts generated by the Service, and recurring invoice configuration
Support and Communications
- Messages, tickets, and emails you send to us
- Agreement records (acceptance of Terms and Privacy with metadata)
4.2 Information from Google sign-in (if you use it):
If Google OAuth is enabled and you choose “Sign in with Google”, we receive identifiers and profile information Google shares for authentication (such as name, email, and Google account ID), subject to your Google account settings and Google’s policies. We use this to create or log you into your Invogen account.
4.3 Payment and subscription information:
When you purchase or renew a plan, we process plan selection, billing cycle, subscription status, payment status, amounts, taxes applied on platform fees, promo/discount codes, and related platform invoice records. Card, UPI, and net-banking credentials are collected and processed by Razorpay (or another payment partner we enable). We do not store full payment card numbers on Invogen servers. We may store payment references, order/payment IDs, and webhook status updates needed for billing and support.
4.4 Information collected automatically:
- Technical and security data: IP address, browser/device type, timestamps, authentication tokens, and server logs used for security, debugging, and reliability.
- Cookies and similar technologies: we use cookies such as a refresh-token cookie for session continuity, and browser storage (localStorage for access tokens and sessionStorage for checkout cart state) to keep you signed in.
- Product usage: in-app notifications and activity needed to operate features (for example invoice created, subscription renewals, support updates). We do not currently operate third-party advertising pixels.
4.5 Information from your use of email and sharing features:
If you send invoices or notifications by email through the Service, we process recipient addresses and message metadata required for delivery via our email/SMTP provider. Share methods you select (for example email, public link, or WhatsApp as a recorded method) may store related metadata in your workspace.
5. HOW WE USE INFORMATION
We use information to:
- create and manage accounts, workspaces, roles, and permissions;
- provide invoicing, templates, PDF generation, reports, and related product features;
- process subscriptions, platform invoices, renewals, upgrades, cancellations, and payment status;
- send transactional messages (verification, password reset, billing, subscription expiry/renewal, support updates);
- provide customer support and investigate abuse or security incidents;
- maintain security, prevent fraud, enforce Terms, and comply with law;
- operate maintenance mode and Service reliability;
- improve the Service based on aggregated or operational feedback;
- display required platform branding (for example “Made with Invogen”) where your plan or settings require it.
We do not sell your personal data.
6. LEGAL BASES AND LAWFUL USE (INDIA)
We process personal data for legitimate uses connected with providing the Service, fulfilling contracts with you, complying with legal obligations, and securing our systems. Where consent is required (for example certain optional communications or Google sign-in permissions), we rely on that consent, which you may withdraw subject to limits needed to keep your account secure and deliver the Service you requested.
8. WORKSPACE DATA AND YOUR CUSTOMERS
8.1 Admins and authorised Employees can access Customer Content within their company workspace according to permissions. Invogen personnel may access workspace data only as needed for support, security, billing disputes, legal compliance, or Service operation, and subject to internal access controls.
8.2 Public or shared invoice links expose the document content you choose to share. You control what you share.
8.3 Invogen is not responsible for how your organisation uses exports, PDFs, emails, or shared links after data leaves the Service.
10. SECURITY
10.1 We use reasonable technical and organisational measures appropriate to a SaaS product of this type, which may include password hashing, authenticated API access, role-based permissions, HTTPS in production deployments, and restricted administrative access.
10.2 No method of transmission or storage is 100% secure. You are responsible for safeguarding account credentials, join codes, and devices.
10.3 Marketing statements such as “Encrypted” refer to industry-standard transport/security practices for the Service and/or payment-partner checkout security — not end-to-end encryption of all workspace data against every threat, and not a guarantee against unauthorised access.
11. DATA RETENTION
11.1 We retain account, subscription, and billing records for as long as your account is active and thereafter as needed for legitimate business purposes, tax/accounting records, dispute resolution, and legal compliance.
11.2 Workspace data is retained while your organisation’s account exists and the Service stores it. After cancellation or deletion requests, we may delete or anonymise data within a reasonable period, except where retention is required by law or for security/audit purposes.
11.3 Backups and logs may persist for a limited additional period before rotation.
12. YOUR RIGHTS AND CHOICES
Depending on applicable law (including India’s Digital Personal Data Protection framework as applicable), you may have rights to:
- Access personal data we hold about you as an account holder;
- Correct inaccurate account data;
- Request deletion of account personal data, subject to legal retention needs;
- Withdraw consent where processing is consent-based;
- Raise a grievance using the contact in Clause 1.
To exercise rights, email hello@invogen.app. We may need to verify your identity. If your request relates to data inside a Customer workspace (for example a person listed as a customer on an invoice), we may redirect you to the Admin organisation that controls that workspace.
You may update many profile and company fields directly in the product settings.
13. CHILDREN
The Service is intended for business use by adults. We do not knowingly collect personal data from children for the purpose of offering the Service to them. If you believe a child has provided personal data improperly, contact us and we will take appropriate steps.
14. INTERNATIONAL AND CROSS-BORDER PROCESSING
Invogen is operated with a primary focus on India (including INR billing and GST-oriented features). Your information may be processed on infrastructure located in India or in other countries where our service providers operate. Where cross-border transfer occurs, we take steps consistent with applicable law and our provider contracts.
15. THIRD-PARTY SITES AND SERVICES
The Service may link to third-party sites or open third-party checkout or OAuth screens (Razorpay, Google). Their privacy practices are governed by their own policies. This Privacy Policy does not cover those third parties.
16. MARKETING COMMUNICATIONS
16.1 We may send service/transactional emails that are necessary for the account (security, billing, subscription status). These are not marketing opt-out emails in the ordinary sense.
16.2 If we send optional product news or marketing emails, you may unsubscribe where an unsubscribe mechanism is provided.
16.3 Marketing website copy must remain consistent with this Policy: do not claim we “never store any data”, “fully anonymous usage”, or “bank-grade certified encryption” unless those claims are separately true and documented.
17. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. The version and effective date appear at the top. Material changes will be posted on the Service or marketing site (including /legal/privacy) and, where required, we may request renewed acceptance during registration or login.
Continued use after the effective date constitutes acknowledgement of the updated Policy, except where mandatory law requires otherwise.
18. GOVERNING LAW
This Privacy Policy is governed by the laws of India. For disputes relating to privacy and the Service, the dispute provisions in our Terms and Conditions apply (courts at Mumbai, Maharashtra subject to mandatory protections that cannot be waived).
19. CONTACT AND GRIEVANCE
If you have an unresolved privacy concern, contact us:
OFFICE NO.1 Marol Neartime Square, Andheri East, Mumbai, Maharashtra 400059.
We will aim to acknowledge and address grievances within a reasonable time.