Legal
Last updated: May 14, 2026
Invori LLC operates the Invori invoice processing service at invori.ai ("the Service"). This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service. By using Invori, you agree to the collection and use of information in accordance with this policy.
We collect several types of information to provide and improve our Service. Account Information: When you create an account, we collect your name, email address, and business name. Invoice Data: We collect and process invoice documents you upload, including product names, SKUs, quantities, costs, vendor information, invoice numbers, and dates. Usage Data: We automatically collect information about how you interact with the Service, including pages visited, features used, actions taken, browser type, IP address, device information, and timestamps. Payment Information: Payment details are processed and stored by our payment processor, Stripe. We do not directly store your credit card information. Integration Data: When you connect third-party services like Lightspeed, we store OAuth access tokens and account identifiers necessary to provide integration functionality.
We use your information for the following purposes: To provide and maintain the Service, including processing your invoices and extracting data using artificial intelligence. To push data to your connected point-of-sale system when you authorize it. To send transactional emails about your account, including confirmations, invoices, and important service updates. To provide customer support and respond to your inquiries. To analyze usage patterns and improve the Service, including identifying bugs and improving AI extraction accuracy. To detect, prevent, and address fraud, security issues, or technical problems. To comply with legal obligations and enforce our Terms of Service. We do not use your invoice data to train AI models. We do not sell, rent, or share your data with third parties for their marketing purposes.
Your data is stored on secure cloud infrastructure provided by Supabase, hosted on Amazon Web Services in the United States. All invoice files are encrypted at rest using industry-standard encryption. All data transmitted between your browser and our servers is encrypted in transit using TLS/SSL. Authentication tokens for third-party services are encrypted before storage. We implement access controls that restrict data access to authorized users within your organization. We maintain regular backups of your data to prevent loss. While we implement reasonable security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
We retain your data for as long as your account is active and for legitimate business purposes. Invoice data and related information are retained while your account is active. Upon account cancellation, we retain your data for up to 30 days to allow for potential account restoration. After 30 days, or upon your request, we permanently delete all data associated with your account. Backup copies may persist for up to 90 days before being overwritten. We may retain certain information as required by law, to resolve disputes, enforce our agreements, or for other legitimate business purposes.
Invori integrates with the following third-party services to operate: Anthropic (Claude AI) for invoice data extraction. We send invoice images and text to Anthropic's API for processing. Anthropic does not retain or train on your data. Supabase for database and file storage, hosted on Amazon Web Services. Vercel for application hosting and content delivery. Clerk for user authentication and account management. Stripe for payment processing. Stripe handles all payment information and we do not store your credit card details. Each of these services has their own privacy policy governing their use of data. We share only the minimum data necessary with each service to provide the functionality you use. We do not sell or share your data with any third parties for advertising or marketing purposes.
Invoice data you upload — including product names, SKUs, costs, vendor names, quantities, and any other information contained in your invoice documents — is stored in our database for the purpose of providing the Service. This data is associated with your organization account and is accessible only to users you have authorized within your organization. We process this data using artificial intelligence to extract structured information. The AI processing is performed by Anthropic's Claude API, which does not retain or train on your data. We do not share, sell, or use this data for any purpose other than providing the Service to you and your authorized users. You retain all ownership rights to your invoice data.
When you connect your Lightspeed Retail (R-Series) account or other third-party services, we store an OAuth access token that allows us to perform actions on your behalf. For Lightspeed specifically, we store the access token, refresh token, and account identifier. We use this token only when you explicitly initiate a data push from Invori to Lightspeed. We never store your Lightspeed password or credentials. You can disconnect any integration at any time from the Integrations page. Disconnecting revokes our access immediately. We do not access or retrieve any data from your Lightspeed account except as necessary to push approved invoice data when you initiate it.
We use cookies and similar technologies to maintain your session, remember your preferences and settings, track whether you have seen the onboarding modal, and understand how you use the Service. We use the following types of cookies: Essential cookies required for the Service to function, including authentication and session management. Functional cookies that remember your preferences and settings. We do not use cookies for advertising, cross-site tracking, or third-party marketing purposes. Most web browsers allow you to control cookies through their settings. Disabling cookies may limit your ability to use certain features of the Service.
You have the following rights regarding your personal information: Access: You may request a copy of the personal information we hold about you. Correction: You may request correction of inaccurate or incomplete information. Deletion: You may request deletion of your personal information, subject to legal retention requirements. Export: You may request an export of your data in a commonly used, machine-readable format. Opt-out: You may opt out of non-essential communications, though you will still receive transactional emails. To exercise any of these rights, contact us at invorisupport@gmail.com. We will respond to your request within 30 days. We may need to verify your identity before processing certain requests.
We implement industry-standard security measures to protect your information, including: Encryption at rest for all stored data. Encryption in transit using TLS/SSL for all data transmission. Secure authentication through Clerk with multi-factor authentication support. Access controls that limit data access to authorized users only. Regular security audits and vulnerability assessments. Secure OAuth flows for third-party integrations. Employee access to data is limited to those who require it to perform their job functions. If we become aware of a data breach that affects your personal information, we will notify you within 72 hours via email and provide details about the breach, the data affected, and the steps we are taking to remediate the situation.
Invori is a business tool intended for adults operating retail businesses. We do not knowingly collect information from anyone under 18 years of age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at invorisupport@gmail.com and we will delete such information from our systems.
Invori is based in the United States, and your information is stored on servers located in the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated. By using the Service, you consent to the transfer of your information to the United States. The United States may not have data protection laws that are as comprehensive as those in your jurisdiction.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA): Right to Know: You have the right to request what personal information we collect, use, disclose, and sell (note: we do not sell personal information). Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions. Right to Opt-Out: You have the right to opt out of the sale of personal information. We do not sell your personal information to third parties. Right to Non-Discrimination: You have the right to not receive discriminatory treatment for exercising your CCPA rights. Categories of Information We Collect: Identifiers (name, email), commercial information (purchase history), internet activity (usage data), and professional information (business name). How We Use Information: To provide the Service, process transactions, improve our Service, and comply with legal obligations. Third Parties We Share With: Service providers (Anthropic, Supabase, Vercel, Clerk, Stripe) for business operations only. To exercise your CCPA rights, email invorisupport@gmail.com with "California Privacy Request" in the subject line. We will respond within 45 days.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR): Right to Access: You can request access to your personal data. Right to Rectification: You can request correction of inaccurate personal data. Right to Erasure: You can request deletion of your personal data in certain circumstances. Right to Restrict Processing: You can request restriction of processing in certain circumstances. Right to Data Portability: You can request a copy of your data in a structured, commonly used format. Right to Object: You can object to processing based on legitimate interests. Right to Withdraw Consent: You can withdraw consent at any time where processing is based on consent. Right to Lodge a Complaint: You can lodge a complaint with your local data protection authority. Legal Basis for Processing: We process your data based on: (1) performance of our contract with you to provide the Service, (2) compliance with legal obligations, (3) your explicit consent where required, and (4) our legitimate business interests in operating and improving the Service. Data Protection Officer: For GDPR-related inquiries, contact invorisupport@gmail.com. To exercise your GDPR rights, contact invorisupport@gmail.com. We will respond within 30 days.
Invori does not sell, rent, or share your personal information with third parties for their direct marketing purposes. We only share data with service providers as necessary to operate the Service, as described in this Privacy Policy. If you are a California resident and would like to confirm that we do not sell your information, you may contact us at invorisupport@gmail.com.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will notify you via email at least 30 days before the changes take effect. We will also update the "Last updated" date at the top of this policy. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.
For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: Invori LLC, Email: invorisupport@gmail.com, Website: invori.ai. For privacy-specific inquiries: invorisupport@gmail.com. For data subject requests (access, deletion, correction): invorisupport@gmail.com. For California residents (CCPA requests): invorisupport@gmail.com with "California Privacy Request" in subject. For European residents (GDPR requests): invorisupport@gmail.com with "GDPR Request" in subject.