Install for free

Privacy Policy

Last updated: 2026-04-28

Quick summary

Invoice Inn is a Shopify app that automatically generates branded PDF invoices for your store's orders. To do that, we process information about your Shopify store and the orders placed in it — and we act as a data processor on the merchant's behalf for end-customer data attached to those orders. We don't sell your data, we don't process payment card numbers, and we only use what we collect to deliver the service, support you, and improve the app. You can request access to, correction of, or deletion of your data at any time by emailing support@invoiceinn.com.

Please also read our Terms of Service.

1. Who we are

This privacy policy applies to the Invoice Inn Shopify app (the "App"), operated by MKIT Projektai, MB ("we", "us", "our"), registered in Lithuania at Vaižganto g. 11D-10, LT-44225 Kaunas, Lithuania. For any privacy-related questions, contact us at support@invoiceinn.com.

2. What this policy covers

This policy describes how we collect, use, share, and protect information when:

  • A Shopify merchant installs and uses the Invoice Inn app on their store.
  • End customers' order data flows through the app so invoices can be generated.
  • You visit our marketing website at invoiceinn.com.

It does not cover Shopify's own data practices — for those, see the Shopify Privacy Policy.

3. Information we collect

3.1 Information from merchants

When you install Invoice Inn on your Shopify store, we receive and store:

  • Your store URL, store name, and Shopify-assigned store ID
  • The email address and name associated with your Shopify account
  • Billing country and currency
  • OAuth access tokens that let the App read the Shopify data you authorize
  • Any configuration you enter in the App (logo, branding, invoice templates, tax settings, email preferences, etc.)

3.2 Customer information processed via Shopify orders

To generate invoices, the App processes data attached to orders placed in your store. This may include:

  • Customer first and last name
  • Billing and shipping addresses
  • Email address
  • Phone number (where provided)
  • Order line items, quantities, prices, discounts, and taxes
  • Order date, order number, and fulfillment status
  • Tax identification numbers (e.g. VAT IDs) if supplied

We do not collect, store, or have access to payment card numbers or bank details. Payment processing remains entirely within Shopify.

3.3 Information collected automatically

When you use the App or visit our website, we (or our service providers) may automatically collect:

  • Device and browser information (type, version, operating system)
  • Log data (timestamps, pages visited, actions taken within the App)
  • Cookie and similar technology identifiers (see section 13)

4. How we use your information

We use the information described above to:

  • Generate, store, and deliver invoices based on your Shopify orders
  • Provide, maintain, and improve the App's features
  • Authenticate your account and secure the service
  • Respond to support requests and communicate with you about the App
  • Send service-related notifications (outages, policy changes, billing)
  • Send product updates and marketing — only where permitted and with an unsubscribe option
  • Monitor usage, diagnose issues, and prevent fraud or abuse
  • Comply with legal obligations (tax, accounting, responding to lawful requests)

We do not sell your personal information, and we do not use customer data from merchant stores to build advertising profiles or train machine learning models.

5. Legal bases for processing (EU / UK GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, we process personal data under one of the following legal bases:

  • Contract — to deliver the App to merchants who have installed it
  • Legitimate interests — to secure the service, prevent abuse, improve the product, and communicate with merchants about their use of the App
  • Consent — for optional marketing communications and non-essential cookies
  • Legal obligation — to comply with tax, accounting, and regulatory requirements

Merchants using the App act as the data controller for their customers' personal data; we act as a data processor on the merchant's behalf, consistent with our Data Processing Addendum (available on request).

6. Who we share information with

We share information only with parties that help us run the service, and only as needed. Our current subprocessors are:

  • Laravel Cloud — application hosting and database storage, located in the European Union
  • Mailgun (Sinch Email EU) — transactional email delivery for invoices and notifications, processed in the European Union
  • Shopify Inc. — billing for App subscriptions is processed via Shopify's Billing API; we do not see or store your payment card data
  • Crisp IM SAS (France) — in-app live chat and support conversations

Each subprocessor is bound by contractual terms requiring adequate security and data protection.

We may also disclose information when required by law, to enforce our terms, to protect rights and safety, or in connection with a business transfer (merger, acquisition, sale of assets) — in which case we will notify affected merchants.

7. International data transfers

We and our subprocessors may process data in countries outside your country of residence, including the United States and other jurisdictions outside the EEA, UK, and Switzerland. When we transfer personal data internationally, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Agreement, or equivalent mechanisms.

8. Data retention

We retain:

  • Merchant account data — for as long as the App is installed, plus up to 30 days after uninstall (to allow reinstall without data loss), after which it is deleted
  • Support correspondence — for up to 3 years
  • Analytics and log data — for up to 12 months in identifiable form

Specific retention periods may be longer where required by law (e.g. tax record-keeping obligations).

9. How we protect your data

We apply administrative, technical, and physical safeguards appropriate to the sensitivity of the data, including:

  • Encryption in transit (TLS 1.2 or higher)
  • Encryption at rest for databases and backups
  • Role-based access controls and audit logging
  • Regular security reviews, dependency updates, and penetration testing
  • Principle of least privilege for staff access to production systems

No system is perfectly secure. If we become aware of a personal data breach affecting you, we will notify you and the relevant supervisory authority as required by law.

10. Your rights

Depending on your location, you may have some or all of the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate or incomplete data
  • Erasure — ask us to delete your data ("right to be forgotten")
  • Restriction — ask us to limit how we process your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests or direct marketing
  • Withdraw consent — where processing relies on consent
  • Lodge a complaint — with your local data protection authority

California residents have additional rights under the CCPA/CPRA, including the right to know what categories of personal information we collect, the right to delete, and the right to opt out of the "sale" or "sharing" of personal information. We do not sell personal information.

To exercise any of these rights, email support@invoiceinn.com. We will respond within the timeframes required by applicable law. If you're an end customer of a merchant that uses Invoice Inn, please direct your request to the merchant first — they are the data controller.

11. Shopify GDPR webhooks

As required by Shopify, the App implements the following mandatory compliance webhooks:

  • customers/data_request — when a merchant's customer requests their data, we provide the relevant information we hold to the merchant within 30 days.
  • customers/redact — 48 hours after a customer deletion request, we erase that customer's personal data from our systems unless retention is required by law.
  • shop/redact — 48 hours after a store has been closed for 48 hours (i.e. 96 hours total after closure), we erase all remaining store data from our systems.

12. Children's privacy

The App is intended for use by businesses and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

13. Cookies and tracking

On our marketing website we use only the minimum cookies and local storage required for the site to function (e.g. remembering basic preferences). We do not run analytics or advertising trackers on the marketing site.

Inside the App we use only the minimum cookies and local storage required to authenticate your session and remember configuration. You can control cookies through your browser settings; disabling some cookies may affect site functionality.

14. Changes to this policy

We may update this policy from time to time. When we do, we will change the "Last updated" date at the top and, for material changes, notify merchants via email or an in-app message at least 14 days before the changes take effect. Continued use of the App after the effective date constitutes acceptance of the revised policy.

15. Contact us

MKIT Projektai, MB — Vaižganto g. 11D-10, LT-44225 Kaunas, Lithuania. Email: support@invoiceinn.com.

This privacy policy was last reviewed on 2026-04-28. A plain-language summary is provided for convenience; in case of conflict, the full text governs.

Every order. Every invoice. Automatic.

Shopify Invoicing made simple

Install Now