FacturaOS Privacy Policy
This policy explains how FacturaOS handles personal data and workspace records when operating the product, support, billing, security, analytics, and communications.
1. Scope and roles
This Privacy Policy applies to FacturaOS websites, applications, mobile apps, account access, billing flows, support interactions, and related services. When we process workspace records for a customer, we generally act as a service provider or processor. When we manage account, billing, security, support, marketing, and product operations, we act for our own business purposes.
If you are an end customer of a business using FacturaOS, contact that business first for requests about invoices, payments, client records, or services they provide.
2. Information we collect
We collect information you provide, information generated by product use, information from connected providers, and technical information needed to run the service.
- Account identity: name, email, profile image, language, sign-in provider, and authentication metadata.
- Workspace records: business settings, clients, invoices, estimates, catalog items, templates, inventory, suppliers, routes, reports, support tickets, invites, roles, files, logos, photos, PDFs, and payment status.
- Billing and payment metadata: plan, subscription, invoice, customer, connected account, checkout, seat, charge, refund, dispute, and payment-provider identifiers. Full card details are handled by payment processors, not stored directly by FacturaOS.
- Technical data: IP address, device, browser, app version, operating system, logs, diagnostics, usage events, crash data, security events, and approximate location derived from device or network information.
- Communications: support messages, email delivery events, feedback, survey responses, and records needed to respond to requests.
3. How we use information
We use information to authenticate users, provide workspaces, save records, generate documents, process billing, support online checkout, send transactional messages, protect accounts, debug issues, improve reliability, enforce plan limits, comply with law, and communicate about the service.
We may create aggregated or deidentified information for analytics, planning, quality, security, and product improvement.
4. Providers and sharing
FacturaOS uses trusted service providers to operate the product, keep accounts secure, host workspace records, deliver support, send transactional messages, monitor reliability, and process billing. We do not list every provider here because vendors can change as the service evolves.
Stripe processes subscription billing, online checkout, payment links, connected-account onboarding, and payment status for supported payment features. Stripe processing fees apply to those payment services. As of July 2026, Stripe lists standard U.S. online card processing at 2.9% + 30垄 per successful card charge; other Stripe fees may apply depending on payment method, country, currency conversion, disputes, refunds, payouts, or additional Stripe services.
We do not sell workspace business records for money. We may share information with providers, affiliates, professional advisors, authorities, transaction parties, or others where needed to operate the product, protect rights, comply with law, or complete a business transaction.
5. Cookies, analytics, and communications
We use cookies, local storage, SDKs, logs, and analytics tools to operate the website and apps, remember preferences, measure usage, detect abuse, secure the service, and improve the product. See the Cookie Statement for more detail.
Optional product analytics are configured to avoid customer names, invoice numbers, invoice contents, addresses, phone numbers, emails, search text, and document content. Signed-in users can turn off optional product analytics in Account settings in the SaaS and mobile app. Essential security, billing, support, fraud-prevention, and operational logs may still be collected.
Transactional messages, such as account access, billing, invoice-related emails, security notices, support replies, and product-critical updates, may be sent even if marketing messages are disabled.
6. Security
We use administrative, technical, and organizational safeguards designed to protect information, including access controls, private storage authorization, encryption in transit where appropriate, least-privilege practices, logging, backups, vendor review, and incident response.
No website, application, payment provider, network, or storage system is perfectly secure. Users are responsible for protecting credentials, using trusted devices, and limiting access to their workspaces.
7. Retention, deletion, and backups
We retain information as long as reasonably necessary to provide the service, maintain business records, comply with legal and tax obligations, resolve disputes, enforce agreements, preserve security, prevent fraud, maintain backups, and protect rights.
Account deletion can remove owned workspace data from active systems, but some records may remain in backups, logs, payment-provider systems, tax/accounting records, legal holds, fraud-prevention records, or other retained records where allowed or required.
8. Privacy rights
Depending on where you live and how we process your data, you may have rights to access, correct, delete, port, restrict, object to, or opt out of certain uses of personal data. We may need to verify identity and authority before responding.
We may decline or limit requests where allowed by law, including where information must be retained for security, legal, contractual, accounting, tax, fraud-prevention, dispute, operational, or payment-provider reasons.
9. International processing, children, and changes
We may process information in the United States, Puerto Rico, Latin America, and other locations where we or our providers operate. The service is not directed to children, and we do not knowingly collect children's personal data.
We may update this policy over time. The Last Updated date shows when it was revised. Continued use after an update means the updated policy applies to later processing, subject to applicable law.