Privacy Policy

Last updated: December 1, 2025Version 2.0

Introduction

Fakturos ("we", "our", "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information in compliance with the General Data Protection Regulation (GDPR) and Danish Data Protection Act.

Data Controller

Company: Fakturos I/S

CVR: 45962245

Address: Myrdalstræde 257, 1, 9220 Aalborg Øst, Denmark

Email: info@fakturos.dk

Phone: +45 25721376

Data We Collect

We collect and process the following categories of personal data:

  • Account Data: Email address, password (hashed), name
  • Company Data: Company name, CVR, VAT number, address, phone
  • Customer Data: Customer names, addresses, email addresses
  • Invoice Data: Invoice details, line items, amounts, PDFs
  • Payment Data: Stripe customer ID, payment history
  • Technical Data: IP addresses, browser information, session tokens

Legal Basis for Processing

We process your data based on:

  • Contract Performance (GDPR Art. 6(1)(b)): To provide you with our invoicing service
  • Legal Obligation (GDPR Art. 6(1)(c)): To comply with Danish bookkeeping laws (Bogføringsloven)
  • Legitimate Interest (GDPR Art. 6(1)(f)): To ensure security and prevent fraud

Data Sharing & Third Parties

We use the following trusted third-party processors:

  • Supabase: Database and storage (EU data centers)
  • Stripe: Payment processing (PCI DSS compliant)
  • Resend: Email delivery
  • Vercel: Hosting (EU Frankfurt region)
  • Google (Gemini API): AI-assisted client data extraction (optional)

AI-Assisted Data Extraction

This feature is optional and requires your explicit consent each time.

We offer an optional feature that uses Google Gemini AI to help you extract client information from uploaded documents (invoices, business cards, receipts).

For EEA users (including Denmark), Google does not use this data for model training. Rate limit: 5 extractions per day per account.

Data Retention

  • Invoices: 5 years from the end of the financial year (required by Danish Bookkeeping Act)
  • User account data: Until you delete your account
  • Payment records: 5 years (bookkeeping requirement)
  • Technical logs: 90 days

Your Rights

Under GDPR, you have the following rights. Click any card below to exercise your right:

Data Security

We implement appropriate technical and organizational measures:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest (database encryption)
  • Row-level security (RLS) in database
  • Regular backups
  • Access controls and authentication

International Transfers

All our data processors use EU data centers. If data is transferred outside the EU, we ensure adequate protection through Standard Contractual Clauses (SCCs) approved by the European Commission.

Cookies

We use essential cookies for authentication and session management. These do not require consent under GDPR.

We also use Google Analytics to understand how our service is used. You can opt out via our cookie consent banner.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last Updated" date at the top of this page.

Contact Us

Data Controller:
Fakturos I/S
Email: info@fakturos.dk

Supervisory Authority:
Danish Data Protection Authority (Datatilsynet)
Website: datatilsynet.dk
Email: dt@datatilsynet.dk