Privacy Policy
Last updated: June 1, 2026
1. Overview
InvoiceOps ("we", "our", "us") is a Chrome extension and web application that automates invoicing workflows for Amazon Vendor Central sellers. This Privacy Policy explains how we handle your information.
Core principle: The InvoiceOps extension operates entirely within your browser. Your invoice data, SMTP credentials, GSTIN, and billing details are stored encrypted on your device only — never transmitted to our servers.
2. Information We Collect
2.1 Account information:
- Name and email address
- Password (stored as a secure hash — we never see your plaintext password)
2.2 Extension data (stored locally, never sent to us):
- Amazon Vendor Central session tokens (in-browser only, not persisted)
- GSTIN, billing addresses, SMTP credentials (AES-256 encrypted in your browser's IndexedDB)
- Invoice data fetched from Amazon (cached locally for performance)
- Gmail App Password (encrypted at rest, never leaves your device)
2.3 Subscription & billing:
If you upgrade to Pro, payment is processed by Dodo Payments. We receive a customer ID and subscription status. We never see or store your card number, CVV, or billing address.
2.4 Usage data:
We may collect anonymised, aggregated usage statistics to improve the product. No personally identifiable information is included.
3. How We Use Your Information
- To create and manage your account
- To process subscription payments via Dodo Payments
- To send transactional emails (account creation, password reset, receipts)
- To provide customer support
- To improve our product based on anonymised usage patterns
We do not sell, rent, or share your personal information with third parties for marketing purposes.
4. Data Security
- All sensitive extension data is AES-256 encrypted in your browser's IndexedDB
- Passwords are stored as bcrypt hashes
- All connections to our servers use HTTPS/TLS
- Payment data is handled entirely by Dodo Payments — we are PCI-DSS out-of-scope
- We do not log API requests containing sensitive credentials
5. Data Retention
We retain your account information for as long as your account is active. If you delete your account, we permanently delete your data within 30 days.
Extension data stored locally is entirely under your control and can be cleared at any time from the extension settings.
6. Third-Party Services
- Dodo Payments — subscription billing (subject to Dodo's Privacy Policy)
- Google OAuth — optional sign-in method (subject to Google's Privacy Policy)
7. Your Rights
You have the right to access, correct, delete, export your data, or withdraw consent for non-essential data processing. Email privacy@InvoiceOps.com to exercise any right.
8. Cookies
Our website uses minimal cookies necessary for authentication (session token only). No advertising or tracking cookies. You can disable cookies in your browser, though this prevents staying signed in.
9. Children's Privacy
InvoiceOps is not intended for individuals under 18. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Policy from time to time. Material changes will be communicated by email and by updating the date above.
11. Contact
Questions? Email privacy@InvoiceOps.com or write to: InvoiceOps, India.