PickInvoice
Try For Free

Privacy Policy

Last updated: 26 May 2026

1. Who we are

PickInvoice ("we", "us", "our") operates the PickInvoice platform available at pickinvoice.com. We are the data controller for the personal data collected through this service. If you have any questions about how we handle your data, contact us at hello@pickinvoice.com.

2. What data we collect

We collect only the data that is necessary to provide the service. This includes:

  • Account data - your full name and email address provided at registration. Your password is never stored in plain text.
  • Company data - company name, company registration code, tax identification number, and registered business address. This data is entered once during onboarding and used to populate invoices automatically.
  • Card identifier - the last 4 digits of your business payment card, used solely to match a transaction at a merchant terminal to your account. We do not store your full card number, expiry date, or any other card data.
  • Transaction and invoice data - merchant name, merchant location, transaction date, amount, fuel type where applicable, and the generated invoice PDF. This data is created each time you accept an invoice at a terminal.
  • Technical data - IP address, browser type, and device type, collected automatically when you use the service. We use this to maintain security and improve reliability.

We do not collect any special category data (such as health, political, or biometric data). We do not collect data from anyone under 18.

3. How we use your data

  • To provide the service - identify your account at the point of sale and generate a correct invoice with your company details.
  • To manage your account, subscription, and billing.
  • To store and make your invoices available to you at any time.
  • To send you transactional emails - account confirmation, important service notices, and billing notifications. We do not send marketing emails without your explicit consent.
  • To maintain the security and performance of the platform.
  • To comply with applicable accounting and tax record-keeping obligations.

4. Legal basis for processing

We process your personal data under the following legal grounds as defined by the General Data Protection Regulation (GDPR):

  • Contract - processing your account data, company data, and transaction data is necessary to deliver the service you signed up for.
  • Legal obligation - retaining invoice and accounting records as required by applicable law.
  • Legitimate interests - processing technical data to maintain platform security and prevent fraud, where this does not override your rights and freedoms.

5. Who we share data with

We do not sell your personal data to any third party. We share data only with the following service providers who process it on our behalf and under our instruction:

  • Supabase - database, authentication, and file storage. Data is hosted in the EU (Ireland).
  • Vercel - web application hosting and delivery.
  • Resend - transactional email delivery.
  • Payment processor - payment processing for Pro subscriptions. Only the data necessary to complete billing is shared.

All processors are bound by data processing agreements and may not use your data for any purpose other than providing the service to us.

We may also disclose data if required to do so by law or by a lawful request from a competent authority.

6. How long we keep your data

We retain your account data and invoice records for as long as your account is active. If you close your account, we retain invoice records for 10 years as required by applicable accounting law, after which they are permanently deleted. You may request deletion of your account at any time - see section 8. Note that legal retention obligations may prevent us from deleting certain records immediately.

7. Cookies and tracking

We use only strictly necessary cookies required for authentication and maintaining your session. We do not use advertising cookies, third-party tracking cookies, or analytics cookies that identify you personally. No cookie consent banner is shown because we do not place any non-essential cookies.

8. Your rights

Under GDPR you have the following rights regarding your personal data:

  • Access - you can request a copy of the personal data we hold about you.
  • Rectification - you can ask us to correct any inaccurate data.
  • Erasure - you can ask us to delete your personal data, subject to our legal retention obligations.
  • Restriction - you can ask us to restrict processing of your data in certain circumstances.
  • Portability - you can request your data in a structured, machine-readable format.
  • Objection - you can object to processing based on legitimate interests.

To exercise any of these rights, email us at hello@pickinvoice.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the State Data Protection Inspectorate of Lithuania at vdai.lrv.lt.

9. Data security

We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. These include encrypted connections (HTTPS), hashed password storage, row-level access controls on all database tables, and restricted access to production systems. No system is completely secure - if you believe your account has been compromised, contact us immediately.

10. Changes to this policy

We may update this policy when our practices change or when required by law. If the changes are significant, we will notify you by email before they take effect. The date at the top of this page always reflects when the policy was last updated.