1. Overview
Crystal Invoice AI ("we", "us", "our") is committed to protecting your privacy. This Policy explains what data we collect, why we collect it, and how it is used when you use our Service at crystalinvoiceai.com.
2. Data We Collect
- Account data: Email address and hashed password when you register
- Invoice data: Client names, addresses, emails, line items, amounts you create within the app
- Profile data: Optional profile avatar you upload
- Billing data: Stripe customer and subscription IDs (we never store card numbers)
- Usage data: Invoice counts for plan enforcement
3. How We Use Your Data
- To provide, maintain, and improve the Service
- To authenticate your account and protect it from unauthorised access
- To process subscription payments via Stripe
- To deliver invoice emails to your clients via Resend
- To enforce plan limits (free vs Pro)
4. Third-Party Services
We share data with the following trusted third parties solely to operate the Service:
- Stripe — payment processing (PCI-compliant; we never see card details)
- Resend — transactional email delivery
- Anthropic — AI invoice generation (your description is sent to Claude; no data is stored by Anthropic for training without consent)
- Neon / PostgreSQL — database hosting
- Vercel / Railway — application hosting
We do not sell, rent, or trade your personal data with any third party for marketing purposes.
5. Data Retention
We retain your account data and invoice data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, subject to any legal obligations to retain records.
6. Security
All data is transmitted over HTTPS. Passwords are hashed using bcrypt and never stored in plain text. Access to your invoice data is session-authenticated — no other user can access your data.
7. Cookies
We use a minimal session cookie (set by NextAuth) to keep you signed in. We do not use tracking, advertising, or analytics cookies.
8. Your Rights
Depending on your location, you may have rights to access, correct, or delete your personal data. To exercise any of these rights, contact us at
support@crystalinvoiceai.com.
9. Children
The Service is not directed at children under 16. We do not knowingly collect personal data from children.
10. Changes to this Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or an in-app notice. Continued use of the Service after changes are posted constitutes acceptance.