← Back to Useminty

Privacy Policy

Last updated: April 2026 · Version 1.0

1. Who We Are

Useminty is an invoicing software service operated by AKVisuals (contact: hello@akvisuals.ro). We act as the data controller for account and usage data. For invoice and client data you enter on behalf of your business, you are the data controller and AKVisuals acts as your data processor — see our Terms & Conditions (§ Data Processing Agreement) for the full DPA.

2. Data We Collect

  • Account data: your name, email address, and profile image obtained via Google OAuth.
  • Company data: tax ID / fiscal code, company name, address, bank details (IBAN), and VAT registration status.
  • Client data: client names, tax IDs, addresses, phone numbers, and email addresses you enter.
  • Invoice data: invoice numbers, dates, line items, amounts, currencies, and exchange rates.
  • Usage data: locale preference stored in browser (localStorage + cookie).

3. Why We Collect It (Legal Basis)

  • Contract performance (Art. 6(1)(b) GDPR): to provide the invoicing service you signed up for.
  • Legal obligation (Art. 6(1)(c) GDPR): invoice and financial records must be retained for the period required by the accounting and tax laws applicable in your jurisdiction. Where no specific period is mandated, we apply a default retention period in line with standard accounting practice.
  • Legitimate interest (Art. 6(1)(f) GDPR): basic security logging and fraud prevention.

4. Data Retention

Your account data is retained for as long as your account is active. Invoice and financial records are retained for the period required by applicable accounting and tax law. When you delete your account, your personal identifiers (name, email) are anonymised within 30 days, but invoice records are preserved in anonymised form to meet the applicable legal retention obligation.

5. Sub-processors & Data Sharing

We do not sell your data. We share data only with the following sub-processors and third parties:

Sub-processorPurposeLocationTransfer mechanism
Vercel Inc.Application hosting & edge deliveryUSA / EU regionsEU SCCs (DPA available at vercel.com/legal/dpa)
Supabase Inc.PostgreSQL database storageEU (Frankfurt)GDPR-compliant DPA; data stored in EU region
Google LLC (OAuth)Authentication onlyUSAEU SCCs / Google DPF
Tax authority public APIsTax ID / VAT number validation (optional feature)EUPublic API — only tax ID transmitted, no personal data
Central bank exchange rate APIsExchange rate data (optional feature)EUPublic API — no personal data transmitted

We will notify you of any intended additions or replacements to sub-processors via an update to this Privacy Policy.

6. Your Rights Under GDPR

  • Access (Art. 15): request a copy of your data via Settings → Export My Data.
  • Rectification (Art. 16): correct your data directly within the app.
  • Erasure (Art. 17): delete your account via Settings → Delete Account. Note: invoice records are retained per legal obligation but will be anonymised.
  • Portability (Art. 20): export all your data as JSON via Settings → Export My Data.
  • Objection (Art. 21): contact us at hello@akvisuals.ro.

7. Cookies & Local Storage

We store a single locale cookie and localStorage entry to remember your language preference. No tracking or advertising cookies are used.

8. Security

Data is stored in encrypted PostgreSQL databases. Authentication is handled exclusively via Google OAuth — we never store passwords. API endpoints are rate-limited and require authentication.

9. International Transfers

Where personal data is transferred outside the European Economic Area (EEA), we rely on the transfer mechanisms listed in the sub-processor table above (Standard Contractual Clauses or equivalent). No transfers occur to countries without an adequacy decision or an appropriate safeguard.

10. Contact & Complaints

For privacy requests: hello@akvisuals.ro. You also have the right to lodge a complaint with the data protection authority in your country of residence.