Privacy Policy

Last updated: April 18, 2026

This Privacy Policy explains how Roques OÜ ("Invoo", "we") processes the personal data of Users who access the Website or use the Platform accessible through https://invoo.es. We are committed to complying with Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 (LOPDGDD) and applicable Spanish tax regulations where relevant.

Data Controller

The data controller for personal data is:

Roques OÜ

Ahtri tn 12

15551, Tallinn (Estonia)

Email: legal@invoo.es

Data We Process

The type of data processed depends on how the User uses the Platform:

Data provided during registration

This includes full name, email address, tax data required for invoicing (such as NIF/CIF or tax address), and in the case of paid plans, payment method data (which remains tokenized; Invoo only stores the last digits of the card).

Data generated through Platform use

During normal User activity, Invoo processes data that forms part of the contracted service, such as:

  • issued invoice data
  • client and supplier data entered by the User
  • invoicing records in accordance with RD 1007/2023
  • expenses, receipts and uploaded documents
  • information necessary for generating tax estimates
  • gestoría dashboard activity when the User shares access

This data belongs exclusively to the User, who acts as the Data Controller regarding the content of their own invoices, clients or expenses. Invoo only processes it for the proper provision of the contracted service.

Data derived from technical use

We process certain technical data necessary to ensure the security and operation of the service: IP address, access logs, device or browser identifiers, performance data and error logs.

Cookies and similar technologies

The Website uses technical cookies and, with consent, analytics cookies. Detailed information can be found in our Cookie Policy. These cookies concern only the Website (invoo.es) and are separate from the in-app product analytics performed through PostHog, described in the next section, which relies on a pseudonymous identifier rather than cookies and has its own consent mechanism under Settings → Account → Privacy.

Product analytics (PostHog)

When the User provides explicit consent via the toggle available in Settings → Account → Privacy, Invoo uses PostHog as a product analytics tool to understand usage patterns and feature adoption. Processing is strictly limited to the pseudonymous data listed below. No information is sent to PostHog unless and until consent is active.

Data linked to the User

  • Pseudonymous identifier: a UUID generated by our identity provider (Keycloak). Email address, name and NIF/CIF are never sent.
  • User role within the organization (USER, ACCOUNTANT or ADMIN).
  • Organization type (autónomo, empresa or gestoría).
  • Signup date bucketed by calendar quarter (not the exact date) and number of days since signup.
  • Whether the company has been configured (boolean flag).
  • Whether Verifactu is enabled (boolean flag).
  • Organization-level properties: org_type, entity type (INDIVIDUAL or COMPANY), tax region (PENINSULAR, CANARIAS, CEUTA or MELILLA) and Verifactu status.

Properties captured with each event

  • Invoice type (factura, simplificada or rectificativa).
  • Verifactu status of the document.
  • Amount bucketed into ranges (less than €100, €100–€1,000, €1,000–€10,000 or more than €10,000); exact amounts are never transmitted.
  • Number of line items on the document.
  • Whether the invoice has a linked client.
  • Delivery method.
  • Interface locale.
  • Action source (manual creation or inline creation from an invoice).
  • Internal category identifier of the document.

Data never sent to PostHog

  • User email address and name.
  • NIF, CIF or any other direct tax identifier.
  • Client, supplier or invoice-recipient names.
  • Exact invoice, expense or receipt amounts.
  • Postal addresses, phone numbers or IBAN.
  • Invoice text content, PDF files or uploaded documents.

This processing is based solely on the User's consent (Art. 6(1)(a) GDPR), which is specific, informed and fully revocable at any time from Settings → Account → Privacy. Withdrawing consent does not affect the provision of the rest of the Service nor the lawfulness of processing prior to withdrawal.

Pseudonymous identifier

To link analytics events to the User we use a UUID (the "sub" claim issued by Keycloak) instead of the User's email address or any other directly identifying data. In accordance with Art. 4(5) GDPR, this pseudonymization reduces risk, but the data is still considered personal data because Invoo could, through internal cross-references, re-identify the User. The UUID therefore receives the same safeguards as any other personal data processed and is not presented as anonymous data.

Purposes of Processing

Invoo processes User personal data to:

  • provide the Service, enabling invoice issuance, data synchronization, generation of Invoicing Records and access to the gestoría dashboard
  • manage the User's account, including operational communications, technical notifications and relevant service information
  • bill and process payments when the User subscribes to a paid plan
  • comply with legal obligations, especially those derived from tax regulations
  • improve the Service through statistical analysis of Platform usage, including in-app product analytics via PostHog and analytics cookies on the Website; both processing activities require the User's explicit consent and can be withdrawn at any time
  • send commercial communications, only when the User has given consent or when sending is covered by legitimate interest in B2B contexts

Legal Basis for Processing

Depending on each purpose, data processing is based on:

  • Performance of contract, when we process data necessary to provide the Service
  • Legal obligation, when tax regulations require storing and processing certain data
  • Legitimate interest, to improve Platform performance and security or for commercial communications in B2B relationships
  • Consent, when we use analytics cookies or send non-essential communications
  • Specific and revocable consent (Art. 6(1)(a) GDPR) for product analytics performed through PostHog, which the User can enable or withdraw at any time from Settings → Account → Privacy

Disclosure of Data to Third Parties

Invoo does not sell personal data or share it with third parties for commercial purposes unrelated to the Service. Data will only be disclosed:

  • To the external tax connectivity provider (currently Verifacti – Bilbabit, S.L.) when necessary for submitting Invoicing Records to the Tax Administration
  • To technology providers that provide hosting, infrastructure, transactional email or technical support services
  • To financial institutions or payment gateways to execute billing
  • To gestorías or collaborators when the User decides to grant them access
  • To PostHog Inc. (a company incorporated in the United States) acting as a data processor for the product analytics described in the "Product analytics (PostHog)" section, solely after the User's explicit consent. The infrastructure used is PostHog Cloud EU (Frankfurt, Germany, AWS eu-central-1). A Data Processing Agreement (DPA) is in place between Invoo and PostHog; its privacy policy is available at https://posthog.com/privacy.
  • To public authorities when there is a legal obligation

All providers with data access act as data processors in accordance with Article 28 GDPR.

International Transfers

The Service's servers are located within the European Economic Area. Data processed for product analytics is hosted in PostHog Cloud EU (Frankfurt, Germany, AWS eu-central-1) and remains at all times within the EEA, with no transfer to third countries in the ordinary course of providing the Service. Although PostHog Inc. is a company incorporated in the United States, any residual cross-border access by its authorized personnel is covered solely by the standard contractual clauses (SCCs) incorporated into the Data Processing Agreement (DPA) signed with PostHog; PostHog is not certified under the Data Privacy Framework. Invoo may work with other providers located outside the EEA only when they are subject to adequate safeguards, such as standard contractual clauses or, for U.S. providers with active certification, the Data Privacy Framework.

Data Retention

Data will be retained while the account is active. After requesting cancellation, data will remain accessible during the period indicated in the Terms and Conditions and will subsequently be deleted or blocked unless a legal obligation requires longer retention (for example, Spanish tax regulations).

Data processed by PostHog for product analytics purposes is retained for a maximum of twenty-four (24) months counted from the collection of each event, after which it is deleted. If the User withdraws consent or requests account deletion before that period ends, Invoo will instruct PostHog to delete the data associated with their pseudonymous identifier via the provider's deletion API.

Data from analytics cookies will be retained for the period indicated in the Cookie Policy.

User Rights

The User may exercise the following rights:

  • access to their personal data
  • rectification of inaccurate data
  • erasure where appropriate
  • restriction of processing
  • objection to processing based on legitimate interest
  • portability of their data
  • withdrawal of consent at any time

These rights may be exercised by sending an email to legal@invoo.es, verifying your identity. You may also file a complaint with the competent supervisory authority, including the Spanish Data Protection Agency (AEPD). In particular, the User may exercise the right to erasure over product analytics data by withdrawing consent from Settings → Account → Privacy or by requesting account deletion: in both cases, Invoo will instruct PostHog to delete the data associated with the User's pseudonymous identifier via the provider's deletion API.

Data Security

Invoo applies technical and organizational measures designed to protect personal data against unauthorized access, alteration or loss. Although no system is completely invulnerable, we adopt security standards appropriate to the nature of the data processed.

Third-Party Data Entered by the User

The User is responsible for ensuring they have legitimacy to enter third-party personal data into the Platform, such as clients, suppliers or invoice recipients. Invoo acts solely as a data processor regarding such data, processing it under User instructions and exclusively to provide the contracted service.

Policy Updates

Invoo may modify this Privacy Policy when necessary to adapt it to regulatory, technical or operational changes. The current version will always be the one published at https://invoo.es.