Product For Platforms Features Compliance Build vs Buy Countries
Solutions SaaS Platforms E-Commerce Marketplaces Fintechs Accountants
Developers Pricing Docs
Sign in Talk to us Start free sandbox
Legal

Privacy Policy

Last updated: February 2026

Space Invoices is invoicing software for businesses. Space Invoices Inc. (United States) and Studio 404 d.o.o. (Slovenia) co-own the intellectual property in the product. Studio 404 runs day-to-day development, hosting, and operations in the EU and processes personal data on Space Invoices Inc.’s instructions, as described below. Your account-related personal data is controlled by Space Invoices Inc.

We are GDPR-compliant where the GDPR applies. Personal data for users in the EU and EEA is stored and processed in the European Union, as described in Section 6.

1. Data Controller

The data controller for personal data processed in connection with your Space Invoices account and our website is:

Space Invoices Inc.
A Delaware corporation, United States

Studio 404 d.o.o. (Slovenia, EU) co-owns the platform intellectual property with Space Invoices Inc. and runs the service—development, hosting, engineering, support, and related processing—on our behalf as a data processor under a written agreement.

We process personal data in line with the General Data Protection Regulation (GDPR) and applicable EU/EEA law where they apply. For privacy requests, contact us at the address in Section 14; EU-related inquiries are handled through the same channel.

2. Information We Collect

We collect information that you provide directly and information generated through your use of our services:

Account information:

  • Name, email address, and company details
  • Billing address and VAT/tax identification numbers
  • Payment information (processed by Stripe; we do not store card details)

Platform data:

  • Invoice, estimate, and credit note data you create through our platform
  • Customer records you add to your entities
  • API usage logs and request metadata

Your customers on invoices: When you issue invoices, you may enter names, addresses, tax IDs, and similar details about buyers or counterparties. That information is your business data; you are typically the controller for your customers’ personal data, and we process it only to run the invoicing service for you. See Section 7.

Automatically collected:

  • IP address, browser type, and device information
  • Usage analytics (pages visited, feature usage)
  • Cookies and similar tracking technologies (see Section 8)

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

  • Contract performance — to provide our invoicing services, process your transactions, and maintain your account
  • Legal obligation — to comply with tax, accounting, and regulatory requirements (including fiscalization mandates)
  • Legitimate interest — to improve our services, prevent fraud, and ensure platform security
  • Consent — for marketing communications and optional analytics (you may withdraw consent at any time)

4. How We Use Your Information

  • Provide, maintain, and improve our invoicing platform and API
  • Process transactions, generate invoices, and submit fiscalization data to tax authorities where required
  • Send transactional communications (account confirmations, billing notices, security alerts)
  • Respond to support requests and provide technical assistance
  • Monitor and analyze usage to improve performance and reliability
  • Comply with legal and regulatory obligations
  • Send product updates and marketing communications (with your consent)

5. Data Sharing and Third Parties

We share personal data only as necessary to operate our services:

  • Studio 404 d.o.o. (Slovenia) — co-owner of platform IP; runs development and operations under a data processing agreement
  • Stripe — payment processing
  • Cloud infrastructure providers — hosting and data storage within the EU
  • Tax authorities — where required by law for fiscalization and e-invoicing compliance
  • Analytics providers — anonymized usage data for service improvement

We do not sell your personal data to third parties.

6. EU data location and international transfers

Personal data relating to users in the EU and EEA is stored and processed in the European Union—including production hosting, application processing, and day-to-day operations carried out by our Slovenian team and EU-based sub-processors (see Section 5).

Because Space Invoices Inc. is established in the United States, a limited set of activities (for example certain support tickets, billing administration, or security reviews) may involve access to personal data from the US. When personal data is transferred from the EEA to the United States, we rely on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs) approved by the European Commission, together with supplementary measures where appropriate, so that your information remains protected to EU standards.

7. Data Processing Role

When you use Space Invoices to create and manage invoices for your own customers, we generally act as a processor for the personal data you enter about those customers (buyer names, addresses, tax identifiers, etc.). You remain the controller for that business and invoicing data, including choosing lawful bases and honouring your customers’ rights toward you.

For your Space Invoices account (login, billing, support), Space Invoices Inc. is the controller as described in Sections 1–5. For a formal Data Processing Agreement (DPA) covering processor processing, contact privacy@spaceinvoices.com.

8. Cookies and Tracking

We use the following types of cookies:

  • Essential cookies — required for authentication and platform functionality
  • Analytics cookies — to understand how our services are used (can be opted out)

We do not use advertising or third-party tracking cookies.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS) and at rest, access controls, regular security audits, and multi-tenant data isolation ensuring strict separation between entities.

10. Data Retention

We retain your account and platform data for as long as your account is active or as needed to provide the service. Invoices and related financial records often must be kept for years under tax and bookkeeping rules (length depends on your country); we retain those as long as your account exists and as required by law after closure. After deletion, we remove personal data within 30 days unless a longer period is required for legal or tax obligations.

11. Your Rights

Under the GDPR and applicable privacy laws, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restrict processing — limit how we use your data
  • Data portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, withdraw at any time

To exercise any of these rights, contact us at privacy@spaceinvoices.com. We will respond within 30 days.

12. Supervisory Authority

If you are located in the EU and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local supervisory authority. For Slovenia, this is the Information Commissioner (Informacijski pooblaščenec) at www.ip-rs.si.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through a notice on our platform. Continued use of our services after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related inquiries:

Space Invoices Inc.
Email: privacy@spaceinvoices.com