Legal Document

Privacy Policy

How invogen.in collects, uses, and protects your personal data — in full compliance with Indian data protection laws.

Last updated: July 15, 2026

INVOGEN — PRIVACY POLICY

This Privacy Policy explains how we collect, use, store, share, and protect information when you visit our marketing websites, create an account, or use the Invogen application and related Services.

It should be read together with our Terms and Conditions. Capitalised terms used but not defined here have the meaning given in the Terms where applicable.

By using the Service, you acknowledge this Privacy Policy. If you do not agree, do not use the Service.

⚠️ IMPORTANT NOTICE

Invogen is a business invoicing SAAS platform. We process account and billing data to run the Service. Business data you enter about your own customers, products, and invoices is primarily controlled by your organisation. Marketing phrases such as “Encrypted” or “Razorpay Secure” describe security practices and payment-partner safeguards — they are not a promise of absolute security or a certification by a regulator.

1. WHO WE ARE AND HOW TO CONTACT US

Product name: Invogen

Privacy / support email: contact@invogen.in

Registered address: OFFICE NO.1 Marol Neartime Square, Andheri East, Mumbai, Maharashtra 400059.

For privacy requests, email contact@invogen.in with the subject line “Privacy Request”.

2. SCOPE — WHO THIS POLICY COVERS

2.1 This Policy covers:

  • visitors to Invogen marketing and public pages (including landing and pricing pages);
  • Admin users who register and manage a company workspace;
  • Employee users who join a workspace;
  • individuals whose business contact details are stored by a Customer inside Invogen (for example customer names, emails, GSTIN on invoices) — see Clause 4.

2.2 Platform operators (Super Admin) are Invogen personnel. Their use of internal tooling is covered by Invogen’s internal policies; this document is the public-facing Customer/user policy.

3. ROLES: CONTROLLER AND PROCESSOR

3.1 For account registration data, subscription billing with Invogen, support tickets you send us, and Service usage needed to operate Invogen, we act as a data controller (or similar role under applicable Indian law).

3.2 For Customer Content stored in your workspace — including your clients’ personal and business data, invoices, templates, logos, signatures, and uploads — your organisation is typically the data controller. Invogen acts as a service provider / processor and processes that data only to provide the Service to you, as instructed by your use of the product, and as described in this Policy and our Terms.

3.3 If you are an Admin, you are responsible for ensuring you have a lawful basis and any required notices/consents to upload personal data of your employees, customers, and contacts into Invogen.

4. INFORMATION WE COLLECT

4.1 Information you provide directly:

Account and Profile

  • Name, email address, password (stored in hashed form)
  • Phone number (if provided), role (Admin / Employee)
  • Portal preference, and authentication-related details

Company / Workspace Profile

  • Business name, address, country, GSTIN, PAN
  • Bank or payment display details you choose to store for invoices
  • Invoice/tax settings, employee join codes, and similar business settings

Branding and Media

  • Company logo, signature images, template images
  • Other files you upload as part of the Service

Business Records You Create

  • Customers, products, discounts
  • Invoice and related document content (line items, HSN/SAC, totals, notes, share settings)
  • PDF or export artefacts generated by the Service, and recurring invoice configuration

Support and Communications

  • Messages, tickets, and emails you send to us
  • Agreement records (acceptance of Terms and Privacy with metadata)

4.2 Information from Google sign-in (if you use it):
If Google OAuth is enabled and you choose “Sign in with Google”, we receive identifiers and profile information Google shares for authentication (such as name, email, and Google account ID), subject to your Google account settings and Google’s policies. We use this to create or log you into your Invogen account.

4.3 Payment and subscription information:
When you purchase or renew a plan, we process plan selection, billing cycle, subscription status, payment status, amounts, taxes applied on platform fees, promo/discount codes, and related platform invoice records. Card, UPI, and net-banking credentials are collected and processed by Razorpay (or another payment partner we enable). We do not store full payment card numbers on Invogen servers. We may store payment references, order/payment IDs, and webhook status updates needed for billing and support.

4.4 Information collected automatically:

  • Technical and security data: IP address, browser/device type, timestamps, authentication tokens, and server logs used for security, debugging, and reliability.
  • Cookies and similar technologies: we use cookies such as a refresh-token cookie for session continuity, and browser storage (localStorage for access tokens and sessionStorage for checkout cart state) to keep you signed in.
  • Product usage: in-app notifications and activity needed to operate features (for example invoice created, subscription renewals, support updates). We do not currently operate third-party advertising pixels.

4.5 Information from your use of email and sharing features:
If you send invoices or notifications by email through the Service, we process recipient addresses and message metadata required for delivery via our email/SMTP provider. Share methods you select (for example email, public link, or WhatsApp as a recorded method) may store related metadata in your workspace.

5. HOW WE USE INFORMATION

We use information to:

  • create and manage accounts, workspaces, roles, and permissions;
  • provide invoicing, templates, PDF generation, reports, and related product features;
  • process subscriptions, platform invoices, renewals, upgrades, cancellations, and payment status;
  • send transactional messages (verification, password reset, billing, subscription expiry/renewal, support updates);
  • provide customer support and investigate abuse or security incidents;
  • maintain security, prevent fraud, enforce Terms, and comply with law;
  • operate maintenance mode and Service reliability;
  • improve the Service based on aggregated or operational feedback;
  • display required platform branding (for example “Made with Invogen”) where your plan or settings require it.

We do not sell your personal data.

7. HOW WE SHARE INFORMATION

We may share information with:

  • Razorpay (or other enabled payment partners) — to process payments and subscriptions and handle payment webhooks;
  • Google — if you use Google sign-in;
  • Email / SMTP infrastructure providers — to send transactional and (where enabled) service emails;
  • Hosting, database, and infrastructure providers that store or process data on our behalf (including MongoDB or equivalent hosting used for application data and uploaded media);
  • Professional advisors or authorities when required by law, regulation, legal process, or to protect rights, safety, and integrity of the Service;
  • A buyer or successor in connection with a merger, acquisition, or sale of assets, subject to continued confidentiality safeguards.

We require service providers to use personal data only to perform services for us and not for their own unrelated marketing, except where you interact with them under their own terms (for example completing a Razorpay checkout).

🔒 We do not sell personal data to data brokers.

8. WORKSPACE DATA AND YOUR CUSTOMERS

8.1 Admins and authorised Employees can access Customer Content within their company workspace according to permissions. Invogen personnel may access workspace data only as needed for support, security, billing disputes, legal compliance, or Service operation, and subject to internal access controls.

8.2 Public or shared invoice links expose the document content you choose to share. You control what you share.

8.3 Invogen is not responsible for how your organisation uses exports, PDFs, emails, or shared links after data leaves the Service.

9. COOKIES AND BROWSER STORAGE

9.1 Essential cookies / storage are used for authentication, security, and checkout continuity. These are required for the Service to function as designed.

9.2 You can clear cookies and browser storage in your browser settings, but you may be signed out or lose incomplete checkout state.

9.3 If we introduce non-essential analytics or marketing cookies in future, we will update this Policy and use an appropriate notice/consent mechanism where required.

10. SECURITY

10.1 We use reasonable technical and organisational measures appropriate to a SaaS product of this type, which may include password hashing, authenticated API access, role-based permissions, HTTPS in production deployments, and restricted administrative access.

10.2 No method of transmission or storage is 100% secure. You are responsible for safeguarding account credentials, join codes, and devices.

10.3 Marketing statements such as “Encrypted” refer to industry-standard transport/security practices for the Service and/or payment-partner checkout security — not end-to-end encryption of all workspace data against every threat, and not a guarantee against unauthorised access.

11. DATA RETENTION

11.1 We retain account, subscription, and billing records for as long as your account is active and thereafter as needed for legitimate business purposes, tax/accounting records, dispute resolution, and legal compliance.

11.2 Workspace data is retained while your organisation’s account exists and the Service stores it. After cancellation or deletion requests, we may delete or anonymise data within a reasonable period, except where retention is required by law or for security/audit purposes.

11.3 Backups and logs may persist for a limited additional period before rotation.

12. YOUR RIGHTS AND CHOICES

Depending on applicable law (including India’s Digital Personal Data Protection framework as applicable), you may have rights to:

  • Access personal data we hold about you as an account holder;
  • Correct inaccurate account data;
  • Request deletion of account personal data, subject to legal retention needs;
  • Withdraw consent where processing is consent-based;
  • Raise a grievance using the contact in Clause 1.

To exercise rights, email hello@invogen.app. We may need to verify your identity. If your request relates to data inside a Customer workspace (for example a person listed as a customer on an invoice), we may redirect you to the Admin organisation that controls that workspace.

You may update many profile and company fields directly in the product settings.

13. CHILDREN

The Service is intended for business use by adults. We do not knowingly collect personal data from children for the purpose of offering the Service to them. If you believe a child has provided personal data improperly, contact us and we will take appropriate steps.

14. INTERNATIONAL AND CROSS-BORDER PROCESSING

Invogen is operated with a primary focus on India (including INR billing and GST-oriented features). Your information may be processed on infrastructure located in India or in other countries where our service providers operate. Where cross-border transfer occurs, we take steps consistent with applicable law and our provider contracts.

15. THIRD-PARTY SITES AND SERVICES

The Service may link to third-party sites or open third-party checkout or OAuth screens (Razorpay, Google). Their privacy practices are governed by their own policies. This Privacy Policy does not cover those third parties.

16. MARKETING COMMUNICATIONS

16.1 We may send service/transactional emails that are necessary for the account (security, billing, subscription status). These are not marketing opt-out emails in the ordinary sense.

16.2 If we send optional product news or marketing emails, you may unsubscribe where an unsubscribe mechanism is provided.

16.3 Marketing website copy must remain consistent with this Policy: do not claim we “never store any data”, “fully anonymous usage”, or “bank-grade certified encryption” unless those claims are separately true and documented.

17. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. The version and effective date appear at the top. Material changes will be posted on the Service or marketing site (including /legal/privacy) and, where required, we may request renewed acceptance during registration or login.

Continued use after the effective date constitutes acknowledgement of the updated Policy, except where mandatory law requires otherwise.

18. GOVERNING LAW

This Privacy Policy is governed by the laws of India. For disputes relating to privacy and the Service, the dispute provisions in our Terms and Conditions apply (courts at Mumbai, Maharashtra subject to mandatory protections that cannot be waived).

19. CONTACT AND GRIEVANCE

If you have an unresolved privacy concern, contact us:

📍

OFFICE NO.1 Marol Neartime Square, Andheri East, Mumbai, Maharashtra 400059.

We will aim to acknowledge and address grievances within a reasonable time.