Back

Privacy Policy

ALMEIO Solutions LLC ("we") operates Almeio Invoice. This policy explains what data we collect, why, and how we protect it.

1. Data we collect

• Account data: name, business email, slug (account ID), and an encrypted password hash (bcrypt).
• Business data you create: invoices, estimates, clients, items, company profile.
• Billing data: handled by Stripe. We store only the Stripe customer ID and subscription ID; card details never reach our servers.
• SMTP credentials (optional): if you configure custom SMTP for sending emails to your clients, the password is encrypted at rest with AES-256-GCM in your per-tenant database.
• Operational logs: request logs (timestamp, IP, path, status code) retained for up to 30 days for security and debugging.

2. How we use your data

• To provide the Service: storing your invoices, sending emails on your behalf via your SMTP, generating PDFs.
• To bill you for the subscription (via Stripe).
• To send transactional emails (welcome, payment status, trial expiry).
• To detect abuse and secure the platform.

We do not sell your data and do not use it for advertising.

3. Email open tracking

When you send an invoice or estimate by email, the message includes a 1×1 transparent tracking pixel. When the recipient opens the email, the document's status advances from "sent" to "viewed". The pixel records only the document ID and timestamp — no recipient IP, no device fingerprint, no third-party tracker.

4. Multi-tenant data isolation

Each tenant's data is stored in a dedicated SQLite database (slug-based). We do not co-mingle business data across tenants.

5. Third-party processors

• Stripe — payments, subscription management. See stripe.com/privacy.
• Your SMTP provider — used to send your invoices to your clients. We do not receive copies of those emails.
• Hostinger — infrastructure.

6. Data retention

• Active account data: retained while your subscription is active.
• After cancellation: data preserved read-only for 90 days, then deleted unless you request earlier deletion.
• Backups: rolling 30-day window, after which they are overwritten.

7. Your rights

You can export, modify or delete your data at any time. For deletion or other requests email contact@almeiosolutions.com. We respond within 30 days.

8. Security

Passwords are hashed with bcrypt (cost 12). Tenant SMTP passwords are encrypted at rest with AES-256-GCM. Sessions use HttpOnly cookies; HTTPS is enforced in production. Login endpoints are rate-limited.

9. International transfers

Our servers and Stripe processing may be located in the United States. By using the Service you consent to that processing.

10. Changes

Material changes are notified by email at least 14 days before taking effect.

11. Contact

ALMEIO Solutions LLC · contact@almeiosolutions.com