Security Policy

Last Updated: [LAST UPDATED]

Security at a Glance

InvoiceMaker is built with security and privacy as core principles:

Local-First Architecture: All your data stays on your device
No Cloud Storage: We don't store your invoices, clients, or business data on our servers
iOS Sandboxing: Protected by Apple's security framework
Encryption: Data encrypted at rest using iOS built-in security
No Account Required: No passwords, no login credentials to steal

1. Data Storage and Protection

Local-Only Storage

Where Your Data Lives:

All invoices, estimates, clients, and business information are stored exclusively on your device
Data is managed using Apple's SwiftData framework
Files are stored in the app's sandboxed container, inaccessible to other apps
No data is transmitted to our servers or any third-party storage

What This Means for You: If you delete the app, all your data is permanently removed from your device. There are no cloud backups. We recommend exporting important invoices as PDFs for your records.

1.1 iOS Device Security

Your data benefits from Apple's industry-leading device security:

Encryption at Rest: Data is encrypted on your device using iOS file-level encryption
Passcode Protection: When you lock your device with a passcode/Face ID/Touch ID, app data is protected
Secure Enclave: iOS uses dedicated hardware security for cryptographic operations
App Sandboxing: InvoiceMaker cannot access data from other apps, and other apps cannot access InvoiceMaker data

1.2 PDF Export Security

When you export invoices as PDF files:

PDFs are generated locally on your device
You control where PDFs are saved (Files app, email, AirDrop, etc.)
PDFs are standard documents without DRM or tracking
We recommend password-protecting sensitive PDFs before sharing (use Files app or third-party PDF tools)

2. Network Security

2.1 Minimal Network Access

InvoiceMaker has limited network usage:

No backend servers: The app does not communicate with our servers for data storage or sync
Third-party services: Network access is only used for:
- Google AdMob (free users only) - ad delivery
- Apple StoreKit - subscription verification

2.2 Third-Party Service Security

Google AdMob (Free Users Only)

What data is shared: Device identifiers (IDFA if tracking allowed), app usage, ad interaction
Why: To serve personalized ads and measure ad performance
Your control: Opt out via iOS App Tracking Transparency (ATT) prompt or Settings → Privacy → Tracking
Security: All connections use HTTPS encryption
Pro users: AdMob is completely disabled for Pro subscribers

Google AdMob Privacy Policy →

Apple StoreKit (All Users)

What data is shared: Purchase receipts, subscription status
Why: To verify Pro subscription purchases
Security: Handled entirely by Apple's secure payment infrastructure
Data access: We receive only a subscription status (active/inactive), not payment details

Apple Privacy Policy →

3. Permissions and Access

3.1 Required Permissions

InvoiceMaker requests minimal permissions:

Contacts (Optional):
- When requested: Only when you tap "Import from Contacts" to add a client
- What we access: Only the specific contact you select
- What we do: Copy name, email, phone, address to InvoiceMaker client record
- Data storage: Contact data is stored locally and never synced back to Contacts
- Your control: Deny this permission and manually enter client details instead

App Tracking Transparency / IDFA (Optional):
- When requested: On first app launch (iOS 14.5+)
- What it does: Allows Google AdMob to show personalized ads across apps
- Free users: Denying this permission shows non-personalized ads instead
- Pro users: Not requested (no ads shown)
- Your control: Change anytime in Settings → Privacy & Security → Tracking

What We DON'T Request: Camera, microphone, location, photos, calendars, reminders, Bluetooth, local network, or any other sensitive permissions.

3.2 Data Access by Third Parties

InvoiceMaker does not share your invoice, client, or business data with any third parties.

The only data shared with third parties is:

Google AdMob: Device identifiers, ad interaction metrics (free users only, if tracking allowed)
Apple: Subscription purchase receipts (all users who subscribe)

Your business data (invoices, clients, estimates, financial information) remains 100% local and private.

4. Security Best Practices

4.1 Recommendations for Users

To maximize the security of your data:

Enable Device Passcode: Use a strong passcode, Face ID, or Touch ID to lock your device
Keep iOS Updated: Install security updates promptly (Settings → General → Software Update)
Enable Find My iPhone: Allows remote wipe if device is lost or stolen
Export Backups: Regularly export important invoices as PDFs and store securely (iCloud, encrypted USB drive)
Password-Protect PDFs: Use Files app or third-party tools to encrypt sensitive PDFs before sharing
Review Sharing: When sharing invoices via email/AirDrop, verify recipient before sending
Secure Email: Use secure email providers when emailing invoices containing financial data

4.2 What We Do to Protect You

No account system: No passwords to leak, no login credentials to steal
No cloud storage: No centralized database that could be hacked
Minimal third-party SDKs: Only AdMob and StoreKit (both from trusted vendors)
Code security: Regular security reviews and updates
App Store distribution: Code-signed and verified by Apple
Sandboxed environment: Isolated from other apps by iOS security

5. Data Retention and Deletion

5.1 How Long We Keep Data

On Your Device:

Data persists until you manually delete it (swipe to delete items) or uninstall the app
No automatic expiration or deletion

On Our Servers:

We do not store your invoices, clients, or business data on any servers
Exception: Apple stores subscription receipts per their standard policy

5.2 How to Delete Your Data

Delete Individual Items:

Swipe left on any invoice, estimate, or client
Tap "Delete"
Confirm deletion (permanent and irreversible)

Delete All Data:

Open iPhone/iPad Settings
Scroll to "InvoiceMaker"
Tap "Delete App"
All app data is permanently removed from your device

Important: Data deletion is permanent and cannot be undone. We have no backups of your data. Export important invoices as PDFs before deleting.

6. Security Incident Response

6.1 Vulnerability Disclosure

If you discover a security vulnerability in InvoiceMaker, we encourage responsible disclosure:

Email us: [YOUR EMAIL] with subject line "Security Vulnerability"
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if applicable)
Give us time: Allow us reasonable time (typically 90 days) to address the issue before public disclosure
Do not: Publicly disclose the vulnerability before we've had a chance to fix it

We appreciate security researchers who help keep InvoiceMaker safe for all users. Responsible disclosure helps us fix issues quickly and protect the community.

6.2 Breach Notification

Current Architecture: Given our local-first design with no cloud storage:

There is no centralized database that could be breached
Your data security depends primarily on your device security
If your device is lost, stolen, or compromised, follow Apple's Find My iPhone procedures

If We Discover a Vulnerability:

We will release an app update to fix the issue as soon as possible
We will notify users via App Store update notes
For critical vulnerabilities, we may also send notifications within the app
We will provide clear instructions on any actions users should take

7. Children's Privacy and Security

InvoiceMaker is not directed at children under 13. We do not knowingly collect data from children.

No account creation (no age verification needed)
Local-only storage (no data collection)
If you believe a child has used the app, simply delete it from their device

8. International Security Standards

8.1 GDPR Compliance (European Users)

InvoiceMaker respects GDPR principles:

Data Minimization: We collect minimal data (only what's stored locally by you)
Purpose Limitation: Data is used only for app functionality
Storage Limitation: Data persists only as long as you choose to keep it
Right to Erasure: Delete the app anytime to remove all data
Data Portability: Export invoices as standard PDFs

8.2 CCPA Compliance (California Users)

Under the California Consumer Privacy Act:

No data sale: We do not sell your personal information
Transparency: This policy discloses all data practices
Right to delete: Uninstall the app to delete all local data
Right to opt-out: Disable tracking via iOS ATT settings

9. Updates to This Policy

We may update this Security Policy to reflect:

Changes to the app's features or functionality
New security measures or best practices
Legal or regulatory requirements
User feedback and recommendations

When we update this policy:

We will update the "Last Updated" date at the top
Significant changes will be noted in app update release notes
The latest version is always available at [YOUR WEBSITE]/security-policy.html

Contact Us

If you have questions or concerns about security:

Email: [YOUR EMAIL]

Subject Line: "Security Question" or "Security Vulnerability"

Mailing Address:
[YOUR COMPANY NAME]
[YOUR ADDRESS]
[CITY, STATE/PROVINCE, ZIP/POSTAL CODE]
[COUNTRY]