Privacy Policy

Last updated: April 8, 2026

1. Introduction

Invoba (“we”, “our”, “us”) is a booking and invoicing app designed for DJs and music professionals. This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data.

By using Invoba, you agree to the collection and use of information as described in this policy.

2. Data We Collect

Account Data

When you sign in with Google or Apple, we receive your name, email address, and profile photo.

Business Information

Business name, address, bank details, VAT number, and branding preferences you enter for invoicing purposes.

Booking Data

Venue name, date, time, fee, payment status, and any notes for each booking you create.

Client Data

Names, email addresses, and postal addresses of clients you add to the app.

Invoice & Financial Data

Invoice records, line items, payment status, and invoice numbering. We do not process payments directly — subscription payments are handled by the App Store or Google Play.

Calendar Data

With your permission, we read and write events to your Google Calendar or Apple Calendar to sync bookings. On iOS, Apple Calendar access uses the on-device EventKit framework.

Email Data

When you send invoices via Gmail, we use your Gmail account to send emails on your behalf. We do not read or store your inbox. Invoice emails may contain a tracking pixel (see Section 5).

Device & Usage Data

Theme preference, notification settings, and backup frequency. We do not collect analytics, location data, or device identifiers for advertising purposes.

3. How We Use Your Data

We use your data to:

• Provide the core service — managing bookings, generating invoices, and syncing with your calendar
• Send invoice emails on your behalf via Gmail or our email delivery service
• Store and restore your data backups
• Track whether invoice emails have been opened (see Section 5)
• Manage your subscription and in-app purchases

4. Third-Party Services

We use the following third-party services to operate the app:

• Supabase — cloud database and authentication (EU-hosted)
• Google APIs — Sign-in, Calendar sync, and Gmail sending
• Apple — Sign-in and Calendar sync (on-device)
• RevenueCat — subscription and in-app purchase management
• Resend — email delivery service for invoices

Each service has its own privacy policy. We encourage you to review them. We do not sell your personal data to any third party.

5. Email Open Tracking

Invoba offers an optional email open tracking feature. When enabled by the user, a small tracking pixel (a 1×1 transparent image) is included in invoice emails. This allows the sender to see when their client opens the invoice email. No personal data about the recipient is collected beyond the fact that the email was opened and the timestamp.

Email tracking is off by default and must be explicitly enabled in the app settings. When tracking is active, a disclosure line is included in the email footer to inform the recipient.

6. Data Storage & Security

Your data is stored in two places:

• On your device — using secure local storage for offline access
• In the cloud — on Supabase servers hosted in the EU, protected by row-level security policies

Backups are stored securely. We retain only your 3 most recent backups and automatically remove older ones. We use industry-standard security measures including encrypted connections (HTTPS), authenticated API access, and secure token management. However, no method of transmission over the internet is 100% secure.

7. Data Sharing

We do not sell, trade, or share your personal information with third parties for marketing purposes. Your data is only shared with the third-party services listed above as necessary to provide the app's functionality.

8. Your Rights (GDPR)

If you are in the UK or European Economic Area, you have the right to:

• Access the personal data we hold about you
• Correct any inaccurate data
• Request deletion of your data — you can delete your account directly in the app under Profile → Manage My Data, or contact us
• Export your data in a portable format — available to all users in the app under Profile → Manage My Data
• Object to or restrict processing of your data
• Withdraw consent at any time
• Revoke Google/Apple permissions through your account settings

To exercise any of these rights, you can use the self-service options in the app or visit our Data Request page. You can also contact us directly at [email protected].

9. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal data we collect and how it is used
• Request deletion of your personal data
• Opt out of the sale of personal data (we do not sell your data)
• Not be discriminated against for exercising your rights

10. Data Retention

We retain your data for as long as your account is active. Deleted bookings are soft-deleted and may be retained for up to 90 days before permanent removal. Invoice records and email tracking logs are retained for your records until you delete your account.

You can delete your account and all associated data directly in the app under Profile → Manage My Data → Delete My Account. Alternatively, contact us at [email protected] and we will remove your data within 30 days.

11. Children's Privacy

Invoba is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the date at the top and notify you through the app. Continued use of Invoba after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at [email protected].