Privacy Notice

We built this tool to be stateless on purpose. We don’t keep your invoice details, your notes, or the generated messages on our servers. Your inputs are sent to OpenAI for processing and the result is returned straight back to your browser. Payment is handled by Polar, our Merchant of Record. That’s it.

This service (“the Service”) is operated by Nalarin (“we”, “us”), based in Indonesia. For any privacy question, contact us at info.nalarin@invoque.xyz.

When you use the Service, the following data is sent to our servers and immediately forwarded to OpenAI for generation:

• Country and currency you selected
• Invoice amount
• Number of days overdue
• Client type (individual or company)
• Any optional context you typed into the “notes” field

We do notask for or collect: your name, your client’s name, email addresses, invoice numbers, bank details, or any other personally identifying information. Please avoid putting such details in the “notes” field.

Technical metadata (IP address, timestamp, request duration, response status, country code) is briefly visible to our hosting provider for abuse prevention and rate limiting. We do not write your invoice fields or generated messages to any persistent log.

• Your invoice inputs are not written to any database.
• The generated emails, SMS, and timeline are not written to any database.
• We do not keep a copy of what OpenAI returned to you.
• We do not build profiles of users or track you across sessions.

After generation, the result is stored in your own browser (localStorage) under a random, one-time key, with a 1-hour expiry. This lets you unlock and view your kit without us holding it. You can clear it at any time by clearing your browser data. We do not use third-party tracking cookies or analytics that follow you across sites.

We rely on a small number of service providers to make the Service work:

• OpenAI, L.L.C.— processes your inputs to generate the recovery kit. Data is sent over TLS. See OpenAI’s API data usage policy; OpenAI does not train models on API content by default.
• Polar Software Inc. (Polar.sh)— our Merchant of Record. When you click Unlock, you are redirected to Polar’s hosted checkout. Polar independently collects and processes billing information (name, email, card details, billing country) under its own privacy policy. We receive only a confirmation that your payment succeeded, via the redirect back to this site. See polar.sh/legal/privacy.
• Vercel Inc.— hosts this site and runs the Edge function. Vercel may record edge access logs (IP, user agent, URL, status code) for operational purposes.
• Upstash, Inc.— provides the rate-limit counter keyed by IP address. No invoice content is sent to Upstash; only the counter increments.

If you are in the EEA or UK, we process the minimal data described above on the basis of performance of a contract (to deliver the Service you requested) and legitimate interests (security and abuse prevention). We do not rely on marketing consent because we do not do marketing profiling.

Invoice inputs and generated content: zero retention on our servers. They exist only in memory during the request and in your browser afterwards (1-hour TTL). Technical metadata (IP, status, duration) is retained by our hosting and rate-limit providers per their standard operational windows.

Depending on where you live, you may have rights to access, rectify, erase, or port your personal data, and to object to processing. Because we do not store your invoice inputs or generated content, most of these rights are already satisfied by design. For any request relating to payment data, please contact Polar directly — they are the data controller for your billing information. For anything else, email us at info.nalarin@invoque.xyz.

Traffic to and from the Service is encrypted in transit (HTTPS). The API route enforces same-origin requests, rate limiting, a body size cap, strict input validation, and a 20- second timeout on upstream calls. The OpenAI API key never leaves the server.

The Service is intended for business use and is not directed at children under 16.

If we change how we handle data, we will update the “Last updated” date at the top and, for material changes, note it on the home page.

Questions or requests: info.nalarin@invoque.xyz.