Sign In

Privacy Policy

Last updated: 12/7/2025

Inveeze (“we”, “our”, “the Platform”) is a document and workflow automation service that processes invoices and related business documents using AI and rule-based automation. We are committed to protecting your privacy and ensuring that your data is handled securely and responsibly.

1. Overview

This Privacy Policy explains:

  • What data we collect
  • How we process documents
  • How AI models are used
  • How we store, secure, and retain your data
  • What third parties (if any) receive your data
  • Your rights under GDPR and other frameworks

Inveeze never sells customer data.

2. Data We Collect

Data you provide

  • Uploaded documents (invoices, receipts, credit notes, bills, contracts, etc.)
  • Metadata (file names, tags, vendor info)
  • Workflow information (statuses, approvals, coding)
  • User account information (name, email, role)
  • Configuration data (pipeline settings, rules, integrations)

Automatically collected

  • Minimal usage analytics
  • Execution logs
  • Error and performance logs
  • Device/browser information for security

We do not collect unnecessary personal data.

3. AI Processing

Inveeze uses paid enterprise AI services (e.g., OpenAI, Azure OpenAI, AWS Bedrock, Google Vertex AI, Anthropic, etc.) to:

  • Extract fields from documents
  • Classify document types
  • Validate totals and calculations
  • Suggest GL coding or routing

NO TRAINING ON CUSTOMER DATA

Our AI providers do not use your data for training or model improvement. This is part of their enterprise API terms.

We never use customer documents, metadata, or extracted fields:

  • For model training
  • For benchmarking
  • For dataset creation
  • For product improvement (unless expressly allowed)

Data sent to models

Only the minimum required content (document text and relevant context) is sent to the model for inference.

BYOM (Bring Your Own Model)

If you configure your own AI provider:

  • Your data is sent only to your model endpoint
  • You are responsible for that provider’s privacy policy
  • Inveeze does not store model credentials other than encrypted keys

4. Document Storage & Retention

Development Mode

  • Synthetic data is not stored
  • Real documents used for testing are auto-deleted after a short retention period (default: 7 days)
  • You can delete any data manually at any time

Production Mode

You may configure document retention policies:

  • Delete immediately after processing
  • 7-day retention
  • 30-day retention
  • Custom retention for audit requirements

Enterprise Mode

You may choose:

  • Region-specific storage (EU, UK, US, etc.)
  • Private cloud or on-premise storage
  • Custom retention policies
  • External archiving to your own storage (S3, SharePoint, GDrive)

5. Security Measures

We use industry-standard security practices including:

  • Encryption at rest (AES-256)
  • Encryption in transit (TLS 1.2+)
  • Role-Based Access Control (RBAC)
  • Multi-factor authentication
  • Restricted employee access (“zero-access by default”)
  • Audit logs
  • Regular security reviews and penetration testing

Enterprise plan includes:

  • SSO (SAML 2.0 / OAuth2)
  • Private networking/VPC peering
  • Optional on-prem or private-cloud deployment
  • Customer-managed keys (CMK)

6. Data Sharing & Third Parties

Inveeze only sends your data to:

  • AI model providers (for inference only)
  • Cloud infrastructure providers (data hosting)
  • Integrations you explicitly configure (e.g., SAP, NetSuite, Xero, QuickBooks, SharePoint, S3, Google Drive, email servers)

We do not share your data with:

  • Advertisers
  • Data brokers
  • Unrelated third parties

We only disclose data if required by law and with proper notice.

7. Human Access & Review

Human-in-the-Loop (Your Team)

If enabled, your team members may view documents requiring validation.

Inveeze Staff Access

Inveeze employees cannot view customer documents unless:

  1. You explicitly grant support access
  2. Access is time-limited
  3. Access is logged and monitored

Default: Zero staff access.

8. Legal Basis for Processing (GDPR)

We process personal data under the following bases:

  1. Contractual necessity — to provide the Inveeze service
  2. Legitimate interest — fraud prevention, security, improving reliability
  3. Consent — optional features involving human review or sharing
  4. Compliance with law — auditing and record-keeping where required

You have the right to:

  • Access your data
  • Correct your data
  • Request deletion
  • Export data
  • Restrict processing

9. Data Residency

We support data residency for:

  • EU
  • UK
  • United States
  • APAC (Enterprise)

Enterprise customers may define their residency and storage zones.

10. Data We Do Not Collect

We do not collect:

  • Consumer-level personal data unless included in documents you upload
  • Biometric or facial recognition data
  • Advertising identifiers
  • Behavioral tracking outside our own platform
  • Information from third parties without your consent

We do not sell or rent your data.

11. Children’s Privacy

Inveeze is not designed for children under 16, and we do not knowingly process such data.

12. Your Rights to Erasure

You can request deletion of:

  • Documents
  • Workflow data
  • User data
  • Entire accounts

We will remove data unless required by:

  • Financial regulations
  • Security investigations
  • Audit requirements

Email: privacy@inveeze.com

13. Contact Us

For privacy-related inquiries, contact our Data Protection Officer (DPO):

privacy@inveeze.com

For security concerns:

security@inveeze.com