Privacy Policy

Last updated: 31 Jan 2026
App: Azy Invoices (the “App”)
Provider: AzyDev (“we”, “us”, “our”)
Contact: support@azydev.co.uk

This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights.

1) High-level summary

• The App is an invoicing tool; it does not process payments.

• The App requires login on all plans.

• Invoice content is end-to-end encrypted (zero-knowledge) so we do not hold the keys required to read invoice content.

• We use Firebase Analytics to understand usage and improve the App. Firebase provides controls for data collection and usage.

• We use RevenueCat to manage subscriptions and entitlements; RevenueCat describes itself as a GDPR processor for end-user data handled on behalf of developers.

2) Roles: who is controller / processor

2.1 For account, support, and app operations, AzyDev acts as a data controller.

2.2 For invoice content you store and manage in the App, you may be the data controller for any personal data about your clients/customers included in invoices. We provide the tool, and where we process personal data on your behalf (for example, enabling encrypted storage or sync), we do so as a processor/service provider for that purpose. The ICO explains the distinction between controllers and processors under UK GDPR.

3) What data we collect

A) Account and authentication data (all plans)

Because login is required, we process data needed to authenticate and secure your account, such as:

• a user/account identifier (App User ID tied to authentication),

• email address or identity provider reference (depending on your login method),

• authentication tokens/sessions (to keep you signed in),

• security-related metadata (e.g., sign-in timestamps, device/session identifiers).

B) Invoice content (all plans)

You may create invoices containing:

• your business details,

• customer/client details,

• line items, totals, notes, and references.

Important: Invoice content is protected using end-to-end (zero-knowledge) encryption. We do not hold the decryption keys needed to read invoice content. When Pro backup/sync is enabled, encrypted invoice content may be stored with third-party cloud infrastructure (see Section 6).

C) Subscription and entitlement data (RevenueCat + marketplace)

RevenueCat processes subscription/entitlement information to determine whether Basic/Pro features should be enabled, including:

• your App User ID (custom ID tied to authentication),

• purchase/receipt or transaction validation data,

• device/app metadata needed to support entitlement checks and restore flows.

D) Analytics data (Firebase Analytics)

We use Firebase Analytics to understand how the App is used and to improve performance and reliability. This may include:

• app usage events (including automatically collected events),

• device and app information (such as OS version, device model, app version),

• approximate location derived from IP or device settings (depending on platform configuration),

• identifiers used for analytics measurement (depending on platform settings).

Google’s documentation explains that app interactions can be collected automatically via the Analytics SDK, and Firebase provides options to configure data collection and usage.

We do not intentionally send invoice content to analytics.

E) Support communications (if you contact us)

If you contact support, we process what you send us (e.g., email address, message content, and any attachments you choose to provide).

4) What we do not do

• We do not sell your personal data.

• We do not use invoice content for advertising profiling.

• We do not process payments inside the App.

5) Why we use your data (purposes and lawful bases)

We process personal data for:

• Providing the App and its core functions (contract necessity)

• Authentication and account security (contract necessity / legitimate interests)

• Subscription management and entitlement enforcement (contract necessity)

• Analytics and app improvement (legitimate interests, and where required by law, consent)

• Support and communications (legitimate interests / contract necessity)

• Preventing fraud, abuse, and security incidents (legitimate interests)

6) Where data is stored

Local storage (device)

Invoice content may be stored locally on your device.

Pro backup/sync (encrypted)

If Pro backup/sync is enabled, encrypted invoice content may be stored on cloud infrastructure (for example, Firebase/Google services). Google publishes Firebase Data Processing Terms and Standard Contractual Clauses materials relevant to international transfers and processing arrangements.

7) Sharing and disclosure

A) Sharing initiated by you

When you share invoices via email/SMS/messaging/social apps, you are choosing to send information using third-party services. You are responsible for recipients and content.

B) Service providers (processors)

We use third parties to operate the App:

• RevenueCat (subscriptions/entitlements).

• App marketplaces (billing and subscription lifecycle).

• Firebase/Google services (authentication, encrypted storage/sync where enabled, analytics).

C) Legal and safety

We may disclose information if required by law or to protect rights, safety, and security, investigate abuse, or enforce our terms.

8) International transfers

Your data may be processed outside the UK depending on the infrastructure used by service providers. Firebase publishes SCC documentation for relevant transfer mechanisms.

9) Data retention

We retain personal data only as long as necessary for the purposes described:

• account/security data: for as long as your account is active (and a reasonable period after for security and compliance),

• subscription/entitlement metadata: as needed to provide paid features and support audits/restores,

• analytics data: retained according to our configuration and operational needs,

• support messages: as long as needed to resolve issues and keep reasonable records.

Invoice content retention depends on your usage (local data deletion, or deletion of encrypted synced data where applicable).

10) Security

We use measures designed to protect data, including:

• authentication controls,

• transport security,

• and end-to-end (zero-knowledge) encryption for invoice content.

No system can guarantee absolute security. You must also protect your device and login credentials.

11) Your rights

Depending on your location (including the UK), you may have rights such as access, correction, deletion, restriction, objection, and portability. The UK regulator provides guidance on these rights.

Practical notes:

• Invoice content (local): you can delete it in-app and/or by uninstalling the App.

• Account/subscription/analytics data: you can request access or deletion by contacting support@azydev.co.uk. We may need to verify account ownership.

12) Children

The App is not intended for children under 13 and we do not knowingly collect data from children.

13) Changes to this Privacy Policy

We may update this Policy. We will update the “Last updated” date and may provide notice in-app for material changes.

14) Contact and complaints

Privacy questions/requests: support@azydev.co.uk
If you are in the United Kingdom, you can also complain to the Information Commissioner's Office if you believe your rights have been infringed.