Privacy Policy

Oussama (“we”) operates Invoice Studio Oussama(the “Service”). We respect your privacy and only collect the information we need to deliver the Service.

This Policy applies to personal information we collect when you visit our website, create an account, purchase credits, or use the Studio to create invoices.

You provide:

• Account details: email address and password (hashed).
• Billing details: name and billing address — processed by Stripe (we never see your full card number).
• Support requests, feedback, and other content you send us.

Collected automatically:

• Log data: IP address, browser type, pages visited, timestamps.
• Device data: operating system, screen size, language.
• Cookies and similar identifiers (see Section 6).
• Studio usage metadata: number of credits consumed when you download an invoice PDF. We do not receive invoice field values, client details, or PDF contents through this API.

We use personal information to:

• Provide, maintain, and improve the Service.
• Process payments, fulfill orders, and credit your account.
• Respond to support requests and customer enquiries.
• Detect, prevent, and address fraud, abuse, or technical issues.
• Comply with our legal obligations and enforce our Terms.
• Send transactional and security-related messages (e.g. receipts).

We do not sell your personal information. Because invoice rendering runs in your browser, we do not receive the contents of invoices you create in the Studio unless you separately send them to us (for example, in a support request).

When you draft or download an invoice, the invoice data stays on your device. PDF rendering happens locally in your browser using client-side libraries. We do not upload your invoice contents to our servers for generation.

After a successful PDF download, we record account-level usage metadata — the number of credits consumed — so we can operate billing and prevent abuse. Invoice history shown in the Studio is stored locally in your browser unless you clear it.

If you email us an invoice or PDF for support, we use it only to investigate your request and delete it when the ticket is closed, unless we are required to retain it by law.

Payments are processed by Stripe, Inc. Stripe collects and processes your payment information in accordance with its Privacy Policy. We receive a token from Stripe along with the last four digits of your card, card brand, billing country, and the amount charged — never your full card number.

We use a small number of essential cookies to keep you signed in and to remember checkout state. We may also use privacy-respecting analytics (such as Vercel Analytics or Plausible) to understand aggregate traffic patterns. No third-party advertising cookies are placed without your consent.

You can clear or block cookies through your browser settings. Some parts of the Service may not work without essential cookies.

We share personal information only with:

• Service providers (sub-processors) that help us run the Service — for example Stripe (payments) and Vercel (hosting). Each is bound by contract to use data only on our instructions.
• Authorities, where required by law, court order, or to protect rights, safety, or property.
• Successors, in connection with a merger, acquisition, or sale of assets — with prior notice to you where required.

• Account data: retained while your account is active.
• Studio usage metadata: retained with your account while it is active.
• Local invoice history: stored in your browser until you clear it.
• Support attachments: deleted when the ticket is closed, unless retention is required by law.
• Transaction records: retained for the period required by tax and accounting law (typically 7 years).
• Support tickets: retained for up to 24 months.

We use industry-standard administrative, technical, and physical safeguards to protect your data, including TLS in transit, encryption at rest, and access controls. No system is perfectly secure, however, and we cannot guarantee the absolute security of your data.

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Delete your account and personal information.
• Object to or restrict certain processing.
• Receive a portable copy of your data.
• Withdraw consent, where processing is based on consent.
• Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email us at support@oussama.com. We will respond within 30 days.

We are based in United States. If you access the Service from outside United States, your information may be transferred to, processed, and stored in countries whose data-protection laws may differ. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

We may update this Policy from time to time. Material changes will be communicated by email or in-app notice. The “Last updated” date at the top reflects the current version.

Privacy questions, data-rights requests, or complaints:

support@oussama.com

See also our Terms of Service, Refund Policy, and Acceptable Use Policy.