Privacy Policy

Invos is currently operated by Haxlab Digital Inc., a company based in British Columbia, Canada. References to "Invos," "we," "us," and "our" mean Haxlab Digital Inc. and, where applicable, its successors, assigns, affiliates, or future operating entity.

Invos is built for professional service providers and business use. It is not intended for personal, household, consumer, children's, or emergency use.

• Account information, such as name, email address, authentication details, session data, organization membership, role, and account settings.
• Business information, such as business name, address, phone number, website, tax IDs or registration numbers, branding, document preferences, and workspace settings.
• Team information, such as invited team member names, email addresses, roles, permissions, and activity within an organization.
• Customer and business records, such as customer names, emails, phone numbers, billing or service addresses, quote records, invoice records, work or project records, line items, notes, payment terms, and communication history.
• User content, such as uploaded logos, files, attachments, generated documents, PDFs, signed records, and related business materials.
• Communications, such as support requests, product feedback, waitlist submissions, product email preferences, email delivery metadata, and messages sent through or about the service.
• Payment and billing information. When payment features are enabled, payment details may be handled directly by Stripe or another payment processor. Invos may receive limited payment metadata, status, identifiers, timestamps, invoice references, and subscription or billing records.
• Usage, device, and log data, such as browser type, IP address, device information, pages viewed, actions taken, timestamps, crash reports, security events, and diagnostic logs.

Invos is not designed for storing sensitive personal information such as government IDs, medical records, payroll records, personal tax files, children's data, or highly sensitive financial documents. Users should not upload that information unless they have the legal right, required notices or consents, and a legitimate business need to do so.

Future payment features may involve payment information collected by a payment processor. When a processor-hosted flow is used, the processor should collect sensitive payment credentials directly, while Invos stores only the limited records needed to operate the app.

• Provide, maintain, secure, troubleshoot, and improve Invos.
• Create and manage accounts, workspaces, team access, permissions, documents, subscriptions, and customer-facing workflows.
• Generate quotes, invoices, PDFs, payment links, emails, records, and related workflow outputs from user-provided information.
• Send transactional, administrative, security, billing, support, product, and service-related communications.
• Process subscriptions, support payment-enabled invoices, track payment status, and support processor-owned authorization flows when payment features are used.
• Support quote acceptance, electronic signature records, locked document versions, signer metadata, and audit events when those features are available.
• Detect abuse, investigate errors, enforce terms, prevent fraud, and protect the service, users, customers, and the public.
• Meet legal, tax, accounting, regulatory, audit, dispute-resolution, and compliance obligations.
• Create aggregated or de-identified information for analytics, product improvement, benchmarking, reporting, and business purposes, provided it does not identify a user, customer, or organization.

We do not sell personal information. We share information only as needed to operate the service, support users, comply with law, or protect Invos and its users.

• Service providers that help us host, secure, monitor, email, support, analyze, store, authenticate, and process parts of the service.
• Payment processors when payment features, subscription billing, payment links, processor-hosted authorizations, or payment status tracking are used.
• Other users in the same organization according to account roles, permissions, and workspace settings.
• Customer-facing recipients when a user sends quotes, invoices, payment links, approval requests, signature requests, or related communications through the app.
• Authorities, advisors, or counterparties when required by law, needed to enforce our terms, or needed to protect rights, safety, or security.
• Successors, assigns, affiliates, or a future operating entity in connection with a corporate reorganization, incorporation of a new entity, financing, merger, acquisition, or sale of assets.

Some payment authorization, mandate, bank agreement, PAD, ACSS, or similar payment flows may be provided directly by Stripe or another processor. When that happens, the processor's hosted or native flow may control the payment authorization record. Invos may receive related status, identifiers, timestamps, and limited payment metadata.

If Invos offers quote acceptance, electronic signature, or agreement record features, we may store signer name, signer email, signature or acceptance timestamp, accepted document version, quote ID or reference, IP address, user agent or device metadata, acceptance event history, and a generated signed PDF or locked snapshot.

Invos uses necessary cookies and similar technologies for authentication, sessions, security, preferences, and app operation. We may add analytics or product-improvement technologies as the service evolves.

Users can control cookies through their browser settings, but some features may not work correctly if required cookies or similar technologies are blocked.

We keep information for as long as needed to provide the service, support business records, resolve disputes, enforce agreements, meet legal, tax, accounting, audit, and security obligations, and prevent abuse. Deletion requests are handled subject to those retention needs.

Deleted information may remain in backups, logs, or archival systems for a limited period before it is overwritten or removed according to operational retention practices.

We use administrative, technical, and organizational safeguards designed to protect information. No internet service is completely secure, so users should protect account credentials, use appropriate access controls, limit team access to authorized people, and report suspected account misuse.

Invos is Canada-first and may expand to the United States and other markets over time. Invos and its service providers may process information in countries other than where a user or customer is located. Those countries may have different privacy or data-protection laws.

Subject to applicable law and verification, users may request access to personal information, correction of inaccurate information, deletion where available, withdrawal of consent where processing is based on consent, or information about how personal information is handled.

Some information may need to be retained for legal, accounting, security, fraud-prevention, backup, audit, or dispute-resolution reasons. We may also need to preserve business records controlled by an organization using Invos.

• Update account and workspace information in the app.
• Control organization access by managing team members and roles.
• Opt out of non-transactional product or marketing communications using the unsubscribe instructions included in those messages when available.
• Continue receiving transactional, administrative, security, billing, and service notices even after opting out of marketing messages.
• Request access, correction, export, or deletion by contacting us.

Invos is intended for professional service providers and business use. It is not directed to children, and users should not submit children's personal information unless they have the authority and legal basis to do so.

We may update this policy as the product, legal requirements, business practices, operating entity, or available markets change. The updated policy will be posted on this page with a new last updated date.

Contact us at support@invosapp.com with privacy questions or requests.