Contents
Terms of Service
Part 1 โ Terms of Service
1. Description of Service
This application ("the Service") is a web-based invoice and quote generator that allows users to create, edit, save, and export financial documents within a private, password-protected workspace stored on the hosting server.
The Service is provided free of charge on a voluntary donation basis. It is not a registered accounting, legal, or financial service and does not replace professional advice.
2. Acceptance of Terms
By creating a workspace or using any feature of the Service, you confirm that:
- You are at least 18 years old.
- You have the legal authority to enter into these Terms.
- You agree to comply with all provisions of this document.
If you do not agree, you must not use the Service.
3. User Responsibilities
You are solely responsible for:
- The accuracy, completeness, and legality of all documents you create.
- Keeping your workspace URL and password strictly confidential.
- Ensuring your invoices comply with applicable tax and accounting laws in your jurisdiction.
- Backing up your own data regularly.
- Any consequences arising from unauthorized access to your workspace due to credential disclosure.
- Not using the Service for fraudulent, illegal, or misleading purposes.
4. No Accounting or Legal Advice
The Service is a productivity tool only. It does not provide accounting, tax, legal, or financial advice. Documents generated by the Service should be reviewed by a qualified professional before use in any official, regulated, or legally binding context.
5. Data and Backups
Your data is stored as files on the hosting server within your private workspace folder. No automatic backups are performed by the Service. The operator is not responsible for any data loss due to server failure, accidental deletion, hardware fault, or any other cause. You are solely responsible for maintaining your own backups by downloading your workspace files via FTP or your hosting control panel.
6. Availability
The Service is provided on a best-effort basis with no guarantee of uptime, availability, or continuity of service. The Service may be modified, suspended, or discontinued at any time without prior notice.
7. Disclaimer of Warranties
The Service is provided "as is" and "as available" without any warranty of any kind, either express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, accuracy of calculations, or non-infringement.
You use the Service entirely at your own risk. The operator does not warrant that the Service will be error-free, uninterrupted, or free of harmful components.
8. Limitation of Liability
To the fullest extent permitted by applicable law, the operator of this Service shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of or inability to use the Service, including but not limited to loss of data, revenue, profits, or business opportunity, even if advised of the possibility of such damages.
Total liability of the operator to you for any cause whatsoever shall not exceed the amount you have paid for the Service in the 12 months preceding the claim (which may be zero for a free service).
9. Prohibited Use
You agree not to use the Service to:
- Create fraudulent, forged, or misleading invoices or financial documents.
- Violate any applicable law, regulation, or third-party rights.
- Attempt to access other users' workspaces without authorization.
- Perform automated scraping, crawling, or brute-force attacks on the Service.
- Overload, disrupt, or damage the hosting server or infrastructure.
- Reverse-engineer, copy, or redistribute the Service in violation of the applicable open-source license.
10. Intellectual Property
The source code of this application is released under the MIT License. You are free to use, copy, modify, and distribute it in accordance with the terms of that license.
All documents, data, and content you create using the Service remain exclusively your own intellectual property.
11. Data Breach Notification
In the event of a personal data breach affecting your data, the operator will take all reasonable steps to contain the breach and assess its impact. Where required by GDPR Article 33, the relevant supervisory authority will be notified within 72 hours of becoming aware of the breach. Affected users will be notified without undue delay where the breach is likely to result in a high risk to their rights and freedoms, as required by GDPR Article 34.
12. Changes to Terms
These Terms may be updated at any time. The date of the last revision is shown at the top of this page. Continued use of the Service after changes are posted constitutes your acceptance of the revised Terms. For material changes, we will endeavour to provide reasonable notice where possible.
13. Governing Law
These Terms are governed by the laws of the jurisdiction in which the Service operator is based, without regard to conflict-of-law principles. Any disputes arising under these Terms shall be subject to the exclusive jurisdiction of the competent courts of that jurisdiction.
Part 2 โ Privacy Policy
This Privacy Policy complies with GDPR (EU 2016/679), the ePrivacy Directive, and applicable national data protection laws. It explains what personal data we collect, why, how it is protected, and what rights you have over it.
1. Data Controller
The data controller responsible for your personal data is:
As the data controller, we determine the purposes and means of processing your personal data as described in this Policy.
2. What Data We Collect
We collect and store only the data you explicitly enter into the Service:
- Workspace name (used as a folder identifier on the server).
- A bcrypt hash of your workspace password (not reversible โ the original password is never stored).
- Invoice and quote content: seller details, client details, line items, amounts, dates, notes, and terms.
- App settings: company name, currency, brand color, and preferences.
We do not collect: email addresses (unless you type one into a document field), IP addresses, browser fingerprints, device identifiers, or any behavioral or analytics data.
3. Legal Basis for Processing (GDPR Article 6)
We process your data under the following legal bases:
- Contractual necessity (Art. 6(1)(b)): Invoice and quote data is processed because it is necessary to provide the Service you have requested. Without it, the Service cannot function.
- Legitimate interest (Art. 6(1)(f)): The session cookie is used to maintain your authenticated session. This is a necessary and proportionate means of providing secure access to your workspace.
- Legal obligation (Art. 6(1)(c)): We may retain or disclose data if required to do so by applicable law or a competent authority.
We do not rely on consent as a legal basis for processing, except for the optional session cookie acknowledgment.
4. How Data Is Stored
All data is stored as plain JSON files on the hosting server inside your
private workspace folder (data/[workspace]/). Data is not
transmitted to any external cloud service, database server, or third party
for storage purposes.
Direct browser access to the data/ directory is blocked
via server configuration (.htaccess: Deny from all).
5. Who Can Access Your Data
Access to your data is limited to:
- You โ via your workspace URL and password.
- Anyone you share your credentials with โ treat them like a private key.
- The server administrator โ who has technical file-system access to the hosting server.
No other party, employee, contractor, or automated system has access to your workspace data. We do not sell, rent, or share your data with any third party for commercial purposes.
6. Data Retention
Your data is retained on the server for as long as your workspace exists. There is no automated data expiry or deletion schedule.
You can delete your data at any time by using the Delete Workspace feature in the Settings panel, which permanently removes all files associated with your workspace. Alternatively, you may contact us to request manual deletion.
7. Your Rights Under GDPR
If you are located in the European Economic Area (EEA), you have the following rights under GDPR:
- Right of access (Art. 15): Request a copy of your stored data. Your data is already available in JSON format inside your workspace.
- Right to rectification (Art. 16): Correct inaccurate data directly within the app at any time.
- Right to erasure / "right to be forgotten" (Art. 17): Delete your workspace and all associated data using the Delete Workspace feature in Settings, or by contacting us.
- Right to restriction of processing (Art. 18): Request that we temporarily stop processing your data. Contact us to exercise this right.
- Right to data portability (Art. 20): Your data is stored in JSON format, which is machine-readable and portable. You may download it at any time via FTP or your hosting panel.
- Right to object (Art. 21): Object to processing based on legitimate interest. Contact us to exercise this right.
- Right not to be subject to automated decision-making (Art. 22): The Service does not use automated decision-making or profiling.
To exercise any of these rights, contact us at the address in Section 1. We will respond within 30 days as required by GDPR Article 12.
8. Cookies
The Service uses one essential cookie:
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| PHPSESSID | Maintains your authenticated login session | Session / 2 hours inactivity | Essential |
No tracking cookies, advertising cookies, analytics cookies, or third-party profiling cookies are used. The session cookie is strictly necessary for the Service to function and does not track you across other websites.
Under the ePrivacy Directive, strictly necessary cookies do not require prior consent. We display a cookie notice for transparency.
9. Third-Party Services (CDN)
The app loads the following resources from external Content Delivery Networks (CDNs). These requests may result in your IP address being logged by the CDN provider according to their own privacy policies:
| Library | Provider | When loaded | Data shared |
|---|---|---|---|
| Tailwind CSS | Tailwind Labs / CDN | Every page load | IP address only |
| Alpine.js | jsDelivr (Cloudflare) | Every page load | IP address only |
| html2pdf.js | cdnjs (Cloudflare) | Only on PDF export | IP address only |
No personal data from your workspace (names, emails, invoice data) is shared with these providers. Only your IP address is incidentally transmitted as part of the standard HTTP request to load these files.
To eliminate this, you may self-host all assets by downloading them and serving them from the same server as the app.
10. Security Measures
We implement the following technical security measures:
- Passwords stored exclusively as bcrypt hashes
using PHP
password_hash()โ never in plain text. - Direct browser access to the
data/directory is blocked via.htaccess. - All workspace data is stored in isolated per-workspace subfolders.
- Input sanitization and directory traversal prevention on all file operations.
- Session tokens are regenerated on login.
- HTTPS is strongly recommended for all deployments (configurable at the hosting level).
Despite these measures, no system is completely secure. You are advised to use a strong, unique password for your workspace and to access the Service only over HTTPS.
11. Children's Privacy
The Service is not directed at or intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has used the Service, please contact us for immediate deletion of the relevant data.
12. Contact & Complaints
For any privacy-related questions, requests to exercise your rights, or to report a data breach, contact:
If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection supervisory authority.