ExtractInvoice.app trust center
Clear answers about your invoice data.
ExtractInvoice handles financial documents, so the trust story should be specific: what is stored, who processes it, how long it stays around, and what you can delete.
Encryption
Files are encrypted at rest and sent over TLS. Payment cards are handled by Stripe, not stored by ExtractInvoice.
Access controls
Account access is authenticated, sensitive routes are rate-limited, and API keys can be revoked.
AI data use
Invoice data is processed for extraction only. Providers are not permitted to train models on customer invoices.
Deletion controls
You can export or delete your account data from settings, or request help by email.
Security posture
ExtractInvoice uses audited infrastructure providers, including Vercel, and follows least-access patterns for application and admin surfaces.
That does not mean ExtractInvoice itself is SOC 2 certified. The accurate claim is that the app is hosted on SOC 2 certified infrastructure.
Subprocessors
Retention
Original file retention depends on your plan. Extracted data remains available while your account is active unless you delete it.
Account deletion
Delete your account in settings or email support. Some billing and legal records may be retained where required.
DPA
Customers who need a Data Processing Addendum can request one from support.
Want the legal details?
The privacy policy and terms contain the full retention and processor language.