Privacy Policy

Last updated: 2026-06-09

1. Controller

Faturium — AI-native expense reconciliation + receipt OCR + bank import + accountant Google Drive sync acts as the data controller for personal data processed via Faturium — AI-native expense reconciliation + receipt OCR + bank import + accountant Google Drive sync. Contact: info@faturium.com.

2. Data we collect

  • Account identifiers (email, name) supplied at sign-up.
  • Authentication metadata from our identity provider (Auth0).
  • Content you upload to the Service.
  • Operational logs (request IP, timestamp, user-agent) retained for security and abuse-prevention purposes.

3. Legal basis

We process the data above on the legal basis of (a) contract performance — to deliver the Service you signed up for — and (b) legitimate interest, where applicable, for security, fraud prevention and product analytics (with consent for non-essential categories — see section 9).

4. Data residency

All data is processed and stored within the European Union (Cloudflare EU region: D1, KV, R2 all jurisdiction-locked). Authentication (Auth0) and billing (Stripe) sub-processors may transfer data within the EEA only.

5. Retention

Account data is kept for as long as your account exists. Operational logs are kept for 90 days. On account deletion you may request erasure of personal data at info@faturium.com.

6. Your rights

Under GDPR you have rights of access, rectification, erasure, restriction, portability and objection. Exercise them by emailing info@faturium.com.

7. Sub-processors

We use Cloudflare (EU region: infrastructure), Auth0 (authentication), and Stripe (payments). Each is a GDPR-compliant sub-processor with EU data-processing agreements in place.

8. Security

We use industry-standard encryption in transit (TLS 1.3) and at rest. Application secrets are stored encrypted (AES-GCM) and rotated on schedule. Access to production data is restricted to a named operator list.

9. Cookies

Faturium — AI-native expense reconciliation + receipt OCR + bank import + accountant Google Drive sync distinguishes three cookie categories. Essential cookies (session, CSRF, authentication; httpOnly, Secure, SameSite=Strict) are always on — without them the service does not work. Analytics and Marketing cookies are off by default and only load after you accept them in the consent banner shown on your first visit. You can change or revoke your choice at any time from your browser's site data settings; clearing storage for this site re-shows the banner. We do not load any third-party tag before consent.

10. Changes to this Policy

We may update this Privacy Policy. Material changes will be notified via email at least 30 days in advance. Continued use of the service after the effective date constitutes acceptance.

11. Contact & DPO

Data protection enquiries: info@faturium.com.