InvoiceSniffInvoiceSniff

Privacy Policy

Last updated: 22 March 2026

1. Who we are

InvoiceSniff ("we", "us", "our") is an Australian-operated service that helps small businesses detect supplier price changes by analysing invoice data from connected accounting platforms. This policy explains how we collect, use, and protect your information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

2. Information we collect

We collect the following types of information:

  • Account information: your name, email address, and business name when you sign up.
  • Accounting data: supplier names, invoice/bill line items (descriptions, quantities, unit prices), and bill dates — accessed read-only via OAuth from your connected accounting platform (e.g. Xero).
  • Payment information: processed securely by Stripe. We do not store your card details.
  • Usage data: pages visited, features used, and technical information such as browser type and IP address.

3. How we use your information

  • To provide our core service: detecting price changes across your supplier invoices.
  • To send you alerts when we detect price increases above your configured threshold.
  • To match invoice line items using AI-assisted fuzzy matching. Your line item descriptions are sent to OpenAI for processing — no other invoice data is shared.
  • To process payments and manage your subscription.
  • To send you service-related emails (alerts, account updates). We will never send unsolicited marketing emails.

4. How we handle your accounting data

  • We access your accounting data read-only. We never create, modify, or delete any data in your accounting system.
  • OAuth tokens are stored encrypted and are used solely to sync your invoice data.
  • You can disconnect your accounting platform at any time, which revokes our access.
  • Your accounting data is not shared with any third party except as described in section 3 (AI-assisted matching).

5. AI and third-party processing

We use OpenAI's API to match similar line item descriptions across invoices. Only the text descriptions of line items are sent to OpenAI — no prices, quantities, supplier names, or personally identifiable information. OpenAI does not use API data to train their models.

6. Data storage and security

  • Your data is stored in Supabase (hosted on AWS) with row-level security enforced at the database level.
  • All data is encrypted in transit (TLS) and at rest.
  • Access to production systems is restricted and audited.

7. Data retention

We retain your data for as long as your account is active. If you delete your account, we will delete all your data within 30 days. We may retain anonymised, aggregated data for analytics purposes.

8. Your rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your data by deleting your account.
  • Disconnect your accounting platform at any time.
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs.

9. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.

10. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes via email or an in-app notification. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact us

If you have questions about this privacy policy or how we handle your data, contact us at privacy@invoicesniff.com.