Privacy Policy

Last updated: May 14, 2026

CarrierInvoice ("we," "us," or "our") operates the carrierinvoice.com website and application. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service.

1. Information We Collect

Account Information: When you register, we collect your name and email address. Passwords are hashed and never stored in plain text.

Documents & Invoices: Documents you upload (invoices, BOLs, rate confirmations) and invoices you create using the Service are stored in your account.

Templates: Invoice templates you create, including PDF files and field coordinate configurations.

Payment Information: Payment details (credit card numbers, billing address) are collected and processed directly by Stripe. We do not store your full payment information on our servers — only a Stripe customer ID and subscription status.

Usage Data: We may collect basic usage information such as login timestamps and feature usage to improve the Service.

2. How We Use Your Information

• To provide, maintain, and improve the Service.
• To process your documents using AI-powered extraction (see Section 4).
• To generate invoices based on your templates.
• To process payments and manage your subscription.
• To send transactional emails (account confirmation, password resets, subscription notifications).
• To respond to support requests.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Client-Side Processing

Certain operations are performed entirely in your browser and are not transmitted to our servers during those specific steps: PDF invoice generation uses WebAssembly (WASM) technology, and initial OCR text recognition uses Tesseract.js. However, your invoice data, extracted information, uploaded documents, and generated files are stored on our servers as described in Section 5 to provide the Service functionality (access, editing, exporting).

4. Cloud AI Document Processing

When you use the document extraction feature, images of your uploaded documents are sent to cloud AI services we use for analysis, currently Azure OpenAI and Google Cloud Vertex AI/Gemini. This means:

• Document images may be transmitted to Microsoft Azure and/or Google Cloud infrastructure for processing.
• The cloud AI service analyzes the data to extract text and structured information, then returns the results to our Service.
• Microsoft and Google's handling of this data is governed by their own privacy policies and cloud service terms, including the Microsoft Privacy Statement and Google Cloud Privacy Notice.
• We use these cloud AI services to provide document extraction, not to sell your document data or share it for third-party marketing.

By using the document extraction feature, you acknowledge and consent to your document data being processed by these cloud AI services as described above. If you do not wish for your documents to be processed by a third-party cloud AI service, you may choose not to use the extraction feature and enter invoice data manually.

5. Data Storage & Security

Database: Account data, invoice records, and template configurations are stored in a PostgreSQL database with encrypted connections.

File Storage: Uploaded documents, template PDFs, and generated files are stored in Cloudflare R2 cloud storage with encryption at rest.

Authentication: Access to your account is protected by JWT (JSON Web Token) authentication. Refresh tokens are stored securely and rotated regularly. Expired tokens are automatically cleaned up.

Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL (HTTPS).

6. Third-Party Services

We use the following third-party services to operate CarrierInvoice:

• Stripe — Payment processing. Stripe handles all payment card data. Stripe Privacy Policy.
• Microsoft Azure / Azure OpenAI — AI-powered document analysis and data extraction. Microsoft Privacy Statement.
• Google Cloud / Vertex AI — AI-powered document analysis and data extraction. Google Cloud Privacy Notice.
• Cloudflare — File storage (R2) and content delivery. Cloudflare Privacy Policy.
• Amazon Web Services (AWS SES) — Transactional email delivery. AWS Privacy Policy.

7. Data Retention

We retain your account data and associated files for as long as your account is active. If your subscription expires or is canceled, your data is retained for 30 days to allow for reactivation. After 30 days, we reserve the right to delete inactive account data and associated files.

8. Your Rights

You have the right to:

• Access your personal data stored in your account.
• Download your invoices and documents at any time.
• Delete individual invoices, templates, or documents from your account.
• Request full account deletion and removal of all associated data by contacting support.

9. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

• Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

We do not sell personal information. We do not share personal information with third parties for their direct marketing purposes. To exercise your rights, contact us at [email protected]. We will respond to verifiable requests within 45 days.

10. Cookies

CarrierInvoice does not use advertising cookies, third-party tracking cookies, or analytics services.

The CarrierInvoice application uses browser local storage and session storage for essential and functional purposes, including maintaining your authentication session, storing theme and interface preferences, remembering "don't show again" choices, supporting version refresh behavior, and completing social login flows.

We also use Cloudflare Turnstile on selected forms to protect against spam and automated abuse. Turnstile may process browser and device signals for security verification. Cloudflare's handling of this information is described in its Turnstile Privacy Addendum.

11. Children's Privacy

CarrierInvoice is not intended for use by individuals under the age of 18. We do not knowingly collect information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you via email or a notice within the application. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact

For privacy-related questions or data requests, contact us at Support or email [email protected].

Crisp Tech LLC, IL 60089