Invaro Invaro
Sign in Sign up

Effective 2026-06-30

Privacy Policy

This Privacy Policy explains how Byte Imagination Roger Zacharczyk (trading as Byte Imagination, "we", "us") processes personal data in connection with the online service made available on the domain on which this Policy is published (the "Service").

This Policy applies to data we process as controller (account, billing, support, marketing). When we process personal data contained in Customer Data on your instructions, we act as processor under the Data Processing Agreement.

1. Controller

  • Controller: Byte Imagination Roger Zacharczyk
  • Registered seat: Ludwika Kondratowicza 59/21, Warsaw, Poland
  • Tax ID: PL7551870628
  • Privacy contact: privacy@byteimagination.com

We have not appointed a Data Protection Officer. Based on our current processing activities and scale, appointment of a Data Protection Officer is not mandatory under Article 37 GDPR. We reassess this determination periodically and whenever our processing activities materially change. privacy@byteimagination.com is the single point of contact for all privacy matters.

2. Categories of personal data we process

CategoryExamplesSource
Account dataemail address, hashed password, account creation date, email-address-verified timestamp, language preferenceProvided by you at sign-up
Account verification datashort-lived hash of a single-use verification token sent to your email address, with its issue and expiry timestamps. The verification link itself is shown to you only once, in the email; we never store its plaintext formGenerated by the Service at sign-up and at every re-issue
Password recovery datashort-lived hash of a single-use password-reset token sent to your email address, with its issue, expiry and (where applicable) consumption timestamps. The reset link itself is shown to you only once, in the email; we never store its plaintext formGenerated by the Service when you request a password reset
Abuse-prevention datashort-lived signature of an accepted proof-of-work captcha challenge submitted with your sign-up. The signature is a non-reversible computational artefact and does not identify youGenerated by the Service when you submit the sign-up form
Authentication dataAPI key (stored as a cryptographic hash), the human-readable label you assign to each key when creating it, session cookies, last login timestamp, key revocation timestamp, per-API-key usage records (timestamp, IP address, user agent, one row per authenticated request)Generated by the Service; the API key label is supplied by you
Legal acceptance recordsone row per legal document version you have accepted: timestamp of acceptance, IP address at time of acceptance, user agent, acceptance method (sign-up, explicit update, migration), language of the version shown to youGenerated by the Service when you accept a published version of these Terms, the Privacy Policy, the DPA, or a per-Service Additional Terms
Billing and transaction dataname, billing address, country, VAT identifier (where provided), Subscription tier, transaction id, last 4 digits of payment cardCollected by Paddle as Merchant of Record and shared with us for fulfilment
Billing linkage identifiersReference codes that link your account in our system to your billing record at our payment processor. These identifiers do not contain payment-card information; the payment information they reference is held by our payment processor as Merchant of Record.Received from our payment processor when your subscription is created
Usage dataAPI call counts, endpoint paths, response status, request and response bodies (subject to redaction of authentication and authorization headers, cookies, and common secret fields), trace identifiers, timestamps, IP addresses, user agentsGenerated by your interaction with the Service
Data export recordsthe timestamp of your most recent data export request (a single value per account, used only to rate-limit the self-service export)Generated by the Service when you use the self-service data export
Support datacontent of messages you send to us, attachmentsProvided by you when contacting support
Marketing data (optional)opt-in to product updates, opens/clicks of marketing emailsProvided by you on opt-in
Waitlist dataemail address, IP address at time of submission, timestamp of submissionProvided by you when you join the pre-launch waitlist on the public site

We do not intentionally collect special categories of data under Article 9 GDPR or data of children under 16. Do not submit such data through the Service.

The Service you are using may process additional categories of personal data that are specific to the features it provides. Where that is the case, those categories, their purposes, legal bases, and retention periods are set out in the Privacy Supplement for your Service. Where a Privacy Supplement is shown alongside this Policy, it supplements and forms part of this Privacy Policy.

3. Purposes and legal bases

PurposeLegal basis (GDPR)Notes
Provide the Service: account creation, authentication, API serving, quota enforcementArt. 6(1)(b) — performance of a contract
Email-address verification at sign-up: confirming that the address you provide is one you control before granting accessArt. 6(1)(b) — performance of a contractA short-lived verification token (stored as a cryptographic hash) is sent to your email address; clicking the link confirms control. Unconfirmed addresses cannot complete sign-up
Password recovery: allowing you to regain access to your account if you forget your passwordArt. 6(1)(b) — performance of a contractA short-lived password-reset token (stored as a cryptographic hash) is sent to your email address; setting a new password through the link both consumes the token and signs you in. Only verified addresses can request a reset
Sign-up abuse prevention: refusing automated form submissions that would result in unsolicited verification emails to third partiesArt. 6(1)(f) — legitimate interest in protecting our infrastructure, our outbound-email reputation, and third-party recipients from unsolicited messagesA proof-of-work captcha is required on the sign-up form. The accepted-challenge signature is stored briefly to prevent the same captcha solution being replayed
Billing, invoicing, tax and accounting complianceArt. 6(1)(b) and Art. 6(1)(c) — legal obligationPaddle handles end-customer billing as MoR; we hold Paddle's monthly statements
Security: abuse detection, rate limiting, fraud prevention, incident response, security audit logsArt. 6(1)(f) — legitimate interest in protecting the Service, our users, and our infrastructureFeature-specific operational logs are described in your Service's Privacy Supplement
Data portability and access: providing a self-service export of your data (in fulfilment of your Art. 20 and Art. 15 rights), and rate-limiting that export to prevent abuse and accidental loadArt. 6(1)(b) — the export delivers data you provided under your service contract; Art. 6(1)(f) — legitimate interest for the rate-limit timestampThe export is an exercise of your existing rights against already-lawful processing, not a separate processing activity. We retain only the timestamp of your most recent export to enforce the limit; see Section 8
Customer supportArt. 6(1)(b) and Art. 6(1)(f)
Service notifications (changes to Terms, Privacy Policy, security incidents, scheduled maintenance)Art. 6(1)(b) and Art. 6(1)(c)Cannot be opted out of while you have an active account
Product updates and marketing communicationsArt. 6(1)(a) — consentOpt-in only; opt-out at any time
Pre-launch waitlist contactArt. 6(1)(a) — consentYou are added to the waitlist for the Service whose public site you signed up on; we contact you when the Service opens to general availability or to ask for early-access feedback. You can request removal at any time via privacy@byteimagination.com
Compliance with legal obligations and defence of legal claimsArt. 6(1)(c) and Art. 6(1)(f)
Proof of acceptance of these Terms, the Privacy Policy, the DPA, and per-Service Additional TermsArt. 6(1)(b) — performance of contract; Art. 6(1)(f) — legitimate interest in demonstrating valid acceptance and defending against legal claimsThe IP address attached to a legal acceptance is automatically cleared after 365 days; the acceptance record itself is preserved for the lifetime of the account

4. Recipients and sub-processors

We share personal data only with the following categories of recipients:

  • Paddle.com Market Ltd (UK) — Merchant of Record; processes payment, billing address, and tax data.
  • DigitalOcean, LLC — hosting and infrastructure services.
  • Resend, Inc. — transactional email delivery (account verification, password reset, billing notices, service notifications).
  • Public authorities — where required by law (court order, lawful request).

A current Sub-processor list with each provider's role and country of processing is published alongside this Policy. We notify you at least 30 days before adding or replacing a sub-processor for processor activities under the DPA.

5. International transfers

Personal data may be processed outside the European Economic Area where a sub-processor is located outside the EEA. Where this is the case, transfers are based on:

  • An adequacy decision under Article 45 GDPR; or
  • Standard Contractual Clauses (SCCs) under Article 46(2)(c) GDPR with supplementary measures as appropriate; or
  • A derogation under Article 49 GDPR.

A copy of the SCCs in force for a given recipient is available on request to privacy@byteimagination.com.

6. Retention

DataRetention
Account dataFor the lifetime of your account; deleted immediately on account closure, except for records retained on legal-basis grounds (billing — 5 years; legal acceptance records — see Section 8)
Billing records5 years from the end of the calendar year in which the transaction occurred (Polish accounting law)
Billing linkage identifiers (references to your record at our payment processor)For the lifetime of your subscription; deleted when your account is closed
API key hashesUntil you delete the key or close the account
API key labels (the human-readable name you assign)Until you delete the key or close the account; revoked keys keep their label as part of the audit history
API key revocation timestampsFor the lifetime of your account; preserved as part of the key's audit history
API request/response logs (Logbook)30 days, then deleted
API request/response markers and trace ids in application logs90 days
Feature-specific operational logsAs set out in your Service's Privacy Supplement
Per-API-key usage records (timestamp, IP, user agent)365 days from the time of each call, then the record is automatically deleted (the API key itself is preserved)
Data export request timestamp (the time of your most recent data export, kept to rate-limit exports under Art. 6(1)(f))A single most-recent timestamp per account, for the lifetime of your account; deleted when your account is closed
Legal acceptance recordsFor the lifetime of your account, and for up to 6 years after account closure under art. 118 of the Polish Civil Code (or longer if a specific claim is pending or threatened), for the purpose of establishing, exercising, or defending legal claims (Art. 17(3)(e) GDPR). The IP address attached to each acceptance is automatically cleared after 365 days.
Invoice-numbering idempotency keys24 hours, then automatically deleted
Submission-deduplication records (where your Service uses this feature)As set out in your Service's Privacy Supplement
Email-address verification tokens24 hours, then automatically deleted whether or not the link was used; a new token is issued on each sign-up attempt
Password-reset tokens1 hour from issuance (after which the link no longer works), then a further 7-day forensic retention so we can answer support questions about why a link was rejected; deleted automatically thereafter. A new token is issued on each reset request
Sign-up abuse-prevention signatures20 minutes from acceptance, then automatically deleted
Support correspondence3 years from the date of the last message
Marketing opt-in recordsUntil you withdraw consent + 3 years for evidentiary purposes
Waitlist entries (email, IP, timestamp)The IP address attached to a waitlist entry is automatically cleared after 365 days. The email and timestamp are kept until the Service opens to general availability and waitlist communications complete, until you request removal, or 24 months idle — whichever is earliest, after which the entry is automatically deleted

7. Security

We apply technical and organisational measures appropriate to the risk, including:

  • Encryption of data in transit using current industry-standard protocols;
  • Encryption at rest where supported by the underlying storage;
  • API keys stored as cryptographic hashes, never in plaintext;
  • Passwords stored using a salted, computationally expensive hash algorithm;
  • Access control and least-privilege within the operations team;
  • Audit logging of authenticated API access and administrative actions;
  • Redaction of single-use secret links from our server access logs: where a link we send you (such as an account-verification or password-reset link) or a payment-recovery link carries a one-time secret in its web address, that secret is replaced with a placeholder before the request is recorded in our web server's access logs, so the secret itself is never written to those logs;
  • Sub-processor due diligence and contractual safeguards.

No system is fully secure. If you believe your account has been compromised, contact privacy@byteimagination.com immediately.

8. Your rights

Subject to the conditions of GDPR you have the right to:

  • access your personal data (Art. 15);
  • rectify inaccurate or incomplete data (Art. 16);
  • erasure ("right to be forgotten") (Art. 17);
  • restriction of processing (Art. 18);
  • data portability (Art. 20);
  • object to processing based on legitimate interest (Art. 21);
  • withdraw consent at any time, without affecting the lawfulness of processing before withdrawal (Art. 7(3));
  • lodge a complaint with a supervisory authority. The Polish authority is the Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa, https://uodo.gov.pl. You may also lodge a complaint with the supervisory authority in your country of residence or work.

To exercise any right, contact privacy@byteimagination.com. We respond within one month, extendable by two further months for complex requests under Art. 12(3) GDPR.

Self-service data export. You can exercise your right to data portability (Art. 20) at any time without contacting us: sign in and use Export your data in your account. The export is a downloadable archive of machine-readable JSON files containing your account details, the data you have created in the Service, and your full activity history — including a record of operations on items you have since deleted. To prevent abuse, the self-service export can be used once every 30 days; this does not limit your right to request your data from us at any time, which we fulfil within one month as described above.

Note on legal acceptance records: the right to erasure under Art. 17 does not extend to legal acceptance records (timestamp, acceptance method, document version, and locale of each version you accepted) where those records are necessary for the establishment, exercise, or defence of legal claims (Art. 17(3)(e) GDPR). We retain these records after account closure and anonymisation on this basis, for up to 6 years from account closure under art. 118 of the Polish Civil Code (the general limitation period for civil claims), or such longer period as may be required if a specific claim is pending or threatened. The IP address attached to each acceptance is, however, cleared automatically after 365 days.

9. Cookies

The Service uses cookies as described in our Cookie Policy.

10. Automated decision-making

We do not make automated decisions that produce legal effects concerning you or that similarly significantly affect you within the meaning of Article 22 GDPR.

Some processing described in Section 3 (security, abuse detection, rate limiting) is automated by nature but does not meet the Article 22 threshold: it is a standard feature of API services and does not determine rights, contract terms, or access in a way that cannot be remedied through human review. If you believe your account has been incorrectly blocked or limited, contact privacy@byteimagination.com and a human will review the decision.

If we introduce processing that meets the Article 22 threshold in the future, we will update this section and notify you in accordance with Section 11.

11. Changes to this Policy

We may update this Policy from time to time. Material changes are notified by email at least 30 days before the effective date. The effective date is shown at the top of this document. Prior versions are preserved in our public source repository.

12. Contact

Privacy questions and requests: privacy@byteimagination.com.

Effective 2026-06-30

Privacy Supplement — Invaro

This Privacy Supplement describes categories of personal data that the Invaro Service processes in connection with features specific to this Service, in addition to the platform-wide processing described in the Privacy Policy. It supplements and forms part of the Privacy Policy; defined terms have the meaning given there.

1. Additional categories of personal data

CategoryExamplesSource
National e-invoicing operation event datarecords of each e-invoicing operation the Service carries out on your behalf when it issues invoices to, or retrieves them from, a national e-invoicing system (for example Poland's KSeF): type of operation (opening or closing a session, submitting an invoice, checking its status, retrieving its official confirmation, querying, downloading), outcome, the national system's reference numbers, IP address at the time of the operation, and operational parameters (query date ranges, pagination, result counts). These records do not contain invoice content, your credentials, or your counterparties' identifying informationGenerated by the Service when you use its e-invoicing API
Invoice-numbering activity logone record per numbering operation you perform with the built-in invoice-numbering feature: the operation, the numbering series involved, the IP address at the time, and the related parametersGenerated by the Service when you use the built-in invoice-numbering feature
Duplicate-submission prevention recorda short-lived technical record that lets the Service recognise a retried invoice submission and return the original result instead of submitting the same invoice twice: a submission key you supply, the target national e-invoicing environment, the national system's reference and number for that submission, its processing status, if the national system rejects the submission the rejection code it returned, and a one-way cryptographic fingerprint (SHA-256) of the submitted invoice's stable content, which the Service uses to detect whether a retry supplies a different invoice under the same key — this fingerprint cannot be reversed to recover any invoice data. This record does not contain invoice content in readable or recoverable form, and contains no credentials. If you include personal data in the submission key (for example a reference that identifies an individual), that personal data is processed on your instructions as Customer Data under the Data Processing AgreementGenerated by the Service when you submit an invoice with a submission (idempotency) key

2. Purposes and legal bases

PurposeLegal basisNotes
Support, dispute resolution, and accountability for national e-invoicing relay operations: keeping a record of which operations were performed, with what outcomeArt. 6(1)(f) — legitimate interest in maintaining accurate operational records for an e-invoicing relay with legal and financial consequences for usersOperational metadata only — never invoice content or credentials
Providing the built-in invoice-numbering feature and keeping its activity log for support and auditArt. 6(1)(b) — performance of the contract for the feature you use; Art. 6(1)(f) — legitimate interest in an accurate audit trail
Preventing duplicate invoices when your client retries a submissionArt. 6(1)(b) — performance of the contract (correct, non-duplicated submission); Art. 6(1)(f) — legitimate interest in not creating duplicate legal invoicesMetadata only — never invoice content or credentials; any rejection code stored is a system code returned by the national system

3. Retention

DataRetention
National e-invoicing operation event data5 years from the date of the operation (or until your account is closed, if sooner), then the record is deleted in full. The IP address and the national system's session reference attached to each record are cleared after 365 days; the record itself is kept for the remainder of the 5-year retention period
Invoice-numbering activity logFor the lifetime of your account; deleted on account closure. The IP address attached to each record is cleared after 365 days
Duplicate-submission prevention recordA few days (three by default) from the submission, then deleted; it exists only to cover the realistic retry window. Also deleted when your account is closed

© 2026 Invaro

Byte Imagination · Tax ID PL7551870628

  • Support
  • API Documentation
  • Terms of Service
  • Additional Terms
  • Privacy Policy
  • Refund Policy
  • Cookie Policy
  • Acceptable Use
  • Data Processing Agreement
  • Sub-processors