Privacy Policy

Introduction & Data Controller

We respect your privacy and are committed to protecting your personal data under the General Data Protection Regulation (GDPR) (EU) 2016/679 and Swedish data protection law.

Irusri Group AB is the data controller responsible for processing your personal data.

1. Personal Data We Collect

We collect personal data that is necessary to provide, operate, and improve our invoice management and related services, including:

• Account Information: First and last name, email address, company name
• Contact Details: Billing address, phone number
• Invoice & Transaction Data: Invoice details, payment status, client information
• Usage & Technical Data: IP address, device and browser details, cookies and analytics
• Communications: Support tickets, feedback, survey responses

2. Legal Basis for Processing

We process your personal data based on:

• Contractual necessity: To provide our invoice management services
• Legal obligation: Compliance with tax, accounting, and regulatory requirements
• Legitimate interests: To maintain, secure, and improve our services
• Consent: For optional services like marketing (which you may withdraw at any time)

3. How We Use Your Data

We use personal information to:

• Provide, maintain, and improve our invoice management solution
• Manage and process invoices and payments
• Communicate service updates, invoices, receipts, and legal notices
• Analyze usage to improve the platform and customer experience
• Prevent fraud and protect customer accounts
• Comply with legal and regulatory obligations

4. Data Sharing & Third Parties

We never sell your personal data to third parties. We may share data with:

• Trusted service providers (e.g., payment processors, cloud hosting) who process data on our behalf
• Legal authorities if required by law or to protect our rights
• Analytics and security partners to help improve the platform

All third parties are contractually obligated to comply with GDPR and maintain data security.

5. International Data Transfers

Your personal data may be stored and processed outside the EEA. We ensure such transfers are protected by appropriate safeguards such as:

• EU Standard Contractual Clauses
• Approved international transfer frameworks

This helps ensure continuous GDPR protection even when data is processed outside the EEA.

6. Data Retention

We only retain personal data as long as necessary for:

• Providing our services
• Legal compliance (e.g., tax record requirements)
• Resolving disputes

Upon request or when data is no longer required, we will securely delete it.

7. Your GDPR Rights

Under GDPR, you have the right to:

• Access your data
• Rectify inaccurate information
• Erase your personal data ("right to be forgotten")
• Restrict processing
• Object to processing
• Request data portability
• Withdraw consent at any time

To exercise your rights, contact privacy@irusri.com.

You also have the right to lodge a complaint with the Swedish supervisory authority, Integritetsskyddsmyndigheten (IMY).

8. Security Measures

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption at rest and during transmission
• Secure authentication and access controls
• Regular security assessments and updates
• Restricted internal access on a need-to-know basis

9. Cookies & Tracking

We use cookies and similar technologies for:

• Functionality necessary to run the service
• Analytics and performance monitoring
• Improving user experience

Users can manage cookie preferences through browser settings or consent banners.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of major changes by posting the revised version on our website or sending an email where applicable.