What personal data does mafactu collect?

mafactu collects account information (name, email, password), company profile details (company name, tax ID, address, phone, logo), invoicing data (invoices, quotes, client records, product catalogs), usage analytics (pages visited, session duration, features used), and technical data (IP address, browser type, operating system). We do not collect sensitive data such as health information, biometric data, or political opinions. All data collection is limited to what is necessary to provide and improve our invoicing services.

Does mafactu share my data with third parties?

No, mafactu does not sell or share your personal data with third parties for their own marketing purposes. We use Google AdSense on our public marketing pages, which may place cookies to serve personalized ads, but this only applies to public pages and not within your authenticated invoicing dashboard. Our backend infrastructure is hosted on Supabase, which processes data on our behalf under strict data processing agreements. We may disclose data if required by law or to comply with legal obligations.

How can I delete my account and data?

You can request the deletion of your account and all associated data by contacting us at support@mafactu.com. Upon receiving your request, we will delete your personal data within 30 days. Please note that certain financial records (invoices, tax documents) may be retained for up to 10 years to comply with tax and accounting regulations. Server logs are automatically purged after 90 days. You also have the right to request a copy of your data in a portable format before deletion.

Does mafactu use cookies?

Yes, mafactu uses three categories of cookies. Strictly necessary cookies are essential for platform functionality (authentication, security, language preferences) and do not require consent. Analytics cookies help us understand how visitors interact with our site and are only set with your consent. Advertising cookies are used by Google AdSense on public marketing pages to deliver personalized ads and are only set with your explicit consent. You can manage your cookie preferences at any time via the consent banner or your browser settings. No advertising cookies are used within the authenticated application area.

Privacy Policy | mafactu

1. Introduction

At mafactu, your privacy is a core priority. This Privacy Policy describes in detail how we collect, use, store, and protect your personal information when you visit our website at mafactu.com or use our online invoicing platform. We are committed to transparency and to complying with the General Data Protection Regulation (GDPR), the ePrivacy Directive, and all other applicable data protection laws.

By accessing our website or creating an account, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our services immediately. We encourage you to review this page periodically, as we may update it to reflect changes in our practices or in applicable regulations.

2. Data We Collect

We collect several categories of personal data to provide, maintain, and improve our services:

Account information: When you register, we collect your full name, email address, and password. If you set up a company profile, we also collect your company name, tax identification number (ICE/IF), address, phone number, and logo.
Billing and invoicing data: Documents you create (invoices, quotes, purchase orders), client records, product catalogs, and associated financial figures are stored in your account.
Usage and analytics data: We automatically collect information about how you interact with our platform, including pages visited, features used, session duration, click patterns, and referral sources.
Technical data: Your IP address, browser type and version, operating system, device type, screen resolution, and timezone are collected through standard web protocols and analytics tools.
Communication data: If you contact our support team or submit a ticket, we retain the content of those communications along with any file attachments you upload.

We do not intentionally collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data.

3. How We Use Your Data

We process your personal data for the following purposes, each supported by a lawful basis under GDPR:

Service delivery (contractual necessity): To create and manage your account, generate invoices and documents, manage your client and product databases, and deliver the core functionality of our platform.
Communication (contractual necessity): To send you account-related notifications such as email confirmations, password resets, license updates, and support ticket responses.
Analytics and improvement (legitimate interest): To analyze aggregate usage patterns, identify bugs, optimize performance, and develop new features that improve the user experience.
Advertising (consent): To display relevant advertisements on our marketing pages through Google AdSense. We only serve ads on public-facing pages, not within your authenticated invoicing dashboard.
Legal compliance (legal obligation): To comply with tax regulations, respond to lawful government requests, and enforce our terms of service.

We never sell your personal data to third parties. We process data only to the extent necessary for the stated purposes.

4. Google AdSense & Advertising

Our public marketing pages use Google AdSense, a third-party advertising service provided by Google LLC, to display advertisements. Google AdSense uses cookies and similar tracking technologies to serve ads based on your browsing history across various websites. These cookies allow Google to recognize your browser and deliver advertisements that may be more relevant to your interests.

Google, as a third-party vendor, uses the DoubleClick cookie to serve ads. You may opt out of personalized advertising at any time by visiting Google Ads Settings or by visiting aboutads.info for a broader opt-out of third-party advertising cookies.

Third-party advertising networks partnered with Google may also place cookies on your device to measure advertising effectiveness, limit the number of times you see an ad, and personalize advertising content. We do not have direct control over these third-party cookies. No advertising cookies or tracking scripts are used within the authenticated application area (mafactu.com/app/).

5. Cookies

Cookies are small text files stored on your device when you visit a website. We use the following categories of cookies:

Strictly necessary cookies: These are essential for the operation of our platform. They include session cookies for authentication, security tokens, and language preference cookies. Without these cookies, the service cannot function properly. No consent is required for these cookies.
Analytics cookies: We use these to understand how visitors interact with our website, which pages are most popular, and where users encounter errors. This data is aggregated and anonymized wherever possible. These cookies are only set with your consent.
Advertising cookies: Used by Google AdSense and its advertising partners to deliver personalized ads and measure their performance. These cookies track your browsing activity across websites. They are only set with your explicit consent.

You can manage your cookie preferences at any time through the cookie consent banner displayed on your first visit, or by adjusting your browser settings. Please note that disabling essential cookies may impair your ability to use certain features of our platform. Most modern browsers allow you to block or delete cookies through their privacy settings.

6. Your Rights (GDPR)

Under the General Data Protection Regulation and other applicable privacy laws, you have the following rights regarding your personal data:

Right of access: You can request a complete copy of all personal data we hold about you. We will respond within 30 days of receiving your request.
Right to rectification: If any of your personal data is inaccurate or incomplete, you have the right to request correction. You can also update most information directly through your account settings.
Right to erasure (right to be forgotten): You may request the deletion of your personal data. Upon receiving such a request, we will delete your account and all associated data, except where retention is required by law (e.g., tax record keeping obligations).
Right to restrict processing: You can request that we limit the processing of your data in certain circumstances, for example while we verify the accuracy of your data following a dispute.
Right to data portability: You can request to receive your personal data in a structured, commonly used, machine-readable format (such as JSON or CSV), and transmit it to another service provider.
Right to object: You may object to the processing of your data for direct marketing purposes at any time. You can also object to processing based on legitimate interests, and we will cease processing unless we demonstrate compelling legitimate grounds.
Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, please contact us at support@mafactu.com. We will respond to your request within 30 days. If we need additional time, we will inform you of the reason for the delay.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by applicable law. Specifically:

Account data: Retained for the duration of your active account. If you delete your account, we remove your personal data within 30 days, except where legal retention obligations apply.
Invoicing and financial records: Retained for up to 10 years after creation to comply with tax and accounting regulations in applicable jurisdictions.
Analytics data: Aggregated and anonymized data may be retained indefinitely. Identifiable analytics data is deleted after 26 months.
Support tickets: Retained for 3 years after resolution to provide continuity of support and for quality assurance purposes.
Server logs: Automatically purged after 90 days.

When data is no longer needed, it is securely deleted or anonymized so that it can no longer be associated with you.

8. Data Security

We take the security of your data seriously and implement a comprehensive set of technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction:

Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3 (Transport Layer Security).
Encryption at rest: Your data stored in our database is encrypted at rest using AES-256 encryption provided by our hosting infrastructure.
Access controls: We employ strict role-based access controls. Only authorized personnel with a legitimate need can access personal data, and all access is logged and audited.
Infrastructure security: Our backend is hosted on Supabase, which runs on secure cloud infrastructure with automatic backups, DDoS protection, and regular security patches.
Application security: Row Level Security (RLS) policies ensure that each user can only access their own data. All API requests are authenticated using secure JWT tokens.

Despite our best efforts, no method of electronic transmission or storage is completely secure. If you discover a security vulnerability, please report it to support@mafactu.com immediately.

9. Children's Privacy

Our services are designed for business professionals and are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16 years of age. If we become aware that we have inadvertently collected data from a child under 16, we will take immediate steps to delete that information from our servers. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@mafactu.com so we can take appropriate action.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on this page and updating the "Last updated" date at the top. For significant changes that affect your rights or how we process your data, we may also send you an email notification or display a prominent notice on our website. We encourage you to review this policy periodically to stay informed about how we protect your data.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please do not hesitate to contact us:

Email: support@mafactu.com
Website: mafactu.com

We aim to respond to all inquiries within 5 business days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.