Invoice Atelier

Public legal and trust materials for the AI-assisted invoicing platform.

Trust Center
Last updated [EFFECTIVE DATE]

Data Processing & Subprocessors

A trust-center style overview of the third-party processing categories used to host, secure, analyze, message, and power AI features.

These pages are written to be plain-English and liability-conscious. Final review by a licensed lawyer is recommended before production launch.

1. Subprocessor framework

We use third-party infrastructure and service providers to host, secure, analyze, support, and improve the platform. Providers should receive only the minimum data required for their role, and the list below is designed to be edited from a central config source as vendors change.

2. Google / Gmail readiness

If Google or Gmail integration is enabled, users should be informed about the categories of Google user data accessed, the purpose for access, how long related metadata is retained, and how users can revoke or request deletion. Integrations should request minimum necessary scopes only.

Subprocessor categories

Vendor names and categories are controlled from the centralized legal config so they can be updated without rewriting page layout.

Last updated [EFFECTIVE DATE]

Cloud hosting

Application hosting, managed databases, backups, and storage infrastructure.

Data types

  • account data
  • invoice data
  • client records
  • audit logs

Current / planned vendors

  • [PRIMARY CLOUD HOSTING VENDOR]
  • [MANAGED DATABASE VENDOR]

Authentication

Session management and future OAuth connectivity.

Data types

  • account identifiers
  • session metadata
  • OAuth connection data

Current / planned vendors

  • [AUTHENTICATION / OAUTH VENDOR IF USED]

Analytics

Usage analytics, performance monitoring, and security telemetry.

Data types

  • device data
  • usage data
  • technical logs

Current / planned vendors

  • [ANALYTICS VENDOR]

Email delivery

User-authorized invoice sends, reminder sends, and delivery support.

Data types

  • sender identity
  • recipient email
  • message metadata
  • delivery logs

Current / planned vendors

  • Google / Gmail (if connected)
  • [TRANSACTIONAL EMAIL VENDOR IF ADDED]

AI providers

Draft generation, summarization, refinement, and assistive workflow features.

Data types

  • user prompts
  • draft content
  • invoice context
  • editing metadata

Current / planned vendors

  • OpenAI
  • [ADDITIONAL AI PROVIDER IF ADDED]

Payment processors

Future payment flows, if introduced later.

Data types

  • payer identifiers
  • payment metadata
  • transaction status

Current / planned vendors

  • [PAYMENT PROCESSOR IF ADDED LATER]