Facturely — Privacy Policy & Data Processing Terms

Last updated: 13 July 2026

Facturely provides tax-compliant invoicing for Shopify merchants. For customer personal data processed by the app, the merchant is the data controller and Facturely is a data processor acting on the merchant's instructions. This page constitutes our data processing terms.

What personal data we process, and why

We process the minimum data required to generate legally valid invoices:

DataPurposeLegal basis (merchant's)
Buyer name, company, billing/shipping addressMandatory invoice fields under EU VAT lawLegal obligation (Art. 6(1)(c) GDPR)
Buyer emailDelivering the invoice PDF to the customerLegal obligation / contract
Buyer VAT IDReverse-charge determination; validated against the EU VIES service with stored consultation proofLegal obligation
Order lines, amounts, taxesInvoice contentLegal obligation

We do not process phone numbers, payment credentials, or any data for marketing, analytics resale, or advertising. We never sell personal data.

Sub-processors

Retention

Issued invoices and credit notes are retained for the statutory tax-retention period applicable to the merchant (up to 10 years, e.g. §147 AO in Germany) — this retention is itself a legal requirement and survives customer erasure requests (GDPR Art. 17(3)(b)). All other data is short-lived. On app uninstall, all shop data is permanently deleted when Shopify sends the shop/redact webhook (~48 hours after uninstall). Merchants should export their invoice archive before uninstalling.

GDPR requests

Shopify's mandatory compliance webhooks are implemented. Data-subject requests should be directed to the merchant (controller); we support the merchant in fulfilling them.

Security

TLS for all data in transit; encrypted volumes and encrypted backups at rest; access restricted to Shopify-authenticated merchant sessions; separated test and production environments. Report vulnerabilities to support@facturely.app with subject "SECURITY".

Contact

support@facturely.app