Privacy

Privacy Policy

Last updated June 24, 2026

invico takes the protection of your personal data seriously. This policy explains what data we collect, why, for how long, and what your rights are.

1. Data controller

The controller of personal data collected on invico.pro is:

Yoann Collot, sole trader (Entrepreneur Individuel) trading as Invico, with professional address at 119 rue Dumont d'Urville, Apt A 1004, 59800 Lille, France.

For any question, write to support@invico.pro.

2. Data we collect

a) Data you provide

First and last name, email, company, trade (contact form, account creation)
Voice notes and photos uploaded to the service
Generated quotes, price lines, customer information you enter
Payment data (handled by our processor Stripe, we have no access)

b) Data collected automatically

IP address, browser type, operating system, pages visited
Technical identifiers (cookies, session tokens)
Aggregated, anonymous usage statistics

3. Purposes and legal bases

Purpose	Legal basis
Provision of the service (quote generation, storage, sending)	Performance of contract
Account management and billing	Performance of contract
Responding to contact requests	Legitimate interest
Service improvement and statistics	Legitimate interest
Sending marketing communications	Consent (opt-in)
Compliance with legal obligations (tax, accounting)	Legal obligation

4. Retention periods

Account data: throughout the subscription, then 3 years after the last activity
Quotes and business data: throughout the subscription, exportable before deletion
Billing data: 10 years (French legal obligation)
Technical and security logs: 12 months maximum
Non-customer contact requests: 3 years after the last exchange

5. Recipients

Your data is never sold. It may be shared with subprocessors strictly necessary to provide the service:

Hosting of the landing and front end: Vercel Inc. (United States, DPF-certified)
Application hosting and storage of files and photos: Google Cloud Platform / Google Cloud Storage (Google Cloud EMEA Limited / Google LLC) — data hosted in the European Union
Voice note transcription: Groq, Inc. (United States) — voice recordings are transmitted for transcription (data that may contain sensitive information)
AI quote generation: Anthropic (Claude) (United States) — the transcribed text and quote context are sent to the model
Embeddings computation (semantic search): OpenAI (United States)
Payment and billing: Stripe, Inc. (United States) — we have no access to card data
Transactional email: Resend (United States)
Audience measurement / analytics: PostHog (United States) — based on our legitimate interest in improving the service; you may object at any time
Error monitoring and supervision: Sentry (United States)

Transfers to providers located outside the EU (Anthropic, OpenAI, Groq, Stripe, Resend, PostHog, Sentry, Vercel) are governed by appropriate safeguards (see the section below). An up-to-date list of subprocessors is available on request.

6. Transfers outside the EU

Some subprocessors are located in the United States. These transfers are governed by:

Membership in the Data Privacy Framework (DPF) where applicable
Standard Contractual Clauses (SCC) approved by the European Commission
Additional technical measures (encryption in transit and at rest)

7. Your rights

Under the GDPR, you have the following rights at any time:

Access: obtain a copy of your data
Rectification: correct inaccurate data
Erasure: request deletion of your data ("right to be forgotten")
Restriction: temporarily block processing
Portability: retrieve your data in a structured format
Objection: refuse processing based on legitimate interest
Withdrawal of consent: withdraw a previously granted consent
Post-mortem directives: set out how you want your data handled after your death

To exercise your rights, write to support@invico.pro. We respond within one month.

You also have the right to lodge a complaint with the CNIL (French data protection authority) or any other competent supervisory authority.

8. Cookies

invico uses cookies strictly necessary for the operation of the site (authentication, language preference), set without prior consent. We also use PostHog for audience measurement: this analytics cookie is set on the basis of our legitimate interest in improving the service; you may object at any time via your browser settings. No advertising cookies are set.

You can configure your browser to block cookies at any time; some features may then be unavailable.

9. Security

We apply technical and organisational measures to protect your data, detailed on the security page: TLS encryption, encryption at rest, cloud hosting (Google Cloud Platform, European Union), strict access control, regular audits.

10. Changes

This policy may evolve. Any substantial change will be notified to affected users by email at least 30 days before taking effect.

For any question regarding this policy, please write to support@invico.pro.

← Back to home