Marketplace Invoice ("we", "us", "our") values the protection of your personal data. In this privacy policy we explain what data we collect, why we do so, and how we handle it, in accordance with the General Data Protection Regulation (GDPR).
Data controller
The data controller for the processing described in this policy is:
- Marketplace Invoice
- Email: info@marketplaceinvoice.com
- Chamber of Commerce (KvK): 70163561
- VAT number: NL002310732B91
1. What data we collect
We collect and process the following personal data:
- Name and email address (upon registration)
- Company name, Chamber of Commerce number, VAT number, and address details
- Bol.com API credentials (Client ID and Client Secret)
- Shopify store connection (via OAuth)
- Amazon SP-API credentials (coming soon)
- Invoice data and order data obtained from connected marketplaces (Bol.com, Shopify, and Amazon)
- Documents uploaded via Quick Invoice (screenshots, PDFs, or CSVs) for data extraction purposes
- Payment information (processed via Stripe, not stored by us)
- Usage and analytics data on our public website (page views, sign-ups), collected via Google Analytics and the Meta Pixel only after you accept analytics cookies in our cookie banner. The app itself (behind login) is not tracked.
2. How we use your data
We use your data exclusively for the following purposes:
- Automatically generating invoices based on your marketplace orders
- Uploading generated invoices to the respective marketplace platform
- Managing your account and subscription
- Communicating about our service (service messages)
- Extracting invoice data from uploaded documents via the Quick Invoice feature (using Anthropic Claude)
- Measuring website traffic and advertising effectiveness, with your consent (see section 7)
3. Legal basis for processing
We process your personal data on the following legal grounds (GDPR Art. 6):
- Contract performance (Art. 6(1)(b)) - processing is necessary for providing the invoice generation and upload service as agreed upon when you create an account.
- Consent (Art. 6(1)(a)) - analytics and marketing cookies are only placed after you give consent via our cookie banner, which you can withdraw at any time.
- Legitimate interest (Art. 6(1)(f)) - we have a legitimate interest in improving our service and maintaining the security of our platform.
- Legal obligation (Art. 6(1)(c)) - we are required to retain certain data (such as invoice records) to comply with fiscal retention requirements under Dutch law.
4. Storage and security
We take the security of your data seriously:
- Marketplace credentials for all platforms (Bol.com, Shopify, and Amazon) are stored encrypted using AES-256-GCM encryption. Encryption keys are stored separately from the database.
- Our database is hosted by Neon (PostgreSQL) within the European Union.
- The application is hosted on Vercel with servers in the EU.
- All data traffic is transmitted via secure HTTPS connections.
- Passwords are stored in hashed form and are never available in plain text.
5. Sharing with third parties
We do not share your personal data with third parties, except with the following processors that are necessary to provide our service:
- Vercel - application hosting (EU)
- Neon - database hosting (PostgreSQL, EU)
- Stripe - payment processing (US, with Standard Contractual Clauses for EU-US data transfers)
- Bol.com - order data retrieval and invoice delivery via the Retailer API (at your request)
- Shopify - order data and invoice delivery via the Shopify API (at your request)
- Amazon - order data and invoice delivery via the SP-API (coming soon, at your request)
- Anthropic - data extraction from uploaded documents in Quick Invoice only (US, with commercial API terms - see section 9 below)
- Google - Google Analytics and Google Tag Manager for website analytics, and Google Ads for advertising measurement (US, with Standard Contractual Clauses), only after you accept analytics cookies
- Meta - the Meta (Facebook) Pixel for advertising measurement (US, with Standard Contractual Clauses), only after you accept marketing cookies
- Trustpilot - displaying our customer reviews widget on the public website
We have Data Processing Agreements in place with all of these parties. We never sell your data to third parties.
6. International data transfers
Your data is primarily processed within the European Union. In some cases, data may be transferred outside the EU:
- Stripe processes payment data in the United States under Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.
- Anthropic processes Quick Invoice document data in the United States under their commercial API terms. Data sent to Anthropic is not used for model training.
- Google and Meta process website analytics and advertising data in the United States under Standard Contractual Clauses, and only when you have accepted the relevant cookies.
- Marketplace APIs (Shopify, Amazon) may process data in various jurisdictions depending on their infrastructure.
- All other data processing occurs within the EU (Vercel EU, Neon EU).
7. Cookies and analytics
We use a functional session cookie for authentication and small functional cookies to remember your language and your cookie-consent choice. On our public website we also use analytics and marketing cookies - Google Analytics, Google Tag Manager and the Meta Pixel - but only after you accept them in our cookie banner. We run Google Consent Mode, so these are denied by default until you opt in, and you can decline them entirely. Stripe may place its own cookies during checkout; please refer to Stripe's privacy policy. Read more in our cookie policy.
8. Your rights
Under the GDPR you have the following rights:
- Right of access - You can request which data we process about you.
- Right to rectification - You can have incorrect data corrected.
- Right to erasure - You can request the deletion of your data.
- Right to data portability - You can receive your data in a commonly used format.
- Right to restriction - You can have the processing of your data restricted.
- Right to object - You can object to the processing of your data.
- Right to withdraw consent - Where processing is based on consent, you can withdraw your consent at any time without affecting the lawfulness of processing carried out prior to the withdrawal.
You can exercise your rights by contacting us at info@marketplaceinvoice.com. We will respond to your request within 30 days.
9. Use of AI in Quick Invoice
Important: AI is only used in the Quick Invoice scan feature.
All other features - automatic invoicing for Bol.com, Shopify, and Amazon - do not use any form of AI or machine learning. These features work directly with marketplace APIs and process data locally on our servers.
The Quick Invoice scan feature uses Anthropic Claude (a large language model by Anthropic, PBC) to extract structured data (customer name, address, line items, amounts) from uploaded documents such as screenshots, PDFs, or images.
What data is sent to Anthropic
When you use the Quick Invoice scan feature, the content of your uploaded document is sent to Anthropic's API for processing. This may include customer names, addresses, product descriptions, prices, and other information visible in the document.
How Anthropic handles your data
- We use Anthropic's commercial API, which operates under their Commercial Terms of Service.
- Your data is not used to train Anthropic's models. Anthropic's commercial API terms explicitly state that customer data submitted through the API is not used for model training.
- Anthropic may retain API inputs and outputs for up to 30 days for trust and safety purposes (e.g., abuse detection), after which the data is deleted.
- Anthropic processes data in the United States.
Your control
- The Quick Invoice scan feature is entirely optional. You can always create invoices manually without using the scan feature.
- You review and approve all extracted data before an invoice is generated - no automated decisions are made.
- If you do not wish your data to be processed by Anthropic, simply do not use the scan feature.
For more information about how Anthropic handles data, see their Privacy Policy and Commercial Terms.
10. Automated decision-making
We do not use automated decision-making or profiling as referred to in Article 22 of the GDPR. All invoice generation is based on factual order data provided by the connected marketplace platforms and does not involve decisions that produce legal effects or similarly significantly affect you. The Quick Invoice scan feature extracts data suggestions that you review and approve before any invoice is created.
11. Retention periods
We retain your personal data for as long as your account is active and for as long as necessary for the purposes for which the data was collected. When you delete your account, your data will be fully removed from our systems within 30 days, unless we are legally required to retain certain data for a longer period (for example, the 7-year fiscal retention obligation for invoice data).
12. Data Processing Agreements
We have entered into Data Processing Agreements with all of our processors (including Vercel, Neon, Stripe, Anthropic, Google, and Meta) that comply with the requirements of the GDPR. These agreements ensure that your data is processed in a secure and legally compliant manner.
13. Changes
We may update this privacy policy from time to time. In the event of substantial changes, we will notify you by email. The most current version is always available on this page.
14. Contact and complaints
If you have questions about this privacy policy or about the processing of your personal data, please contact us at info@marketplaceinvoice.com.
If you have a complaint about the processing of your personal data, you may file a complaint with the Dutch Data Protection Authority at autoriteitpersoonsgegevens.nl.