Privacy Policy

Last Updated: September 30, 2025

Introduction

Welcome to Elba.finance ("Elba," "we," "our," or "us"). We are committed to protecting your privacy and handling your data with transparency and care. This Privacy Policy explains how we collect, use, and protect your information when you use our automated invoice processing platform.

Information We Collect

Information You Provide
  • Account Information: Email address, name, and authentication credentials for connected services
  • Connected Services: Access tokens for Gmail, Outlook, WhatsApp, Google Drive, and OneDrive
  • Payment Information: Billing details processed through our payment processor (we do not store full payment card details)
Information We Process (But Do Not Store)
  • Invoice Documents: PDF invoices and financial documents you submit for processing
  • Extracted Data: Information extracted from your invoices (vendor names, amounts, dates, etc.)
  • Generated Reports: CSV files and financial reports created from your invoice data
Automatically Collected Information
  • Usage Data: Information about how you interact with our platform, including features used and processing requests
  • Technical Data: IP address, browser type, device information, and access times
  • Log Data: System logs for security, debugging, and performance monitoring

How We Use Your Information

We use your information to:

  • Provide and maintain our invoice processing services
  • Connect to and access your email, messaging, and cloud storage accounts as authorized
  • Process your invoices using our third-party AI processing partner (Docupipe.ai)
  • Generate and deliver financial reports to your specified output destinations
  • Process payments and manage your subscription
  • Send service-related communications and notifications
  • Improve our platform and develop new features
  • Ensure platform security and prevent fraud
  • Comply with legal obligations

Our Zero-Storage Commitment

Elba does not store your invoices, extracted data, or generated reports. We process your documents in real-time and immediately transmit the results to your designated output sources. Once processing is complete, we delete all document content and extracted data from our systems.

We retain only:

  • Account and subscription information
  • Usage metadata (number of documents processed, credits used)
  • Technical logs (for up to 90 days for security and debugging purposes)

Third-Party Services

Document Processing

We use Docupipe.ai to process your invoice documents. Your documents are transmitted to Docupipe for AI-powered extraction and are subject to their privacy practices. We have agreements in place to ensure your data is handled securely and not retained unnecessarily.

Connected Services

When you connect your email (Gmail, Outlook), WhatsApp, or cloud storage (Google Drive, OneDrive), we access these services on your behalf using OAuth or similar authorization protocols. We only access the specific data necessary to provide our services (e.g., scanning for invoices, delivering reports).

Payment Processing

Payment information is processed by our third-party payment processor. We do not store complete payment card details on our servers.

Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in transit using TLS/SSL
  • Encrypted storage for account credentials and tokens
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Secure API connections with connected services

Despite our efforts, no method of transmission over the internet is completely secure. We cannot guarantee absolute security of your data.

Data Sharing

We do not sell, rent, or trade your personal information. We may share information only in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share specific information
  • Service Providers: With trusted third parties who assist in operating our platform (e.g., Docupipe.ai, payment processors), under strict confidentiality agreements
  • Legal Requirements: When required by law, court order, or legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to affected users)
  • Protection of Rights: To protect the rights, property, or safety of Elba, our users, or others

Your Rights and Choices

You have the right to:

  • Access: Request information about the personal data we hold about you
  • Correction: Update or correct your account information
  • Deletion: Request deletion of your account and associated data
  • Revoke Access: Disconnect any linked services (email, storage, messaging) at any time
  • Data Portability: Request a copy of your usage data in a machine-readable format
  • Opt-Out: Unsubscribe from marketing communications (service notifications may still be sent)

To exercise these rights, contact us at privacy@elba.finance.

Data Retention

  • Account Data: Retained while your account is active and for up to 30 days after account deletion
  • Usage Metadata: Retained for billing and analytics purposes for up to 2 years
  • Technical Logs: Retained for up to 90 days
  • Invoice Content and Reports: Not stored (deleted immediately after processing)

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

Children's Privacy

Elba is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our platform. Your continued use of Elba after changes become effective constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: privacy@elba.finance
Website: https://elba.finance/contact

For data protection inquiries in the EU, you may also contact our Data Protection Officer at dpo@elba.finance.

Your privacy matters to us. Thank you for trusting Elba with your financial document processing.