Version 3.1 dated February 19, 2026
We are pleased that you are using our App. The protection of your privacy and the protection of your personal data, so-called personal data, when using our App is an important concern for us.
Personal data according to Art. 4 No. 1 GDPR are all information relating to an identified or identifiable natural person. This includes, for example, information such as your first and last name, your address, your phone number, your email address, but also your IP address.
Data for which no connection to your person can be established, such as through anonymization, are not personal data. The processing (e.g., collection, storage, retrieval, querying, use, transmission, deletion or destruction) according to Art. 4 No. 2 GDPR always requires a legal basis or your consent. Processed personal data must be deleted as soon as the purpose of processing has been achieved and no legally prescribed retention obligations need to be maintained.
Here you will find information about the handling of your personal data when using our App. To provide the functions and services of the App, it is necessary that we collect personal data about you.
We also explain to you the type and scope of the respective data processing, the purpose and the corresponding legal basis and the respective storage period.
This privacy policy applies only to this App. It does not apply to other websites or apps to which we merely refer via a hyperlink. We cannot assume responsibility for the confidential handling of your personal data on third-party websites or apps, as we have no influence on whether these companies comply with data protection regulations. Please inform yourself directly on these websites or apps about the handling of your personal data by these companies.
Responsible for the processing of personal data in connection with the use of the App is: A&C Finance Solutions
When you use this App, we collect technically necessary data via server log files that are automatically transmitted to our server, including:
This processing is technically necessary to be able to display our App to you. We also use the data to ensure the security and stability of our App.
The legal basis for this processing is Art. 6 para. 1 lit. f) GDPR. The processing of the mentioned data is necessary for the provision of an App and thus serves to protect a legitimate interest of our company.
As soon as the mentioned personal data are no longer required for displaying the App, they are deleted. The collection of data for the provision of the App and the storage of data in log files is mandatory for the operation of the App. Consequently, there is no possibility for the user to object to this aspect. Further storage may occur in individual cases if this is legally required.
In the pre-contractual area and when concluding a contract, we collect personal data about you. This includes, for example, first and last name, address, email address, phone number or bank details.
We collect and process this data exclusively for the purpose of contract performance or to fulfill pre-contractual obligations.
The legal basis for this is Art. 6 para. 1 lit. b) GDPR. If there is additionally consent from you, the additional legal basis is Art. 6 para. 1 lit. a) GDPR.
The data will be deleted as soon as they are no longer required for the purpose of their processing.
In addition, there may be legal retention obligations, for example commercial or tax retention obligations under the German Commercial Code (HGB) or the Fiscal Code (AO). If such retention obligations exist, we will block or delete your data at the end of these retention obligations.
We only store those order and customer data that are necessary for the creation of the respective documents (invoice, credit note, etc.).
The data is hosted on servers of Hetzner Online GmbH in Germany.
Users can have all personal data deleted at any time via the compliance interfaces integrated in Shopify.
We only pass on your personal data to third parties if:
We use such service providers in the following areas:
When transmitting to external parties in third countries, i.e., outside the EU or the EEA, we ensure that these parties treat your personal data with the same care as within the EU or the EEA. We only transmit personal data to third countries where the EU Commission has confirmed an adequate level of protection or if we ensure careful handling of personal data through contractual agreements or other appropriate guarantees.
There is the possibility to subscribe to a free regular email newsletter. To be able to send you the newsletter regularly, we need your email address from you.
For newsletter delivery, we use the so-called double opt-in procedure.
This means that we will only send you an email newsletter if you have expressly confirmed to us that you consent to receiving the newsletter. We will then send you a confirmation email asking you to confirm by clicking on a corresponding link that you want to receive newsletters from us in the future.
This serves to ensure that only you yourself can register for the newsletter as the owner of the specified email address. Your confirmation must be made promptly after receiving the confirmation email, otherwise your newsletter registration will be automatically deleted from our database.
When you subscribe to the newsletter, we collect and store the data you enter in the input form (e.g., last name, first name, email address).
When registering for the newsletter, we also store your IP address registered by the Internet Service Provider (ISP) as well as the date and time of registration to be able to trace any misuse of your email address at a later time. For the confirmation email sent for control purposes (double opt-in in the email), we also store the date and time of the click on the confirmation link and the IP address registered by the Internet Service Provider (ISP).
The data collected by us when registering for the newsletter is used exclusively for advertising purposes via the newsletter.
The processing of your email address for newsletter delivery is based on Art. 6 para. 1 lit. a) GDPR and § 7 para. 2 No. 3 UWG on the consent declaration that you voluntarily give below and can revoke at any time for the future.
In addition, the processing is based on Art. 6 para. 1 lit. f) GDPR due to legitimate interests on our part to document the proof of the required consent.
Your email address will be stored as long as you have subscribed to the newsletter. After unsubscribing from the newsletter, your email address will be deleted, unless you have expressly consented to further use of your data.
We use the web analysis service Google Analytics on our website and within our Shopify App, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Google Analytics uses cookies and comparable technologies that are stored on your device and enable an analysis of the use of our website or our app. The information generated by these technologies about your use of our offers is usually transmitted to Google servers and stored there. This may also involve transmission to Google LLC servers in the USA.
We have activated the IP anonymization function. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Google processes this information on our behalf to evaluate the use of our website and our Shopify App, to compile reports on activities, and to provide other services related to the use of our offers.
The processing is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR in conjunction with § 25 Para. 1 TTDSG.
The recipient of the data is Google Ireland Limited. Transmission to third countries, in particular the USA, cannot be ruled out. Google relies on the standard contractual clauses approved by the EU Commission for this purpose.
The data sent by us to Google and linked to cookies or identifiers will be automatically deleted after a maximum of 14 months.
You can revoke your consent at any time with effect for the future:
In addition, you can prevent the collection of your data by Google Analytics by installing the following browser plugin: https://tools.google.com/dlpage/gaoptout
Further information on data protection at Google can be found at: https://policies.google.com/privacy
We use technical and organizational security measures to protect the data managed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Our security measures are continuously improved in accordance with technological development.
Access to your data is only possible for a limited group of people and is carried out exclusively within the framework of activities necessary for the fulfillment of contractual services.
You have the following rights:
To exercise your rights, you can contact the responsible party mentioned above at any time.
After uninstallation or cancellation of the app, we grant you a grace period of 3 months during which you can access your data through our support team. During this period, you can:
Access is exclusively through our support (support@easy-invoices.app). You must prove that you are or were the owner or authorized person of the Shopify shop.
Legal basis: Art. 6 Para. 1 lit. b) GDPR (contract fulfillment) and Art. 6 Para. 1 lit. f) GDPR (legitimate interest in proper contract processing)
After the 3-month grace period expires, all your personal data will be automatically and irrevocably deleted. This includes:
Important: Technical recovery of data after deletion is not possible. Please export and secure all important data in time within the 3-month period.
Legal basis: Art. 17 GDPR (Right to erasure)
Important note: As the invoice issuer (shop owner), you have the legal obligation to retain your business documents including invoices for 10 years (§ 147 Para. 1 No. 1 AO).
Easy Invoices is a software service provider and creates invoices on your behalf. The legal retention obligation lies with you as the entrepreneur, not with us as the software provider.
Recommendation: Export all invoices regularly (monthly or annually) and store them securely. Use the app's export function or contact our support.
To access your data after cancellation, proof is required that you are or were the shop owner. Access is exclusively through our support.
Verification process:
These security measures serve to protect your data from unauthorized access.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format (Art. 20 GDPR). The export includes:
You can perform the export at any time through the app functions or request it through our support after cancellation.
Detailed information about data retention after app uninstallation can be found on our data retention page.
In the course of using Easy Invoices, A&C Finance Solutions GbR acts as a processor within the meaning of Art. 28 GDPR. The Shopify merchants using Easy Invoices are the controllers for the processing of their end customers' personal data.
A Data Processing Agreement (DPA) is concluded electronically during the app's onboarding process. The DPA can be downloaded as a PDF document at any time via the app settings.
Categories of data processed:
Processing purposes:
Sub-processors used:
We reserve the right to update this statement as needed at any time. The current version of the privacy policy can be viewed in the App. Please inform yourself regularly about the applicable data protection regulations.