Privacy Policy
Operator: Ricasso Studios Limited (“Invinite”, “we”, “us”, “our”)
Contact: privacy@invinite.io
Website: https://www.invinite.io
This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our websites, use the Invinite platform, or otherwise interact with us.
1. Scope and Roles
1.1 When we are a controller
We act as a data controller for personal information we collect about account holders, website visitors, billing contacts, and individuals who communicate with us.
1.2 When we are a processor
We act as a data processor when we store and process customer content on behalf of your organization — for example, inventory records, supplier details, purchase orders, and operational data entered by your team. In those cases, your organization is typically the controller and is responsible for having a lawful basis to provide that data to us. If you need a Data Processing Agreement, contact us at privacy@invinite.io.
2. Information We Collect
2.1 Account and profile information
- Name and business email address
- Organization name and settings (country, time zone, currency)
- Password (stored in hashed form)
- Role and permission assignments
- Locale and notification preferences
2.2 Usage and device information
- Sign-in timestamps and IP addresses
- Actions performed in the Service, including audit logs
- Device type, browser, and app version where applicable
- Product usage events via analytics tools
2.3 Billing information
Subscription plan, billing period, and payment status. Payment method details are collected and processed by Airwallex; we receive limited billing metadata (such as transaction IDs and payment status), not full card numbers.
2.4 Customer Content
Data you and your users submit in the course of using the Service, which may include inventory items, supplier information, transactions, stocktake records, uploaded files (such as invoices or product images), and communications sent through the Service (such as purchase order emails to suppliers). Customer Content may include personal information about your employees or third parties. You control what is entered.
2.5 Communications
Emails and support messages you send us, and email delivery metadata for system emails sent via our email provider.
2.6 Website and marketing
Waitlist sign-ups and cookies or similar technologies (see Section 8).
We do not intentionally collect sensitive personal data. Do not submit such data unless necessary and lawful for your use case.
3. How We Use Information
We use personal information to:
- provide and operate the Service;
- manage accounts, billing, and subscriptions;
- maintain security, prevent fraud, and keep audit trails;
- respond to support requests;
- improve the Service through analytics and product development;
- comply with legal obligations; and
- send service announcements, security alerts, and billing notices.
We rely on contract performance, legitimate interests, consent (where required), and legal obligation as applicable.
4. How We Share Information
We do not sell your personal information. We share information only as follows:
4.1 Service providers
We use trusted third parties to operate the Service, including:
- Airwallex — payment processing and subscription billing;
- Resend — transactional email delivery;
- PostHog — product analytics and usage measurement;
- Cloudflare (R2) — file and object storage; and
- Cloud infrastructure providers — hosting, databases, and backups.
These providers process data on our instructions and under contractual safeguards.
4.2 At your direction
When you use features that send data to third parties (for example, emailing purchase orders to suppliers or POS integrations), sharing occurs at your instruction.
4.3 Legal and safety
We may disclose information if required by law, court order, or government request, or to protect the rights, safety, and security of Invinite, our users, or others.
4.4 Business transfers
If we are involved in a merger, acquisition, or asset sale, personal information may be transferred subject to this Privacy Policy or equivalent protections.
5. International Data Transfers
We may process and store information in countries other than your own, including the United States and other regions where our infrastructure and service providers operate. Where required, we implement appropriate safeguards for cross-border transfers. Your organization may be assigned a server region for Service delivery; this does not necessarily mean all processing (such as analytics or email) occurs exclusively in that region.
6. Data Retention
We retain personal information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.
- Account data: retained while your account is active and for a reasonable period afterward.
- Customer Content: retained according to your plan’s data retention limits and account status.
- Billing records: retained as required for tax and accounting purposes.
- Logs and analytics: retained for a limited period appropriate to security and product improvement.
7. Your Rights and Choices
Depending on your location, you may have rights to access, correct, delete, restrict, or object to certain processing of your personal information, to data portability, and to withdraw consent where processing is consent-based. You may also lodge a complaint with a supervisory authority.
To exercise these rights, contact privacy@invinite.io. We may need to verify your identity. Organization administrators may request export or deletion of Customer Content by contacting us.
8. Cookies and Analytics
We use cookies and similar technologies for essential operation (authentication, session management, security) and analytics (via PostHog) to improve the Service. You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality. Where required by law, we will obtain consent before non-essential cookies.
9. Security
We implement technical and organizational measures designed to protect personal information, including encryption in transit, access controls, and audit logging. No method of transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your credentials and configuring user access within your organization.
10. Children
The Service is not directed to individuals under 18. We do not knowingly collect personal information from children.
11. Third-Party Links
Our websites or documentation may link to third-party sites. We are not responsible for their privacy practices.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the revised version on our website and update the “Last updated” date. Material changes will be communicated where required by law.
13. Contact Us
For privacy questions, requests, or DPA inquiries:
Ricasso Studios Limited
Email: privacy@invinite.io
See also our Terms & Conditions.