Privacy Policy

Last Updated: March 16, 2026 · Effective: March 16, 2026

1. Introduction

Drumblow Invoice (“we”, “our”, “us”) is a professional invoice and quote management application for Canadian businesses. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

2. Information We Collect

2.1 Account Information

• Email address — used for account creation and authentication
• Password — stored as a salted hash (never in plain text)

2.2 Business Information

• Company profile — business name, address, phone, tax registration number, logo
• Client data — client names, company names, email addresses, phone numbers, mailing addresses
• Financial data — invoice amounts, tax calculations, payment terms, line items, rates

2.3 Automatically Collected

• Device information — device type and OS version (for compatibility only)
• Authentication tokens — stored securely in Android Keystore / iOS Keychain

2.4 Information We Do NOT Collect

• Location data
• Contacts or call logs
• Browsing history
• Advertising identifiers
• Analytics or tracking data

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain the invoice management service
• Authenticate your account
• Generate PDF invoices and quotes
• Calculate applicable Canadian taxes (GST/HST/PST/QST)
• Process subscription payments through Stripe
• Sync your data between devices (online plan only)

4. Data Storage

4.1 Offline Plan

All data is stored locally on your device using an encrypted SQLite database. No data is transmitted to our servers.

4.2 Online Plan

Data is transmitted over HTTPS (TLS 1.2+) to our servers hosted on Oracle Cloud Infrastructure. Data is stored in a PostgreSQL database with encryption at rest.

5. Third-Party Services

5.1 Stripe

We use Stripe to process subscription payments. Stripe collects payment information directly — we never see or store your credit card details. See Stripe’s Privacy Policy.

5.2 Google Sign-In

If you choose to sign in with Google, we receive your email address and display name from Google. See Google’s Privacy Policy.

5.3 Apple Sign-In

If you choose to sign in with Apple, we receive your email address (or a relay address) from Apple. See Apple’s Privacy Policy.

6. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. We may share information only:

• With Stripe for payment processing
• If required by Canadian law or a valid legal process
• To protect the rights and safety of our users

7. Data Retention

• Active accounts: Data is retained as long as your account is active
• Deleted accounts: Data is permanently deleted within 30 days of account deletion
• Offline plan: Data exists only on your device and is deleted when you uninstall the app

8. Data Security

We implement industry-standard security measures:

• HTTPS/TLS encryption for all data in transit
• Secure token storage (Android Keystore / iOS Keychain)
• Salted password hashing
• JWT authentication with automatic token refresh
• Server-side input validation and rate limiting
• Regular security audits

9. Your Rights

Under Canadian privacy law (PIPEDA), you have the right to:

• Access your personal information
• Correct inaccurate data
• Delete your account and associated data
• Export your data (via PDF invoice generation)
• Withdraw consent at any time

10. Children’s Privacy

Drumblow Invoice is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy within the app and updating the “Last Updated” date.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: privacy@drumblow.com
Website: https://invoice.drumblow.com