Privacy Policy

Last Updated: December 12, 2025

1. Roles under European Compliance Rules

In accordance with European compliance rules for data protection:

  • The Client acts as the Data Controller. You own the data.
  • QFactuur acts as the Data Processor. We handle data solely on your instructions to convert and transmit it.

2. Data We Collect

Through our contact form, we receive:

  • Identification: Name and email address (for communication).
  • Operational Context: Sector, estimated invoice volume, and current workflow (to assess your request correctly).

We do not request phone numbers through the contact form.

3. Data Minimization & Retention

  • Source Files: Original files (Excel, Word, Photos) uploaded by the Client are permanently deleted 30 days after processing.
  • No Backup Service: We do not offer a cloud backup service for your historical accounting records. It is the Client's strict obligation to maintain their own local or cloud backups.
  • Transmission Receipts: We retain the final UBL XML and Transmission UUID (Receipt) for administrative history as required for service verification.

4. Sub-processors & Infrastructure

To deliver the Service, we utilize trusted third-party infrastructure. All data is stored and processed within the European Economic Area (EEA) or by providers adhering to strict EU adequacy decisions.

Sub-processors: QFactuur may utilize the following categories of sub-processors:

  • Cloud Storage Providers: Certified cloud hosting providers with data centers in the EEA, compliant with ISO 27001 and/or SOC 2 Type II certifications.
  • Certified Peppol Access Points: Officially certified Peppol Access Point providers used strictly for the legal injection of invoices into the Peppol network.
  • Secure Communication Providers: Providers of secure email and communication services with end-to-end encryption.

QFactuur reserves the right to change or add sub-processors within these categories, provided they meet the requirements stated above. The Client will be notified of changes to sub-processors via the website or by email.

5. Security Measures

We employ industry-standard security protocols, including TLS 1.2+ encryption for data in transit and local hardware encryption for temporary processing.

6. Contact

For privacy-related inquiries or to request data export, please contact us via the contact form on our website.

Back to home