1. Identity and Contact Details of the Controller
Greenstamp Software Inc. ("Greenstamp", "we", "our", or "us") is the data controller responsible for your personal data when you use our electronic invoicing platform and related services.
- Controller: Greenstamp Software Inc.
- Address: 2093 Philadelphia Pike #6970, Claymont, DE 19703, United States
- Privacy contact: privacy@greenstamp.io
- EU Representative (Art. 27 GDPR): We have appointed EU Rep as our Representative under Article 27 of the EU General Data Protection Regulation ("GDPR"). All GDPR queries from EU Data Subjects or Data Protection Authorities should be submitted to eurep.ie via their dedicated form. BizLegal Ltd trading as EU Rep, 27 Cork Road, Midleton, Co. Cork, Ireland. Company number 635921.
This policy explains what personal data we collect, why we process it, with whom we share it, and the rights you have under the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.
European Representative under Article 27 of GDPR
We have appointed EU Rep as our Representative under Article 27 of the EU General Data Protection Regulation ("GDPR"). All GDPR queries from EU Data Subjects or Data Protection Authorities should be submitted to eurep.ie via their dedicated form.
BizLegal Ltd trading as EU Rep have their registered office at 27 Cork Road, Midleton, Co. Cork, Ireland. Company number 635921.
2. Data We Collect
Account Data
- Name and email address
- Phone number (optional)
- Password (stored in hashed form)
- Authentication and session records
Business Data
- Tax identification numbers (RFC, VAT ID, etc.)
- Business addresses and fiscal information
- Digital certificates for invoice signing (where applicable)
- Counterparty, customer, and vendor information you enter
- Invoices, bills, receipts, and related financial documents
Usage Data
- IP address, browser type, and device information
- Access times and activity logs
- Pages viewed and actions taken within the platform
AI Interaction Data
- Conversations with the Greenstamp Copilot
- Inputs submitted to AI features and their outputs
3. Purposes and Legal Basis for Processing (GDPR Art. 6)
We process your personal data on the following legal bases:
- Performance of a contract (Art. 6(1)(b)): To provide core invoicing, billing, tax filing, and account management services you have contracted with us.
- Legitimate interests (Art. 6(1)(f)): For platform security, fraud prevention, service analytics, and product improvement. You may object at any time.
- Consent (Art. 6(1)(a)): For optional marketing communications and other features that request explicit consent. You may withdraw consent at any time.
- Legal obligation (Art. 6(1)(c)): To comply with tax, accounting, and invoice-retention laws, and to respond to lawful requests from public authorities.
4. Recipients and Sub-Processors
We share your personal data with the following sub-processors, each bound by a data processing agreement:
| Sub-Processor |
Location |
Purpose |
| Render Services, Inc. |
United States |
Cloud hosting, compute, and database |
| Amazon Web Services, Inc. |
United States |
File storage (S3) for invoice PDFs, receipts, data exports, and source documents |
| Storecove B.V. |
Netherlands |
PEPPOL network connectivity |
| SW Sapien S.A. de C.V. |
Mexico |
CFDI invoice stamping (PAC) |
| Stripe, Inc. |
United States |
Payment processing |
| Anthropic PBC |
United States |
AI-powered invoice features (Copilot) |
5. International Transfers
Our servers are located in the United States. Personal data transferred from the European Economic Area (EEA) or the United Kingdom to the United States is protected by the European Commission's Standard Contractual Clauses (Implementing Decision (EU) 2021/914) pursuant to GDPR Art. 46(2)(c). Copies of the applicable clauses are available upon request at privacy@greenstamp.io.
6. Retention Periods
- Invoices and bills: 5 years from creation
- Tax filings: 10 years
- Activity logs: 7 years
- Account data: duration of the account plus 30 days
- AI conversation data: duration of the account
After the applicable retention period, personal data is deleted or anonymized.
7. Your Rights (GDPR Art. 15–22)
If you are located in the EEA, the United Kingdom, or another jurisdiction with equivalent rights, you have the right to:
- Access: Obtain a copy of your personal data.
- Rectification: Correct inaccurate or incomplete data.
- Erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal retention obligations.
- Restriction: Limit how we process your data.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests or for direct marketing.
You can exercise most of these rights directly from your Greenstamp account settings under "My Data", or by emailing privacy@greenstamp.io. You also have the right to lodge a complaint with your local supervisory authority.
8. Automated Decision-Making (GDPR Art. 22)
Greenstamp's AI features (Copilot) assist with invoice classification, data extraction, and validation. These features do not make automated decisions that produce legal effects or similarly significantly affect you. You may disable AI features at any time from your account settings.
9. Security Measures
- AES-256 encryption for sensitive data at rest
- TLS 1.3 encryption for data in transit
- Secure storage of digital certificates with access controls
- Role-based access controls and principle of least privilege
- Regular security audits and vulnerability assessments
10. Cookies
Greenstamp currently uses only functional and essential cookies required for authentication, session management, and security. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Because no non-essential cookies are set, no consent banner is required.
11. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will notify you by email and update the "Last updated" date above.