Privacy policy

Factu Labs S.L. ("Factu", "we") provides a service that helps companies and freelancers obtain invoices from suppliers. This policy explains what personal data we process, why, and how you can exercise your rights.

• Account data: email and password.
• Organization data: legal name, tax ID, fiscal address, and contact email.
• Request data: supplier, transaction description, amount, and internal notes.
• Invoices and PDFs we receive or process to validate the request.
• Google data when you connect Gmail: email address, authorized scopes, and encrypted OAuth tokens needed to send email and, if you enable search, read metadata and PDF attachments for possible invoices.
• Legal confirmation with timestamp and IP when you create a request.
• Aggregated product events with privacy enabled.

• Contact suppliers on your behalf to ask for the invoice.
• Validate received invoices before delivering them.
• Comply with legal and accounting obligations.
• Improve the product based on aggregated usage.

If you connect Gmail for sending, Factu uses the Google API to send invoice requests, reminders, and supplier follow-ups from the mailbox you authorize. If you separately enable invoice search, Factu uses read-only access to search for invoice-like PDFs within the window you choose, download those attachments, and show them as review candidates. Factu does not modify, delete, or move Gmail messages.

Factu's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. OAuth tokens are stored encrypted and used only to maintain the connection you authorized.

We process your data based on contract performance, your explicit consent when confirming each request, and applicable legal obligations.

We keep your data while your account is active. After cancellation, fiscal and commercial data needed to evidence requests, invoices, PDFs, and legal confirmations is retained for 6 years. Non-fiscal events are deleted earlier under the operational retention policy.

To provide the service we share data with technology providers under data processing agreements. The full list is available at /subprocesadores.

You can access, rectify, delete, object to, or request portability of your data by writing to privacy@mrfactu.com.

If we update this policy, we will notify you by email and update the date above.