On this page
- 1. Scope and our roles
- 2. Information we collect
- 3. Sources of information
- 4. How we use information
- 5. Legal grounds where required
- 6. How we disclose information
- 7. Payments and connected accounts
- 8. Analytics, cookies, and mobile diagnostics
- 9. Data retention
- 10. Security
- 11. Privacy choices and rights
- 12. U.S. state privacy notice
- 13. International processing and transfers
- 14. Children and restricted information
- 15. Changes and contact
1. Scope and our roles
This Policy applies when you visit FacturaOS sites, create or use an account, join a workspace, use the mobile application, contact support, subscribe, or interact with a FacturaOS-operated payment page or communication.
J.R.SOSA & CO. controls personal information used for accounts, billing, product operations, security, analytics, support, and our business. For client, invoice-recipient, supplier, employee, contractor, and similar personal information submitted by a business customer, that customer generally determines the purpose and FacturaOS generally acts as its processor or service provider under the Data Processing Addendum.
2. Information we collect
Depending on how you use FacturaOS, we may collect the following categories:
- Account and identity: name, email address, authentication provider, user identifier, language, role, profile settings, and login or invitation records.
- Business and workspace: business name, contact details, address, logo, operating market, tax and invoice settings, professional-license records, members, invitations, and permissions.
- Operational Customer Data: clients, contacts, estimates, invoices, line items, notes, photographs, evidence files, templates, inventory, suppliers, purchase orders, routes, reports, support tickets, and related records.
- Billing and payments: plan, seats, billing interval, billing contact, transaction identifiers, invoice and subscription status, limited payment-method details such as brand and last four digits, connected-account status, refunds, disputes, and risk signals. Stripe receives full payment credentials and verification data through its components.
- Device and usage: IP address, browser, device, operating system, application version, approximate region, pages or features used, timestamps, referral or campaign data, diagnostic logs, crash information, and privacy preferences.
- Mobile permissions you choose: contacts selected for import, photographs or files selected for upload, camera access, and location used for route or location features.
- Communications: support messages, email-delivery status, survey or feedback responses, legal requests, and records of notices or consent.
3. Sources of information
We receive information directly from you; workspace owners and members; your device or browser; clients or invoice recipients interacting with a payment link; authentication, hosting, analytics, email, and payment providers; public sources; and integrations you choose.
If someone adds you to FacturaOS, sends you an invoice, or provides your information through a workspace, that business user is responsible for giving required notices and ensuring lawful collection.
4. How we use information
We use information to:
- Create accounts, authenticate users, operate workspaces, and provide requested features.
- Store, organize, generate, export, send, and display business records under customer instructions.
- Process subscriptions, seats, plan changes, invoices, connected payments, refunds, and billing support.
- Secure the service, prevent fraud and abuse, troubleshoot, monitor reliability, and enforce agreements.
- Provide support, send service communications, respond to privacy requests, and maintain audit records.
- Measure privacy-safe usage, attribution, performance, and product quality where optional analytics are enabled.
- Comply with law, legal process, tax and accounting duties, and protect rights, safety, and property.
- Develop and improve features using aggregated, de-identified, or appropriately minimized information.
5. Legal grounds where required
Where applicable law requires a legal basis, we process information to perform our contract; follow your instructions; comply with legal obligations; pursue legitimate interests such as security, support, fraud prevention, service improvement, and business administration; protect vital interests; or based on consent. You may withdraw consent for future processing where consent is the basis, without affecting earlier lawful processing.
6. How we disclose information
We may disclose information in these circumstances:
- Within a workspace according to roles, permissions, invitations, and actions chosen by workspace administrators.
- To service providers and subprocessors that support hosting, databases, storage, authentication, analytics, diagnostics, email, support, billing, and security, subject to appropriate obligations.
- To Stripe, banks, card networks, payment methods, and financial partners for subscription billing, connected accounts, identity verification, fraud prevention, payment processing, payouts, disputes, and compliance.
- To Google, Apple, or another authentication provider when you choose that login method.
- To professional advisers, auditors, insurers, financing sources, and transaction parties under confidentiality safeguards.
- To authorities or other parties when reasonably necessary to comply with law, legal process, protect rights or safety, investigate abuse, or enforce our agreements.
- In connection with a merger, financing, reorganization, sale, bankruptcy, or transfer of all or part of the business, subject to applicable law.
7. Payments and connected accounts
Stripe independently collects payment credentials, identity documents, tax identifiers, bank details, device information, and transaction information needed for its services. Stripe may act as an independent controller for regulated payment, verification, fraud, and compliance purposes. Its privacy policy and connected-account terms apply in addition to this Policy.
FacturaOS receives payment and connected-account identifiers, readiness or restriction status, limited account and transaction details, and events needed to provide billing and payment features. We do not intentionally store full card numbers or card security codes.
8. Analytics, cookies, and mobile diagnostics
FacturaOS may use Google Analytics for optional website and product measurement and Firebase Analytics and Crashlytics for optional mobile analytics and diagnostics. Our implementation is designed to avoid sending client names, invoice contents, contact details, addresses, search text, document contents, or full URLs containing record identifiers as analytics event values.
Signed-in users may turn optional product analytics off in Account settings. Mobile users may use the corresponding privacy setting. Browser or device privacy controls may also apply. Necessary authentication, security, fraud-prevention, billing, support, and service logs continue because they are required to operate and protect the service. See the Cookie Statement.
9. Data retention
We retain information only as long as reasonably necessary for the purposes described, including the life of the account or workspace and any additional period needed for legal, tax, accounting, payment, security, backup, fraud-prevention, support, and dispute obligations.
Retention varies by category. Active Customer Data generally remains until deleted by an authorized user or the workspace is deleted. Account, consent, billing, payment, abuse, and legal records may remain longer. Backups and provider systems may take additional time to cycle out. We may retain aggregated or de-identified information that cannot reasonably identify a person.
10. Security
We use reasonable administrative, technical, and organizational safeguards designed to protect personal information, including access controls, encrypted transmission, private storage controls, environment separation, logging, and provider security measures. No method is completely secure, and we cannot guarantee absolute security.
Workspace owners are responsible for user access, device security, exports, recipient addresses, and lawful handling after information leaves FacturaOS. Report suspected incidents promptly to privacy@facturaos.com.
11. Privacy choices and rights
Depending on your location and our legal role, you may request access, correction, deletion, portability, restriction, objection, or withdrawal of consent, and may appeal a denied request where law provides. You may also update many account and workspace fields directly and turn off optional analytics.
Send requests to privacy@facturaos.com. We may verify identity, authority, workspace role, and jurisdiction. If FacturaOS processes information for a business customer, we may direct you to that business or assist it in responding. Authorized agents must provide legally sufficient authority. We will not discriminate for exercising applicable privacy rights.
12. U.S. state privacy notice
The categories collected, sources, purposes, and recipients during the preceding 12 months are described in Sections 2 through 8. FacturaOS does not sell personal information for money. We do not knowingly sell or share personal information for cross-context behavioral advertising as those terms are defined by applicable U.S. state privacy laws.
If our practices change in a way that creates a right to opt out of sale, sharing, or targeted advertising, we will provide the legally required control before using information that way. We use and disclose sensitive personal information only for permitted business purposes or as directed by a business customer, and not to infer characteristics for advertising.
13. International processing and transfers
FacturaOS and its providers may process information in the United States and other countries where they operate. Those countries may have different privacy laws. Where required, we rely on contractual protections, provider transfer mechanisms, consent, or another lawful transfer basis.
The Subprocessor List identifies key providers. Business customers needing additional transfer documentation may contact privacy@facturaos.com.
14. Children and restricted information
FacturaOS is not directed to children under 13 and is not intended for anyone under 18 to open an account. We do not knowingly collect personal information directly from a child under 13. Contact us if you believe a child submitted information without appropriate authorization.
FacturaOS is not designed to store HIPAA-regulated protected health information, full payment-card credentials, or other specially regulated data unless we expressly agree in writing. Business users must avoid submitting restricted information and are responsible for their own legal obligations.
15. Changes and contact
We may update this Policy as services, providers, or laws change. The date above shows the latest revision. We will provide additional notice or consent for material changes where required.
Privacy questions and requests may be sent to privacy@facturaos.com or by mail to J.R.SOSA & CO., 2125 Biscayne Blvd, Ste 204 #24427, Miami, Florida 33137 US. General support is available at contact@facturaos.com.