Easy Rechnung LogoEasy RechnungStart free

Privacy Policy

Last updated: 26 April 2026

This translation is provided for convenience only. In case of any discrepancy, the original German version is legally binding.

1. Data controller

Nikolay Mantchev
Droysenstr. 5
60385 Frankfurt am Main
Germany


Email: 04vision04@protonmail.com

2. Data protection officer / contact

For privacy-related enquiries please contact: 04vision04@protonmail.com

3. What data is processed?

3.1 Data stored locally on the device (SQLite)

The Easy Rechnung app stores data exclusively locally on your device and does not automatically send it to our servers. Storage takes place in the SQLite database (erechnung.db) and includes:

Seller profile (your business data):

  • Name, address, postal code, city, country
  • Email, phone number
  • Bank account details (IBAN, BIC)
  • VAT identification number (USt-IdNr.)
  • Tax number (per §14 UStG)
  • Invoice number prefix

Customer data:

  • Name, address, postal code, city, country
  • Email, phone number
  • VAT identification number
  • Internal notes

Invoice data:

  • Invoice number, date, due date
  • Line items (description, quantity, unit price, tax rate)
  • Totals (net, tax, gross)
  • Payment terms and notes
  • PDF path (local storage)

This data does not leave your device unless you use PDF generation or XRechnung export (see 3.2).

3.2 Temporary data transfer to the back-end server (during PDF generation)

When you generate an invoice as PDF or export an XRechnung, the complete invoice data is transmitted to our back-end server:

  • All seller and customer data (name, address, IBAN, tax numbers)
  • All invoice line items and amounts
  • An anonymous user identifier (X-User-Id header — a per-device UUID with no personal reference)

Server retention period: The server stores the generated PDF temporarily. All PDFs are automatically deleted no later than 24 hours. A cleanup job runs every 6 hours. You should download the PDF after creation and may also use the delete function to shorten storage.

Encryption: Data transfer takes place via HTTPS (TLS 1.2+).

3.3 Adapty subscription management

The app uses Adapty for in-app subscription management:

  • Data sent to Adapty: an anonymous device UUID (profileId), purchase / subscription events
  • No personal data is transmitted directly to Adapty
  • Adapty receives transaction data from the Apple App Store and Google Play through their APIs

Adapty privacy policy: https://adapty.io/privacy-policy

3.4 No further data sources

The app uses none of the following technologies:

  • Google Analytics, Firebase or similar tracking systems
  • Error reporting tools (e.g. Sentry)
  • Advertising platforms or third-party cookies
  • Account system or registration

4. Purpose and legal basis of processing

Purpose

Your data is processed solely for the following purposes:

  1. Invoice creation under §14 UStG and the EN 16931 standard (ZUGFeRD/XRechnung)
  2. Subscription management (verifying your active licence prior to PDF generation)
  3. Local management of your business data

Legal basis

  • Art. 6(1)(b) GDPR: performance of a contract (invoice generation is part of the service)
  • Art. 6(1)(c) GDPR: compliance with a legal obligation (retention and formal correctness of invoices under §14 UStG)

5. Retention period

  • Local SQLite data: for as long as you use the app; can be deleted manually at any time.
  • Server PDFs: max. 24 hours, automatic deletion every 6 hours.
  • Adapty data: according to the Adapty policy.

6. Recipients / data sharing

External service providers

Adapty (subscriptions): processing in the EU/USA on the basis of standard contractual clauses. Function: subscription management and payment processing.

Our servers: temporary PDF generation in the EU (Germany). No permanent storage.

No data sharing with third parties

Aside from the providers listed we do not share your data with third parties, unless:

  • You explicitly instruct us to (e.g. sending email through your own mail app)
  • It is required by law (e.g. an authority request)

7. Your rights as a data subject

Under the GDPR you have the following rights:

Directly inside the app: you can exercise access (Art. 15) and erasure (Art. 17) yourself at any time without filing a request: Profile → Privacy & data flow → "Export my data" or "Delete all data". The export delivers a structured JSON file (which also satisfies data portability under Art. 20). Deletion irreversibly removes profile, customers, products and invoices from the device.

Right of access (Art. 15 GDPR)

You can request information about which of your data we process at any time. As the app stores everything locally you can obtain full disclosure inside the app via Privacy → Export my data.

Right to rectification (Art. 16 GDPR)

You can request correction of your data. Profile, customers and products are editable in the app at any time.

Right to erasure (Art. 17 GDPR)

You can request erasure of your data ("right to be forgotten"). Local data can be deleted at any time inside the app via Privacy → Delete all data (profile, customers, products, invoices) or per individual entry. Server data (temporary PDFs) is deleted automatically after 24 hours.

Note on retention obligations: under §147 AO you are obliged as the invoice issuer to retain invoices for 10 years. Export your invoices for your own archive before deleting all data.

Right to restriction of processing (Art. 18 GDPR)

You can demand that the processing of your data be restricted.

Right to data portability (Art. 20 GDPR)

You can receive your data in a structured, commonly used, machine-readable format. The app provides this through a JSON export via Privacy → Export my data (containing the seller profile, customers, products and all invoices).

Right to object (Art. 21 GDPR)

You can object to the processing of your data (e.g. for marketing purposes — which is not relevant for this app).

Asserting your rights

Please send requests to enforce your rights to 04vision04@protonmail.com. We respond within 30 days.

8. Right to lodge a complaint

If you believe that we are processing your data unlawfully you have the right to lodge a complaint with a data protection supervisory authority. For the controller based in Frankfurt am Main (Hessen) the responsible authority is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1
65189 Wiesbaden
datenschutz.hessen.de

9. Security and data protection

On your device

Your data in the SQLite database is protected by your device security (passcode, fingerprint, Face ID). Expo SQLite stores data in the app-specific directory (no access from other apps).

On our server

All data is transferred via HTTPS (TLS 1.2+). Temporary PDFs are deleted automatically after 24 hours. No sensitive data (IBAN, tax numbers) is stored in the production database.

10. Important note: local responsibility

As the invoice issuer you are responsible under German law for the storage and safekeeping of your invoices and customer data (§14 UStG, GDPR Art. 24). The Easy Rechnung app is a tool — you decide how long you keep your data and how you back it up.

11. Changes to this privacy policy

We reserve the right to update this privacy policy when necessary (e.g. due to changes in legislation or our systems). The current version is always published here.

Last update: 26 April 2026

12. Contact

Nikolay Mantchev
Droysenstr. 5
60385 Frankfurt am Main
Germany


Email: 04vision04@protonmail.com

Effective from: 26 April 2026
Applies to: Easy Rechnung iOS & Android app (version 1.0.0+)