Privacy

This page describes exactly what happens to a file you send to the EIV validation API, in plain language. It is not a substitute for legal advice, but it is an accurate description of the code that runs this service.

What we never store

The uploaded bytes are held in memory only for the duration of the request, sent to the validation engine, and discarded once the response is returned. Nothing about the file's content survives the request.

What we do log

For every /api/v1/validate request, a single log line records:

That is the complete list. No invoice content is ever written to a log.

Why this matters

Many free online invoice validators are anonymous services with no stated retention policy — you have no way to know whether your invoice (often containing customer names, prices, and VAT numbers) is kept, resold, or used to train something. EIV is built so that it structurally cannot do that: the code path from upload to response never writes invoice content to disk or to logs.

Hosting and retention

The service is operated and hosted within the European Union. The only persistent data store is a small SQLite database holding API keys, waitlist signups, and rate-limit counters — never uploaded files. Rate-limit counters are pruned automatically once their one-hour window has passed.

Repair requests

The same rules apply to /api/v1/repair: the uploaded invoice is processed in memory and discarded. Repairs are limited to a fixed whitelist of safe, mechanical fixes; monetary amounts, VAT rates, dates, and party identities are never altered, and arithmetic rule failures are always reported for you to fix, never silently changed.

Contact

Questions about this policy can be directed to the service operator.