Data Retention & Security
Clear policies for how we store, retain, and protect your data. Built for firms and accountants who need an answer to every auditor question.
Retention periods
You choose how long we keep the original PDF files you upload. Extracted data (vendor, invoice number, dates, amounts, line items) is retained for the life of your account regardless of which file retention setting you pick — it's the reason to run this thing in the first place.
7 years Recommended
Matches the IRS requirement that financial records supporting tax returns be kept for at least 7 years. The safest default for most bookkeepers, accounting firms, and small businesses.
3 years
A middle ground for workspaces that reconcile and export quickly and don't need the full 7-year audit window of original source PDFs on file.
1 year
Best for high-volume teams that export to QuickBooks, Xero, or Zoho right after review and rely on their accounting system as the long-term record of truth.
Permanent
We never auto-delete your original files. They stay available in your workspace until you delete them manually or close your account. Recommended for firms managing clients where an older-than-7-year record may still be needed.
The IRS requires financial records supporting tax returns to be kept for 7 years. We default new workspaces to the 7-year option so you're covered from day one.
Changing your retention period
Workspace owners can change the retention period at any time from Dashboard → Settings → File Retention. Changes apply to all future uploads immediately. Files that are already within the new window keep their original expiry; you won't lose anything by shortening retention, and you won't retroactively extend it either.
What we store, and where
- •Original PDF files — stored in Cloudflare R2 object storage (S3-compatible, US region). Files are scoped to your workspace and never shared across tenants. Subject to the retention period you pick above.
- •Extracted invoice data — vendor name, invoice number, date, due date, totals, tax, line items, confidence scores, and validation flags. Stored in our PostgreSQL database (Railway, US region). Retained for the life of your account.
- •Review history & corrections — who reviewed each invoice, what fields were corrected, and when. Retained for the life of your account so you have a complete audit trail.
- •Account & billing data — email, session metadata, subscription status. Payment card details are handled entirely by Stripe; we never see or store them. Retained for the life of your account and for a reasonable period after closure for legal, tax, and support purposes.
- •ERP integration tokens — OAuth tokens for QuickBooks Online, Xero, and Zoho Books are encrypted at rest and stored alongside your workspace. You can revoke them at any time from Settings → Integrations.
Deletion and your rights
You can request deletion of your account and associated data at any time. On request we remove or anonymize your personal data and, for workspace owners, the client and invoice data linked to your account — except where we must retain information for legal, tax, or regulatory reasons.
To request account or data deletion, or to export your data, contact us at support@invoiceparserpro.com. We respond to such requests within a reasonable timeframe — typically within a few business days.
Security practices
- •HTTPS everywhere. No transmission of invoice data or credentials in the clear.
- •Session and authentication handled with secure, httpOnly cookies and server-side session revocation on logout.
- •Invoice and API access is scoped by user and workspace. No cross-tenant access is possible at the query level.
- •ERP integration tokens (QuickBooks, Xero, Zoho) are encrypted at rest with a server-held key.
- •Payment data is processed by Stripe. We never see or store card numbers.
- •Two-factor authentication is available on all accounts from Settings → Security.
For full details on collection, use, and sharing, see our Privacy Policy.
Last updated: April 2026