🔒
Legal

Privacy Policy

Last updated: January 2025

1. Introduction

FBR E-Invoicing (“we,” “our,” or “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our FBR-integrated e-invoicing platform (the “Service”). By accessing or using the Service, you agree to the practices described in this policy.

2. Information We Collect

2.1 Personal Information

When you register for an account, we collect:

  • Full name and contact details (email address, phone number)
  • Business name, NTN (National Tax Number), and STRN (Sales Tax Registration Number)
  • Business address (city, province, full address)
  • Login credentials (email and password, stored securely with bcrypt hashing)

2.2 Financial & Invoice Data

To provide invoicing services, we process:

  • Invoice details (items, quantities, amounts, tax calculations)
  • Customer/buyer information you enter for invoices
  • FBR submission data and response tokens
  • Payment information for subscription management (processed via SafePay; we do not store card details)

2.3 Technical Data

We automatically collect:

  • IP address and browser type
  • Device information and operating system
  • Pages visited and usage patterns
  • Timestamps of access and session duration

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: Creating, managing, and submitting invoices to FBR on your behalf
  • Account Management: Authenticating users, managing subscriptions, and providing customer support
  • Legal Compliance: Meeting FBR regulatory requirements and tax reporting obligations
  • Communication: Sending transactional emails (verification, password reset, payment receipts, invoice status)
  • Improvement: Analyzing usage to improve the Service, fix bugs, and develop new features
  • Security: Detecting fraud, preventing unauthorized access, and maintaining audit logs

4. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption at Rest: Sensitive data (FBR PRAL tokens, credentials) is encrypted using AES-256-GCM encryption
  • Encryption in Transit: All data transmitted between your browser and our servers is protected via TLS/SSL
  • Password Security: Passwords are hashed using bcrypt with salt rounds and are never stored in plaintext
  • Access Controls: Role-based access control (RBAC) ensures users only access data relevant to their role
  • Audit Logging: All significant actions are logged for security monitoring and compliance purposes

5. Data Sharing & Disclosure

We do not sell your personal data. We may share data with:

  • FBR (Federal Board of Revenue): Invoice data is transmitted to FBR via their DI API as required for tax compliance
  • Payment Processors: SafePay processes subscription payments; they have their own privacy policies
  • Service Providers: Email delivery (Zoho Mail), cloud hosting (AWS), for operating the Service
  • Legal Requirements: If required by law, court order, or government request

6. Data Retention

We retain your data for as long as your account is active and as required by Pakistani tax laws. Invoice records are retained for the statutory period mandated by FBR. You may request deletion of your account and personal data by contacting us, subject to any legal retention requirements.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account (subject to legal requirements)
  • Export your invoice data
  • Withdraw consent for marketing communications

8. Cookies

We use essential cookies and local storage for authentication tokens and session management. These are strictly necessary for the Service to function. We do not use third-party advertising or tracking cookies.

9. Children’s Privacy

The Service is intended for businesses and is not directed at individuals under 18 years of age. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance.

11. Contact Us

If you have questions about this Privacy Policy, please contact us:

Email: support@fbreinvoicing.com

Website: www.fbreinvoicing.com

Address: Pakistan