RenameMyInvoice Logo
RenameMyInvoice

Privacy Policy

How RenameMyInvoice collects, uses, stores, and deletes personal data.

Effective date: March 18, 2026

This Privacy Policy explains how RenameMyInvoice collects, uses, shares, stores, and deletes personal data when you use our website, file-processing service, API, and Google Drive integration.

RenameMyInvoice is operated by HeyHo Systems GmbH, Kurfürstenstr. 9b, 31275 Lehrte, Germany. If you have privacy questions or want to submit a deletion request, contact us at hey@heyhosystems.com or through our contact page.

1. What We Collect

Depending on how you use the service, we may collect and process the following categories of data:

  • Account and subscription data: email address, customer ID, plan type, and subscription status.
  • Uploaded files and filenames: documents you submit for renaming, including filenames and file contents needed for processing.
  • Google Drive integration data: selected folder ID, Google Drive file metadata, supported file contents from the folder you connect, encrypted refresh token, watch and channel metadata, processing records, and renamed filenames associated with the workflow.
  • Payment and billing data: payment-related information processed by Stripe, such as billing details and transaction status. We do not store full payment card details on our servers.
  • Session and browser data: cookies, local storage entries, customer session cookies, consent preferences, and short-lived OAuth state cookies.
  • Usage, analytics, and marketing data: attribution parameters, referrer information, region indicators, analytics events, and ad-related consent signals.
  • Operational and diagnostic data: logs, error reports, webhook metadata, API usage information, and security-related telemetry.
  • Messages you send us: information you provide through support or contact forms.

2. How We Use Personal Data

We use personal data to operate and improve RenameMyInvoice, including to:

  • process files and generate renamed outputs or downloads;
  • run the Google Drive automation workflow for connected customers;
  • access selected Google Drive files and metadata to analyze supported documents and apply renamed filenames;
  • verify subscriptions and manage customer sessions;
  • provide support, troubleshoot issues, and monitor service reliability;
  • detect misuse, fraud, abuse, or unauthorized access;
  • measure product usage, conversion flows, and marketing performance;
  • comply with legal obligations and enforce our terms.

3. How File Processing Works

When you upload files or trigger automated processing, we temporarily handle your files so the service can extract invoice data and generate a renamed output. Processing may involve temporary storage on the application instance under /tmp and, in production, temporary storage in cloud object storage to support asynchronous processing and time-limited downloads.

This may include files you upload directly and supported files accessed from a Google Drive folder you connect.

We may use AI-based processing, including OpenAI, to analyze document contents and extract the information required to generate standardized filenames. We use file contents only for the processing workflow you request, and we do not use Google user data or processed file contents from that workflow to train generalized AI or machine learning models.

4. Cookies, Local Storage, and Similar Technologies

We use cookies, local storage, and similar technologies for core product and measurement purposes.

  • Essential functionality: customer sessions, Google OAuth state handling, security, and core product flows.
  • Preferences: consent choices and product settings stored in your browser.
  • Analytics and marketing: Simple Analytics, Microsoft/Bing UET, and attribution data to understand traffic and product performance, subject to your consent choices where applicable.

5. Legal Bases for Processing

If you are in the EEA, UK, or similar jurisdictions, we rely on the following legal bases:

  • Performance of a contract: to provide the file-renaming service, downloads, billing, and requested integrations.
  • Legitimate interests: to secure the service, prevent abuse, troubleshoot issues, maintain logs, and improve the product.
  • Consent: where required for analytics, advertising-related technologies, or similar optional processing.
  • Legal obligation: where we must retain or disclose information under applicable law.

6. Sharing and Service Providers

We may share personal data with service providers and infrastructure partners that help us operate the service, including:

  • Google Cloud and Google APIs for hosting, storage, and Google Drive integration.
  • OpenAI for document analysis and extraction as part of the renaming workflow.
  • Stripe for subscription billing and payment processing.
  • Rollbar for error monitoring and operational diagnostics.
  • Simple Analytics and Microsoft/Bing UET for analytics and marketing measurement.

If you use the Google Drive integration, we use Google user data only to provide and secure the integration and related file-processing workflow you request. We do not sell Google user data, we do not use Google user data for advertising, and we do not transfer Google user data to third parties except as needed to provide the requested service, for security purposes, or to comply with law.

RenameMyInvoice's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We may also disclose information if required by law, regulation, court order, or valid government request, or when reasonably necessary to protect our users, rights, or systems.

7. Data Retention and Deletion

We store personal information for a period of time that is consistent with our business purposes and the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Temporary processing files: uploaded and generated files may be stored temporarily during processing on application instances under /tmp.
  • Temporary cloud-stored job files: in production, uploaded inputs and processed outputs may also be stored temporarily in cloud storage to support asynchronous processing and download delivery.
  • Download availability: download links generally expire after about 24 hours.
  • Deletion of temporary job objects: our policy basis is that temporary production job objects are deleted automatically after roughly 24 hours in line with the download window.
  • Customer and integration records: customer profiles, session-related records, encrypted Google refresh tokens, watch metadata, and processing records may be retained while your account or integration remains active and for a limited period afterward for security, operational, dispute-handling, backup, and legal compliance purposes.
  • Logs and diagnostics: operational logs and error reports may be kept for a limited period for troubleshooting, monitoring, and security.

When an applicable retention period expires, we will delete, destroy, or de-identify the relevant data unless we are required or permitted by law to keep it longer.

If you disconnect Google Drive, we stop the active monitoring workflow, but disconnecting does not necessarily mean immediate deletion of all related historical records. You may request deletion of your data by contacting us at hey@heyhosystems.com or via our contact page.

8. Security

We use reasonable technical and organizational measures designed to protect personal data, including:

  • HTTPS and other in-transit protections;
  • encrypted storage of Google refresh tokens at rest;
  • access controls and provider-managed security features;
  • logging and monitoring to detect service and security issues.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

9. International Data Transfers

We may process or store personal data in countries other than your own, including through providers that operate internationally. Where required, we rely on appropriate safeguards under applicable data protection law.

10. Your Rights

Depending on your location, you may have rights to:

  • request access to your personal data;
  • request correction of inaccurate data;
  • request deletion of your personal data;
  • object to or restrict certain processing;
  • request portability of data you provided to us;
  • withdraw consent where processing is based on consent.

You may exercise these rights by contacting us. You may also have the right to lodge a complaint with a supervisory authority.

11. Children's Privacy

RenameMyInvoice is not intended for children, and we do not knowingly collect personal data from children under the age required by applicable law.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version on this page and update the effective date above. Material changes will take effect when posted unless a different date is stated.

13. Contact

For privacy questions, data requests, or complaints, contact HeyHo Systems GmbH at hey@heyhosystems.com or through our contact page.