Client Invoices logo

Client Invoices Privacy Policy

This privacy policy explains what personal information Client Invoices collects, why we collect it, who we share it with, and the rights you have over it. It applies to all information collected by or submitted to Client Invoices.

Client Invoices is operated by Sanderson Howe Limited (NZBN 9429049408096), a company incorporated in New Zealand. You can contact us about anything in this policy at team@clientinvoices.com.

What Client Invoices does

Client Invoices is a tool for sharing invoices. A business connects its Xero accounting organisation to Client Invoices, browses its Xero contacts and invoices, and shares individual invoices with its own clients by email. Those clients then sign in to view the invoices shared with them and pay them through Xero's secure online invoice page. Understanding these two kinds of user is the key to this policy.

Our roles

Two kinds of people interact with Client Invoices, and our responsibilities differ for each:

  1. Providers — businesses that sign up, connect their Xero organisation, and share invoices with their clients. For your account information (your name, email and billing details) we decide how it is processed, so in data-protection terms we are the controller. For the Xero accounting data you bring into the service — your contacts and invoices — you remain the controller and we act as your processor, handling that data only on your instructions to provide the service.
  2. Clients — the people a provider shares an invoice with. If a provider shares an invoice with you, you sign in with a one-time email link to view it. The provider decides which of their invoices to share with you; we hold and display that invoice on the provider's behalf.

If you are a client and want the personal data on an invoice accessed, corrected or deleted, the quickest route is to contact the provider who shared it with you, because they control that data in their Xero account. You can also contact us directly and we will help.

Connecting Xero

When a provider connects Xero, we use Xero's official OAuth authorisation — we never see or store your Xero password. We request the minimum, read-only access we need: your identity (so we can sign you in), and read access to your Xero contacts and invoices. We do not request permission to change anything in your Xero organisation through this connection. Your authorisation tokens are encrypted at rest, and you can disconnect at any time from your account or from within Xero, which immediately revokes our access.

Information we collect

Providers. We collect your name, email address and password when you create an account. When you connect Xero we receive your organisation name and the contacts and invoices you choose to work with (including invoice numbers, line items and amounts). If you subscribe to a paid plan, your payment card details are collected and processed by our payment provider, Stripe — we do not store full card numbers, only a Stripe customer reference. We automatically record technical data such as IP addresses and browser types to maintain security and understand aggregate usage of the service.

Clients. When a provider shares an invoice with you, we hold your email address (so we can send your sign-in link), your name as it appears on the invoice, and the invoice itself. We sign you in using a one-time, expiring link rather than a password, so we never collect or store a password for you. We record when you last signed in for security purposes.

Invoice data we hold

When a provider shares an invoice, we store a copy (a snapshot) of that invoice and a secure link to its Xero-hosted online invoice page, so the client can view and pay it reliably. We hold this only for as long as the share is active: when a provider revokes a share or deletes their account, the client loses access and the snapshot is removed. Payment of an invoice happens on Xero's secure online invoice page — Client Invoices does not process or store your clients' card or bank details.

How we use your information

We use personal information to:

  • provide the Services, Site and customer support;
  • connect to your Xero organisation and display and share the invoices you choose;
  • verify your identity for security purposes, including issuing one-time sign-in links;
  • resolve disputes and troubleshoot problems;
  • prevent, detect and investigate fraud, abuse and other prohibited or illegal activities, and enforce our User Terms;
  • send you service-related messages such as sign-in links, billing receipts and legal notices;
  • with your consent, tell you about product updates and improvements (you can unsubscribe at any time); and
  • produce anonymised, aggregated statistics about how the service is used.

Client Invoices does not sell, rent or lease personal information to anyone. We do not run advertising, do not share data with advertising networks, and do not build marketing profiles of you or your clients. We do not use your Xero data for anything other than providing the service to you.

Contract - to provide the Services, Site and customer support; verify your identity for security purposes; resolve disputes and troubleshoot problems; and enforce our User Terms, the processing is necessary for the contract we have with you.

Processor on your instructions - when we access your Xero contacts and invoices and share them with the clients you choose, we are acting on your documented instructions as your processor.

Consent - if we tell you about product updates and improvements, you have given us clear consent to process your personal data for that specific purpose, and you can withdraw it at any time.

Legal obligation - to prevent, detect and investigate potentially prohibited or illegal activities, the processing is necessary for us to comply with the law.

Legitimate interests - to keep the service secure, prevent fraud and abuse, and improve our Services, the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.

Third parties

We share personal information only with the service providers below, and only to the extent needed to run Client Invoices:

  • Xero — the accounting platform a provider connects to Client Invoices. When you authorise the connection we exchange data with Xero to read your contacts and invoices; this is governed by Xero's privacy policy and your agreement with Xero.
  • Stripe — payment processing for provider subscriptions. Your card details go directly to Stripe and are governed by Stripe's privacy policy.
  • Amazon Web Services (AWS) — hosting of our infrastructure and delivery of email (such as sign-in links and receipts). Our infrastructure runs in the United States.
  • Google reCAPTCHA — our contact form is protected by reCAPTCHA to prevent spam and abuse; when you submit that form a token (and your IP address) is sent to Google for verification, governed by Google's privacy policy.
  • Analytics — we use Google Analytics in a cookieless configuration: consent is denied by default and never granted, so it sets no cookies and cannot track you across sites. Visit counts reach Google as anonymous, aggregate pings; like any web request these include an IP address and browser type. We use the resulting aggregate statistics only to understand visits to our own website.

We may disclose personal information in response to subpoenas, court orders, or other legal requirements; to exercise our legal rights or defend against legal claims; to investigate, prevent, or take action regarding illegal activities, suspected fraud or abuse, or violations of our policies; or to protect our rights and property.

In the future, we may sell to, buy, merge with, or partner with other businesses. In such transactions, user information may be among the transferred assets.

This policy applies only to Client Invoices. Xero, Stripe, and other services you use have their own privacy practices that we do not control.

Cookies

Client Invoices uses only essential cookies: a session cookie and a security (CSRF) cookie that are required for signing in and using the service safely, and an optional "remember me" cookie if you choose it at login. We set no advertising, tracking or cross-site cookies, and our analytics is cookieless. Because every cookie we set is essential to the service working, there is no cookie banner to click through.

You can block cookies in your browser settings, but signing in will not work without the essential ones.

Where your data is stored

Our infrastructure runs on Amazon Web Services in the United States (us-east-1). Sanderson Howe Limited operates from New Zealand — one of the small number of countries holding a European Commission adequacy decision, meaning personal data can lawfully flow from the EEA to us without additional safeguards. For the onward hosting of data with AWS in the United States, AWS provides GDPR-compliant data processing terms and is certified under the EU–U.S. Data Privacy Framework.

Security of your personal information

All traffic to and from Client Invoices is encrypted in transit using TLS. Your Xero authorisation tokens are encrypted at rest, and access to personal information is restricted to those who need it to operate the service. Payment card numbers never touch our servers — they are handled by Stripe, and client invoice payments are handled by Xero. No service can guarantee absolute security, but we design for holding as little personal data as possible, for as short a time as possible.

Retention

We retain account data for as long as you have an account with us, plus any period required for accounting, tax or legal obligations. Shared invoice snapshots are kept only while a share is active and are removed when the share is revoked or the account is deleted. One-time sign-in links are short-lived and expire after a single use. When you delete your account, your data is removed from our live systems immediately and disappears from backup copies within 30 days; disconnecting Xero revokes our access to your accounting data.

Your information additional rights

Depending on your location, you may have additional rights regarding your information, including:

  1. Access and portability: You can request a copy of your personal data provided to Client Invoices by contacting us.
  2. Correction: You can update your personal data.
  3. Deletion: You can request Client Invoices to delete your personal information, except where retention is required by law, by contacting us.
  4. Withdrawal of consent or objection to processing: You can request Client Invoices to stop processing your personal data in certain situations by contacting us.

New Zealand Privacy Act 2020

As a New Zealand company we comply with the Privacy Act 2020 and its Information Privacy Principles. You have the right to access and correct personal information we hold about you. Our privacy officer can be reached at team@clientinvoices.com. If you are not satisfied with our response to a privacy concern, you can complain to the Office of the Privacy Commissioner at privacy.org.nz.

GDPR

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.

CCPA

If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know'), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.

If you would like to designate an authorised agent to submit these requests on your behalf, please contact us at the address below.

How to exercise your rights

To make such a request, contact Client Invoices at team@clientinvoices.com. All such requests are subject to verification of the identity of the requestor and the legitimacy of the request. We respond to all legitimate requests within 45 days. We take steps to determine whether the request is legitimate, but this does not extend the 45 days. The time period to provide the information may be extended once by an additional 45 days when reasonably necessary, and in this case, we will notify you and keep you updated.

To the extent we act as a provider's processor (for example, when we display invoices on their behalf), you can exercise your rights over that invoice data directly with the provider who shared it with you.

Your responsibilities as a provider

If you use Client Invoices to share invoices with your clients, you remain the controller of the contact and invoice data in your Xero account. You are responsible for connecting only Xero organisations you are authorised to access, for sharing invoices only with the people they are intended for, for having a lawful basis to process the personal data they contain, and for honouring your clients' requests for access, correction and deletion. Only use Client Invoices to share invoices for legitimate billing purposes.

You can withdraw your consent for processing of your information and use of the Services at any time. For instance, to stop email marketing, use the unsubscribe link found at the bottom of our marketing emails. To permanently delete your account, please email team@clientinvoices.com requesting the closure of your account and deletion of your data. This deletion is permanent and your account cannot be reinstated. We will only keep information that we are required to by law.

Opt-out & unsubscribe

Client Invoices sends both required service-related messages (such as sign-in links, transactional or legal notices) and optional newsletters. You can opt out of marketing communications by clicking the “unsubscribe” link in the messages you receive.

Children and minors

Client Invoices is a business tool and is not directed at children. We do not knowingly collect personally identifiable information from children under the age of thirteen. If you are under the age of thirteen, you must ask your parent or guardian for permission to use this website.

Governing law

Your information is provided to us in accordance with the laws of New Zealand.

Changes to this statement

Client Invoices updates this policy when our practices change. We encourage you to review it to stay informed about how we protect your information.

Contact information

For inquiries regarding Client Invoices's privacy practices, please contact Client Invoices at team@clientinvoices.com.

Last updated: June 11, 2026

© 2026 Client Invoices. All rights reserved.