Privacy Policy
Last updated: January 5, 2026
Third-Party Services
This product uses the following third-party services that may collect data:
Stripe
- Data Collected
- Payment card details, billing address, and transaction information
- Purpose
- To securely process payments and prevent fraud. Stripe handles all payment processing and we never store your full card details.
- Data Retention
- Transaction records are retained as required by financial regulations. Stripe retains data according to their data retention policy.
- More Information
- View Stripe Privacy Policy
Auth Server (OAuth Pass-Through)
- Data Collected
- OAuth tokens (pass-through only). Tokens flow through but are never saved, logged, or stored on our servers.
- Purpose
- To authenticate with Stripe without storing your credentials. All data processing happens locally on your computer. You can bypass this by using Stripe API keys directly.
- Data Retention
- No data is stored, logged, or persisted. The auth server acts purely as a pass-through for OAuth tokens.
Your Rights
Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:
Right of Access: You have the right to request a copy of the personal data we hold about you.
Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
Right to Erasure: You have the right to request that we delete your personal data, subject to certain legal exceptions.
Right to Restriction: You have the right to request that we restrict the processing of your personal data in certain circumstances.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
Right to Objection: You have the right to object to the processing of your personal data for certain purposes, including direct marketing.
To exercise any of these rights, please contact us using the contact information provided below.
Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include encryption, secure servers, and regular security assessments. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.
Children's Privacy
Our products are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us so that we can delete the information.
Contact Information
If you have any questions about this privacy policy or our data practices, or if you wish to exercise your rights under GDPR, please contact us:
LudoMagus GmbH
Email: contact@ludomagus.com
We will respond to your request within 30 days as required by GDPR.
Local-Only Data Processing
Smart Invoice Downloader is designed with privacy at its core. All invoice data processing happens entirely on your local computer. Your invoices are downloaded directly from Stripe to your device without being stored, processed, or transmitted through our servers.
The application only communicates with:
- Stripe’s servers to authenticate and retrieve your invoices
- Our auth server solely to facilitate OAuth authentication (no data is stored)
Bypass Option
If you prefer not to use our auth server for OAuth authentication, you can connect directly to Stripe by providing your own API keys. This option is available in the application settings and allows you to completely bypass our auth server while maintaining full functionality.
For questions about this privacy policy, please contact us through our support page.