← Back to Invoice tool

Privacy Policy

Last updated : 2026-06-03

BemaPay ("we", "us") respects your privacy. This Privacy Policy explains how we collect, use, store and protect your personal information when you use our free tools. We comply with Canadian law, in particular the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Act respecting the protection of personal information in the private sector (Québec — Law 25).

1. Information we collect

Free tool usage (no account): the data you enter (salary, deductions, invoice items) is processed in your browser and is not transmitted to our servers, except for technical metadata (IP address, language, browser, anonymous statistics).

Account creation: when you create an account, we collect: email address, password (hashed with bcrypt), name (optional), company name (optional), language preference, IP address at signup, browser user-agent, and source (UTM parameters if provided).

OAuth sign-in (Google, Apple): if you sign in via Google or Apple, we receive only your email address and your unique identifier from the provider. We do not receive your password.

Saved invoices: when you save an invoice, we store: invoice number, dates, client information (name, email, address), line items, totals and your logo (if uploaded).

2. How we use your information

  • Provide the Service (save and display your invoices, calculations).
  • Send you the email verification link required to activate your account.
  • Send you payroll & invoicing tips, only if you have opted in (you can unsubscribe at any time).
  • Improve the Service through aggregated, anonymous statistics.
  • Meet our legal obligations (tax records, anti-fraud).

3. Sharing with third parties

We never sell your personal information. We may share it only with:

  • Hosting service providers (AWS, located in Canada — region ca-central-1).
  • Email delivery providers (transactional emails only).
  • Canadian authorities, only when required by law (subpoena, court order).

4. Data location and transfers

Your data is stored on servers located in Canada (Montréal region). We do not transfer your data outside Canada except as strictly necessary to operate the Service.

5. Retention

  • Account and saved invoices: as long as your account remains active.
  • Deletion: within 30 days of an account deletion request, except where the law requires longer retention.
  • Connection logs (IP, user-agent): 12 months for security and anti-fraud.

6. Your rights

Under Canadian and Québec law, you have the right to:

  • Access the personal information we hold about you.
  • Correct it if it is inaccurate.
  • Delete your account and the associated data.
  • Withdraw your consent to marketing emails at any time.
  • Request data portability (export your invoices in CSV / PDF).
  • File a complaint with the Commission d'accès à l'information du Québec (CAI) or the Office of the Privacy Commissioner of Canada.

To exercise these rights, contact us at: privacy@bemapay.com.

7. Security

We use TLS (HTTPS) encryption in transit and AES-256 encryption at rest. Passwords are hashed with bcrypt. Access to data is restricted to authorized personnel only.

8. Cookies

We use only essential cookies necessary for the Service to function (authentication session, language preference). We do not use third-party advertising or behavioural tracking cookies.

9. Children

The Service is not intended for children under 14. We do not knowingly collect personal information from minors.

10. Changes

Any substantive change to this Policy will be announced by email (for account holders) and on this page at least 30 days before it takes effect.

11. Contact — privacy officer

BemaPay's privacy officer can be reached at: privacy@bemapay.com.