Privacy Policy

Last updated: February 7, 2026

This privacy policy describes how OFFIX ("we", "us") collects, uses, and protects your personal data when you use our iOS app and web portal. OFFIX is an invoicing tool and acts as a data processor for the business documents you create. Your business is the data controller for your customers' information.

1. Data Controller

OFFIX
Nenad Milicevic (Sole Proprietorship)
Org.nr: 880101-XXXX
VAT: SE880101XXXX01
Registered for F-skatt

Address: Stockholm, Sweden
Email: support@getoffix.com
Web: getoffix.com

2. What Data We Collect

• Account information: email, name (upon registration)
• Voice recordings: temporarily for AI transcription, deleted after processing
• Quote and invoice data: customer name, address, project description, line items, prices
• Personal ID number: optional, for ROT/RUT tax deduction (see section 6)
• Payment information: handled by Apple (In-App Purchase) or Stripe (portal)

3. How We Use Your Data

• Create quotes and invoices via AI transcription
• Sync data between devices
• Manage your account and subscription
• Improve the service

4. Third-Party Providers

We share data with the following services to provide OFFIX:

• OpenAI (USA) — Whisper (transcription) and GPT-4o (quote parsing). Voice data is encrypted, processed, and deleted. Transfer to USA uses Standard Contractual Clauses (SCC).
• Supabase (EU) — Database, authentication, and file storage.
• Apple — CloudKit (data sync), StoreKit (payments).
• Stripe (EU/USA) — Payment processing for the web portal.
• Netlify (USA) — Web hosting.
• Google — Google Sign-In for authentication.
• Resend (EU/USA) — Email delivery service. Processes recipient email addresses and email content.
• Microsoft Clarity (EU/USA) — Analytics and heatmaps on the web portal. Processes anonymized usage data and session recordings. Only loaded after cookie consent.

5. Legal Basis (GDPR Art. 6)

• Contract: Processing necessary to provide the service
• Legitimate interest: Service improvement, security
• Consent: Voice recording, personal ID number

6. Personal ID Number (GDPR Art. 87)

Personal ID numbers are collected voluntarily solely for ROT/RUT tax deduction calculation. The data is stored encrypted and is not shared with third parties except as required for the deduction.

7. Retention Periods

• Voice recordings: Deleted after transcription (within minutes)
• Quotes/invoices: Stored as long as your account is active. Upon cancellation: 90-day grace period with read-only access, then archived for up to 24 months, then permanently deleted. OFFIX has no legal obligation to retain your business documents — you are responsible for archiving them in accordance with applicable law
• Customer data: Until you delete your account or cancel your subscription (same retention periods apply)
• Account data: 90-day grace period after account deletion, archived for up to 24 months, then permanently deleted. You can request immediate deletion or data export via support

8. Your Rights

Under GDPR, you have the right to:

• Request access to your personal data
• Request rectification of incorrect data
• Request erasure of your data
• Request data portability (export in machine-readable format)
• Object to processing
• Request restriction of processing

Contact us at support@getoffix.com to exercise your rights.

9. Cookies

The web portal uses only essential cookies for login and session management (Supabase Auth). We do not use tracking or third-party cookies.

10. Supervisory Authority

You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY):
www.imy.se

11. Changes

We may update this policy. For material changes, we will notify you via email or in the app. The latest version is always available on this page.

Questions? Contact support@getoffix.com