Privacy Policy

Last Updated: 08/09/2025

Effective Date: 08/09/2025

Introduction

BKV Productions LLC, doing business as BKVInvoice ("we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoice management service at BKVInvoice.com (the "Service").

Information We Collect

Information You Provide to Us

  • Account Information: Company name, address, user names, email addresses, and passwords
  • Business Data: Client information, product/service details, invoice data, payment records, and financial information
  • Company Branding: Company logos and branding materials
  • Communication Data: Email content, support requests, and feedback
  • Payment Information: Stripe, Inc. processes all payment data directly; we never store credit card numbers or sensitive payment details
  • Stripe Connect Data: Account status and capabilities for payment processing through your connected Stripe account

Information We Collect Automatically

  • Usage Data: How you interact with our Service, features used, and performance metrics
  • Technical Data: IP addresses, browser type, device information, and cookies
  • AI Processing Data: Original and AI-enhanced content for audit purposes
  • File Data: Invoice PDFs, attachments, and related documents stored in secure cloud storage

Information from Third Parties

  • Currency Exchange Rates: Real-time and historical currency conversion data
  • Tax Information: Updated tax rates and regulations via AI-powered updates
  • Email Delivery: Bounce notifications and delivery status

How We Use Your Information

Service Provision

  • Provide and maintain the invoice management service
  • Process payments and manage subscriptions
  • Generate and send invoices and payment reminders
  • Store and manage your business data securely

AI Features

  • Enhance invoice and product descriptions using OpenAI's API
  • Generate professional email content for invoice delivery
  • Update tax rates and currency information automatically
  • Improve service functionality and user experience

Communication

  • Send service-related emails (account updates, security alerts)
  • Provide customer support and respond to inquiries
  • Send important notifications about your account

Legal and Security

  • Comply with legal obligations and regulatory requirements
  • Protect against fraud, abuse, and security threats
  • Maintain audit logs for compliance and security purposes

Data Sharing and Disclosure

We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties.

Service Providers

We share data with trusted service providers who assist in operating our service:

  • Supabase: Database and authentication services
  • AWS Lambda: PDF generation and automated tasks
  • Cloudflare R2: Secure file storage (100GB maximum per account)
  • Stripe, Inc.: Payment processing and subscription management
  • Stripe Connect: Client payment processing (when you connect your account)
  • OpenAI: AI enhancement features (optional, with your consent)
  • SMTP Providers: Email delivery (as configured by you)

Legal Requirements

We may disclose your information if required by law or to protect our rights, property, or safety.

Data Retention

Active Accounts

  • Business data is retained while your account is active
  • File attachments and PDFs are stored for up to 7 years (configurable)
  • Audit logs are maintained for security and compliance
  • API usage and bandwidth subject to automatic rate limiting

Account Deletion

  • 30-day grace period after deletion request
  • During this period, you can export all your data or cancel deletion
  • After 30 days, all data is permanently deleted from our systems
  • Secure download links expire after 30 days
  • Backups are purged within 60 days of account deletion

Legal Requirements

  • Financial records may be retained longer to comply with tax and accounting regulations
  • Audit logs may be retained for security and compliance purposes

Your Rights and Choices

Access and Control

  • Data Export: Download your data in CSV, Excel, or PDF formats
  • Data Deletion: Request complete account deletion through settings
  • Data Correction: Update your information through account settings
  • MFA Management: Enable/disable multi-factor authentication

Communication Preferences

  • Opt out of marketing communications (service emails still required)
  • Configure email notification settings
  • Control reminder frequency and delivery methods

AI Features

  • Use AI enhancement features voluntarily
  • Original content is preserved alongside AI-enhanced versions
  • Opt out of AI features at any time

Data Security

Security Measures

  • Encryption: All data encrypted in transit and at rest
  • Access Controls: Role-based access with multi-factor authentication
  • Audit Logging: Comprehensive logs of all data access and changes
  • Regular Security Audits: Ongoing security assessments and updates

Data Breach Response

  • Immediate notification of affected users
  • Investigation and remediation procedures
  • Compliance with legal reporting requirements

International Data Transfers

Data Processing

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international data transfers.

GDPR Compliance

For EU users, we comply with GDPR requirements including:

  • Lawful basis for processing
  • Data subject rights
  • Data protection impact assessments
  • Breach notification requirements

CCPA Compliance

For California residents, we comply with CCPA requirements including:

  • Right to know about personal information collected
  • Right to delete personal information
  • Right to opt-out of data sales (we do not sell data)
  • Right to non-discrimination

Cookies and Tracking

Essential Cookies

  • Authentication and session management
  • Security and fraud prevention
  • Service functionality

Analytics Cookies

  • Service improvement and performance monitoring
  • Usage pattern analysis (anonymized)

Third-Party Cookies

  • Stripe payment processing
  • Currency exchange rate services
  • AI service providers

Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on our website
  • Sending email notifications to registered users
  • Updating the "Last Updated" date

Payment Processing

Subscription Payments

  • Processed securely through Stripe, Inc.
  • We store only non-sensitive payment metadata (last 4 digits, card type)
  • Recurring billing managed by Stripe
  • Sales tax calculated and collected where applicable

Client Payments (Stripe Connect)

  • When you connect your Stripe account, we access:
    • Account status and capabilities
    • Payment success/failure notifications
    • Basic transaction metadata
  • All funds go directly to your Stripe account
  • You are responsible for your own tax reporting

Contact Us

BKV Productions LLC 3993 Black Feather Trail Castle Rock, CO 80104

If you have questions about this Privacy Policy or our data practices: Email: [email protected]

Data Protection Officer

For GDPR-related inquiries: Email: [email protected] Address: 3993 Black Feather Trail, Castle Rock, CO 80104

Complaints

If you believe we have not addressed your privacy concerns, you may contact your local data protection authority.