Security
Effective June 17, 2026 · Last updated June 17, 2026
You trust Lotus Invoice with your business data. Here's a plain-language summary of how we protect it.
1. Encryption in transit
All traffic between the Lotus Invoice app or website and our servers is encrypted in transit using TLS (HTTPS). Your data is never sent over an unencrypted connection.
2. Authentication
You can sign in with an email and password, or with Sign in with Apple or Google Sign-In. When you use a password, it is stored only as a salted, one-way hash — we never store or have access to your plaintext password. Signed-in sessions use revocable session tokens.
3. Infrastructure and access
Your data is hosted with a reputable cloud provider. We limit access to production systems to what is necessary to operate and support the Service, and we keep our software dependencies up to date.
4. Privacy-respecting analytics
We collect as little as we can. Our product analytics record only the events we instrument by hand — we do not use session recording or screen recording, and we do not send your name or email to our analytics provider. We never sell your data. You can read the full details in our Privacy Policy.
5. Payments
Lotus Invoice is currently free and does not process payments. If we introduce paid features, payments will be handled by a reputable, PCI-compliant payment provider, and we will never see or store your full card number.
6. Your control over your data
You can delete your account and its data at any time from the app's Settings. Your account is recoverable for 30 days, after which your data is permanently erased from our active systems.
7. Responsible disclosure
If you believe you've found a security vulnerability, we'd genuinely like to hear from you. Please email support@lotusinvoice.com with the details and steps to reproduce, and give us a reasonable chance to fix it before disclosing it publicly. We appreciate the help.
8. No system is perfect
We work hard to protect your information, but no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security, and you use the Service at your own risk.