Privacy & GDPR

For: business owners handling EU customer data who need GDPR compliance tools. Covers: customer anonymization, data export, and data retention.

Customer data export

Export all data held on a customer in CSV or JSON format. Go to Customers and use the Export action (requires data.export permission — owner, admin, or accountant).

The export includes: customer details, contacts, all documents (invoices, quotes, credit notes), payments, and communication history.

Customer anonymization

When a customer requests data erasure (GDPR "right to be forgotten"), you can anonymize their record instead of deleting it. This preserves your legal obligation to retain invoice records while removing personal information.

What anonymization does

What is preserved

• Invoice snapshots: Customer name, address, and VAT number captured at the time each invoice was finalized. These are legally required for tax retention (NL: 7 years, EU: up to 10 years).
• Invoice numbers and amounts: All financial data on issued documents.
• Audit history: The anonymization event itself is logged.

How to anonymize

1. Go to the customer detail page.
2. Click Anonymize in the customer actions.
3. Confirm the action in the dialog.

This action is irreversible. Only users with the customers.manage permission (owner, admin, employee) can perform it.

Data retention

InvoiceScript never auto-deletes invoice data. Finalized invoices are retained indefinitely to comply with EU fiscal retention requirements.

Soft-deleted customers and documents remain in the database with a deleted_at timestamp. They can be permanently removed only via a maintenance command with foreign key safety checks.

Related pages

• Roles & Permissions
• Security