Privacy Policy

Last updated: June 1, 2025

SmartInvoicing is committed to protecting your privacy. This policy explains what personal information we collect, how we use it, and the choices you have. By using our platform you agree to the practices described here.

1. Introduction

SmartInvoicing ("we", "our", "us") operates the website https://smartinvoicing.pk and the SmartInvoicing FBR e-invoicing platform (collectively the "Service"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our Service.

By registering for or using the Service you consent to the collection and use of your information as described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Business registration details: company name, business type, registered address.
  • Contact details: full name, email address, phone number.
  • Financial data: invoice amounts, buyer details, NTN numbers entered for FBR submission.
  • Account credentials: username and hashed password.
  • Support communications: messages sent through the contact form or email.

2.2 Information Collected Automatically

  • Log data: IP address, browser type, pages visited, time and date of access.
  • Device data: operating system, screen resolution, and device identifiers.
  • Usage data: features used, actions taken inside the platform, session duration.
  • Cookies and similar tracking technologies (see Section 8).

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Process and submit e-invoices to the FBR POS API on your behalf.
  • Activate and manage your account.
  • Send transactional notifications (invoice confirmations, account alerts).
  • Respond to support inquiries and troubleshoot issues.
  • Comply with legal and regulatory obligations, including FBR reporting requirements.
  • Improve the platform through analytics and usage patterns.
  • Prevent fraud and enforce our Terms of Service.

We do not use your data for unsolicited marketing without your explicit consent.

4. Sharing of Information

We do not sell your personal information. We may share it only in the following circumstances:

  • FBR (Federal Board of Revenue): Invoice data is transmitted to the FBR POS API as required for e-invoicing compliance. This is the core function of the Service.
  • Service Providers: Third-party vendors who assist us in operating the Service (e.g., hosting providers, email delivery) under strict confidentiality agreements.
  • Legal Requirements: When required by Pakistani law, court order, or regulatory authority.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred with appropriate notice.

5. Data Security

We implement industry-standard security measures including:

  • SSL/TLS encryption for all data in transit.
  • Hashed passwords using bcrypt — we never store plain-text passwords.
  • Role-based access controls limiting employee access to customer data.
  • Regular security audits and vulnerability assessments.

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Invoice records are retained for a minimum of 5 years as required under Pakistani tax regulations. Upon account closure, non-regulatory data is deleted or anonymised within 90 days.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your data (subject to legal retention obligations).
  • Withdraw consent at any time (where processing is based on consent).
  • Lodge a complaint with the relevant data protection authority.

To exercise these rights, email us at info@smartinvoicing.pk.

8. Cookies

We use cookies and similar technologies to:

  • Keep you logged in during a session (essential cookies).
  • Remember your preferences.
  • Analyse traffic and usage patterns (analytics cookies).

You can control cookies through your browser settings. Disabling essential cookies may prevent certain features from working correctly.

9. Third-Party Services

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before providing any personal data.

Third-party tools we may use include Google Analytics (anonymised IP), cloud hosting providers, and email delivery services. Each operates under its own privacy policy and data processing agreement.

10. FBR Compliance

SmartInvoicing is designed specifically for compliance with Pakistan's FBR e-invoicing regulations. Invoice data transmitted to the FBR POS API is governed by FBR's own data handling policies. By using our Service you acknowledge that invoice data will be shared with FBR as required by law.

We store FBR-submitted invoice records on your behalf for audit and reference purposes. These records form part of your legal compliance documentation.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of the page and, for material changes, notify registered users by email. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

SmartInvoicing
Islamabad, Pakistan