Security

How invoice data is handled

• Invoice drafts are created in your browser. When you click Download e-invoice XML or Download PDF, the invoice data is sent to the server to generate the file and return it to your browser.
• We aim to avoid storing invoice content after generation is complete, except where needed briefly for security, troubleshooting, or legal obligations.
• Avoid entering sensitive information that does not belong on an invoice (for example: passwords, full bank login details, or personal ID documents).

Transport security (HTTPS)

The site is served over HTTPS where supported by our hosting provider, which helps protect data in transit between your browser and our servers.

Access control and abuse prevention

• We monitor for suspicious activity and may block abusive traffic.
• We may apply rate limits to protect the service from automated misuse.
• We keep software dependencies updated where practical.

Data minimisation

We try to collect and retain as little data as possible. If we add analytics, we aim to use privacy-friendly settings and keep data for a limited period.

Your role in security

• Double-check invoice details before sending to customers.
• Use a trusted device and keep your browser updated.
• Be careful when sharing PDFs/XML files (they may include addresses, VAT numbers, and payment details).

Reporting a security issue

If you think you’ve found a security issue, please email hello@fafflessvat.co.uk with details (what you saw, steps to reproduce, and screenshots if helpful). We appreciate responsible disclosure and will investigate as quickly as possible.