Security & limitations

Clear boundaries are better than broad promises.

InvoiceCraftly is designed so invoice and client content can be created locally in your browser. This page explains what that protects, what still reaches web-service providers, and what you remain responsible for checking.

Last reviewed 19 July 2026 No account system No document backend
Browser-local documents

What stays on this device

Invoice, client, line-item, payment, QR, note, and uploaded-logo content is stored in this browser. The local workspace can retain multiple recent documents, while Undo and Redo are kept only for the current editing session. InvoiceCraftly does not upload that document content to an InvoiceCraftly account or document database.

Browser storage is not a remote backup. Clearing site data, using private browsing, changing devices, or browser storage failure can remove local documents. Choose More → Export backup regularly; its JSON file contains documents, settings, and referenced logos, but not session-only Undo/Redo steps.

Read the backup guidance
Ordinary web requests

What service providers can process

Cloudflare delivers the site and may process ordinary request and security information. Google Fonts and cdnjs provide fonts and export/QR libraries and receive ordinary resource requests from your browser.

Contact and feedback submissions intentionally leave the browser. Cloudflare Turnstile, Pages Functions, Email Service, and the destination email provider process those messages as described in the privacy policy.

Current limitations

What the tool does not guarantee

  • InvoiceCraftly currently targets a single-page A4 document.
  • QR scanning and banking-app compatibility must be tested before sending.
  • Exports are visual files, not structured e-invoices or proof of compliance.
  • Tax rates, identifiers, legal wording, and local record rules are not validated.
  • Locally lost drafts cannot be recovered by InvoiceCraftly.
Responsible reporting

Found a security or privacy concern?

Please avoid sending live invoice content, credentials, bank details, or exploit instructions through public channels. Describe the affected page, browser, and safe reproduction steps.

Maintenance

How this page is kept useful

Security-relevant dependencies and product boundaries are reviewed as the application changes. Customer-visible privacy, security, storage, or export changes are recorded in the public changelog.

View the product changelog