Who We Are

Folio by c3 ("we", "us", "our") is an invoicing and billing management service operated by:

Code3
Železnička 14, 22320 Inđija, Serbia
Registration number: 62611421
VAT number: 107254196

By using the service you agree to the collection and use of information as described in this policy.

Information We Collect

Account Information

When you create an account we collect your email address and a securely hashed password. We do not store your password in plain text.

Business & Invoice Data

To operate the service you may provide your company name, address, tax identification numbers, client details (names, addresses, emails), invoice line items, and payment records. This data is yours — we store it to provide the service and never sell or share it with third parties for marketing purposes.

Logo & Image Uploads

If you upload a company logo, the image is stored and served via Cloudinary (cloudinary.com), a third-party image management service. Uploaded images are associated with your account and are subject to Cloudinary's Privacy Policy. You can remove your logo at any time by clearing the logo URL in your branding settings.

Subscription & Payment Data

Subscription billing is handled by Paddle (paddle.com), our payment processor. We do not store credit card numbers or full payment details on our servers. We receive subscription status events (plan, billing period, status) from Paddle via webhooks to manage your access. Paddle acts as the Merchant of Record for your subscription and has its own Privacy Policy.

Technical Data

We collect standard server logs including IP addresses, request URLs, HTTP status codes, and response times for operational monitoring and debugging. Logs are retained for a limited period and are not used for profiling.

How We Use Your Data & Legal Basis

We do not use your data for advertising. We do not sell your data to third parties.

PurposeData usedLegal basis (GDPR Art. 6)
Providing the service (accounts, invoices, clients)Account & business dataContract performance (Art. 6(1)(b))
Sending transactional emails (verification, password reset, invoice delivery)Email addressContract performance (Art. 6(1)(b))
Managing subscription and trial statusSubscription dataContract performance (Art. 6(1)(b))
Operational monitoring, security, and fraud preventionServer logsLegitimate interests (Art. 6(1)(f))
Measuring the effectiveness of advertising campaigns (signup conversion only, on the registration page)Page view and signup event, IP address, browser dataLegitimate interests (Art. 6(1)(f))
Responding to support requestsEmail address, message contentLegitimate interests (Art. 6(1)(f))

Data Storage & Security

Your data is stored in a PostgreSQL database hosted on a secured server. We use industry-standard security practices including HTTPS, session encryption, and hashed credentials. No security measure is 100% guaranteed, but we take the protection of your data seriously.

Data Retention

We retain your account and invoice data for as long as your account is active. All data belongs to you — we store it solely to provide the service. If you delete your account, we will permanently delete all your data within 30 days. Server logs are retained for a maximum of 90 days.

Your Rights

If you are located in the European Economic Area or the United Kingdom, you have the right to:

To exercise any of these rights, you can use the tools in your account settings or contact us at the email below.

Third-Party Services & International Transfers

We use the following third-party services. Where these providers are based outside the EEA, transfers are governed by Standard Contractual Clauses (SCCs) or the provider's own adequacy mechanisms.

Cookies & Sessions

We use a single, strictly necessary session cookie to keep you logged in. We do not use analytics or general tracking cookies across the service.

The one exception is the registration page (/auth/register): when we are running paid advertising campaigns, the Meta (Facebook) Pixel may set its own cookies on that page only, for the sole purpose of measuring signup conversions from those campaigns. These cookies are not present on any other page of the service. See the Meta entry under "Third-Party Services" above for details.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by updating the "Last updated" date above and, where appropriate, by email notification.

Contact

Code3
Železnička 14, 22320 Inđija, Serbia
[email protected]

← Back to app