Data Handling
This page describes how faktoora manages data residency, retention, backup, and deletion.
Data Residency
All faktoora production infrastructure is hosted in Germany by an EU-based, ISO 27001 certified infrastructure provider. Customer data — including invoices, contacts, and account information — resides exclusively within the European Union.
Data Retention
faktoora retains data in accordance with German and European legal requirements.
Business Documents
| Data type | Retention | Legal basis |
|---|---|---|
| Outgoing invoices | 10 years from end of calendar year | GoBD, AO § 147 |
| Incoming invoices | 10 years from end of calendar year | GoBD, AO § 147 |
| Offers, letters, reminders | 6 years from end of calendar year | GoBD |
| Peppol transmission records | 10 years | Peppol agreements, GoBD |
| VeriFactu registration records | 10 years | Spanish tax law |
| Bank transaction data | 10 years | GoBD |
| Subscription and payment records | 10 years | GoBD |
Operational Data
| Data type | Retention | Purpose |
|---|---|---|
| User accounts | Until deletion requested | Service provision |
| Session data | 24 hours (auto-expiry) | Authentication |
| Activity and audit logs | Indefinite | Security, compliance |
| Export archives | 90 days | Temporary user downloads |
| ICT incident records | Minimum 5 years | DORA compliance |
Backups
Backups are encrypted and retained for up to 24 months for disaster recovery purposes. Backup data follows the same access restrictions as production data.
Deletion
Account Deletion
Users can request account deletion at any time. Upon cancellation:
- The account is deactivated — users can no longer log in
- Personal data (name, email, settings) is anonymised or deleted upon request
- Invoice and financial data is retained per legal requirements (see retention periods above)
- Once legal retention periods expire, remaining data can be permanently deleted upon request
GDPR Erasure Requests
We honour all GDPR erasure requests to the extent permitted by law. German accounting law (GoBD) requires retention of invoice and financial records, which takes precedence over erasure requests during the applicable retention period. We will inform you of any limitations when processing your request.
Backup Retention
Data deleted from production may persist in encrypted backups for the backup retention period (up to 24 months). Backups follow the same access controls and encryption standards as production data.
Data Portability
faktoora provides self-service data export in multiple formats:
| Format | Use case |
|---|---|
| CSV | Spreadsheet-compatible tabular data |
| XLSX | Microsoft Excel format |
| JSON | Machine-readable structured data |
| XML | Standards-compliant e-invoice formats (ZUGFeRD, XRechnung, Peppol UBL) |
Data Integrity
Invoice data integrity is ensured through:
- Immutable audit trail that is tamper-evident and independently verifiable
- Parameterised database queries preventing injection attacks
- Frozen calculation functions — core invoice calculation logic is battle-tested and protected from modification
- Backup integrity verification with regular automated checks
Questions?
For questions about data handling, contact privacy@faktoora.com.