VirtuAc

Privacy Policy

Last updated: March 2026

1. Introduction

VirtuAc ("we", "us", or "our") operates the VirtuAc invoice automation platform available at virtuac.com and app.virtuac.com. This Privacy Policy explains what personal data and business data we collect, how we use it, who we share it with, and what rights you have. By using VirtuAc, you agree to the practices described in this policy.

2. Data We Collect

Account Data

When you register, we collect your name, email address, organization name, and billing information. Billing data is processed by our payment provider and is not stored on VirtuAc servers.

Invoice and Document Content

When you submit documents for processing, we store the original files and the structured data extracted from them. This includes vendor names, tax identification numbers, invoice totals, dates, Israeli VAT allocation numbers, and line items. This data is associated with your organization account.

Channel Connection Data

When you connect Gmail, Microsoft Outlook, WhatsApp, or Telegram, we store OAuth tokens or API credentials necessary to access those channels on your behalf. We access only the data required for invoice retrieval. We do not read, store, or process any other messages or content from your connected accounts.

Usage Data

We collect anonymized usage data including page views, feature interactions, error events, and performance metrics. This data is used to improve the platform and is not linked to individual invoice content.

Correction and Audit Data

When you correct an extracted field, we record the original value, the corrected value, the field name, and the timestamp. This data is used to improve OCR accuracy over time and forms part of your organization's audit trail.

3. How We Use Your Data

We use collected data for the following purposes:

  • Providing and operating the VirtuAc service
  • Processing invoices through the OCR pipeline
  • Generating exports to connected accounting systems
  • Sending transactional emails such as account confirmations and invoices
  • Improving OCR accuracy using aggregated correction data
  • Monitoring system health and debugging errors
  • Complying with applicable legal obligations

We do not sell your data to third parties. We do not use your invoice content to train general-purpose AI models made available to other customers.

4. Data Storage and Security

Account and invoice data is stored in a managed PostgreSQL database hosted in the EU region (Frankfurt, Germany) by default. Enterprise customers may request Israeli data residency (me-west1 region) for local compliance requirements.

All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Access to production databases is restricted to authorized personnel and requires multi-factor authentication.

OAuth tokens and API credentials for connected channels are encrypted at the application layer before storage.

5. Third-Party Data Processors

We engage the following third-party processors who may access your data only to the extent necessary to provide their services to us:

  • AI Document Processing Services: VirtuAc uses third-party AI services for OCR extraction. Documents are submitted for extraction and are not retained by these services beyond the API call.
  • Messaging Infrastructure Provider: WhatsApp channel connections are handled via a third-party messaging platform. This provider processes message metadata and document payloads only as necessary to deliver messages to VirtuAc.
  • Cloudflare: DNS, CDN, and edge security. Cloudflare processes network traffic metadata. Invoice content is not processed by Cloudflare.
  • Neon: Managed PostgreSQL database hosting in the EU region.

All processors are contractually bound to process data only as instructed and to maintain appropriate security measures.

6. Data Retention

Account data is retained for the duration of your subscription and for up to 90 days following account deletion to allow for recovery requests. Invoice data and extracted content are retained for the duration of your subscription. You may request deletion of invoice data at any time from your account settings.

Usage and audit logs are retained for 12 months. Anonymized, aggregated usage statistics may be retained indefinitely.

7. Your Rights

Under the General Data Protection Regulation (GDPR) and the Israeli Privacy Protection Law, you have the following rights:

  • Right of access: You may request a copy of all personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate personal data.
  • Right to erasure: You may request deletion of your personal data, subject to legal retention obligations.
  • Right to restrict processing: You may request that we limit processing of your data in certain circumstances.
  • Right to data portability: You may request an export of your invoice data in a machine-readable format.
  • Right to object: You may object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@virtuac.com. We will respond within 30 days.

8. Cookies and Tracking

VirtuAc uses session cookies for authentication and functional cookies to remember your preferences such as language and theme. We do not use third-party advertising cookies. Analytics are collected using privacy-preserving methods that do not require consent under the EU ePrivacy Directive.

9. Children's Privacy

VirtuAc is a business-to-business service. We do not knowingly collect data from individuals under the age of 18. If you believe a minor has submitted data to us, please contact privacy@virtuac.com immediately.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. We will notify you of material changes by email or via an in-app notice at least 14 days before the change takes effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

11. Contact for Privacy Inquiries

For any privacy-related questions, requests, or concerns, please contact our privacy team at:

Email: privacy@virtuac.com
Address: VirtuAc Ltd., Tel Aviv, Israel