Privacy Policy for Greydesk E-Invoicing Console
Last Updated: August 12, 2025
Greymore Tech ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Greydesk E-Invoicing Console ("Service").
1. Information We Collect
We collect information that is necessary to provide and improve our Service, including:
- Account Information: Your name, email address, phone number, and company information you provide during registration.
- Entity and Invoice Data: All financial and identifying data you enter to create entity profiles and generate e-invoices. This includes your company data, your customers' data, and all line item details. This data is essential for the Service to function.
- Cryptographic Credentials: We process your Cryptographic Stamp ID (CSID) and API secrets provided by ZATCA. We also manage a secure reference to the private key generated on your behalf.
- Usage Data: We may collect data on how you interact with our Service to monitor performance and improve user experience.
2. How We Use Your Information
We use the information we collect for the following purposes:
- To provide, operate, and maintain the Service.
- To generate and submit e-invoices to the ZATCA FATOORA platform on your behalf.
- To manage your account and provide customer support.
- To comply with legal and regulatory obligations, specifically ZATCA's e-invoicing requirements.
- To monitor and analyze usage to improve the Service's functionality and security.
3. Data Storage, Security, and Archival
We take the security of your data very seriously and utilize industry-standard practices and services provided by Google Cloud Platform (GCP).
- Primary Data Hosting: Your account and invoice data is stored in a multi-tenant database hosted on GCP. We use logical data segregation (via an `lindex` key) to ensure your data is isolated from other users.
- Cryptographic Key Security: Your highly sensitive EGS private keys are **not** stored directly in our application database. They are stored in **Google Secret Manager**, a dedicated and highly secure vault service. Our application only accesses these keys via a secure reference at the moment of signing.
- Long-Term Document Archival: To comply with ZATCA's 6-year retention mandate, finalized invoices (in PDF/A-3 format with embedded XML) are automatically archived in **Google Cloud Storage**. Data in Google Cloud Storage is encrypted at rest by default.
4. Data Sharing and Disclosure
We do not sell or rent your personal or business data. We will only share your information in the following limited circumstances:
- With ZATCA: We will share your invoice data with the Zakat, Tax and Customs Authority (ZATCA) via their official APIs as is the primary function of this Service and as required by Saudi Arabian law.
- With Service Providers: We share data with our hosting provider, Google Cloud Platform, for the purposes of storing and processing your data as described above.
- For Legal Reasons: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation.
5. Your Data Rights
You have the right to access, update, or delete your account and entity profile information through the Service's interface. Please note that finalized and submitted e-invoices cannot be deleted, in accordance with ZATCA regulations and archival requirements.
6. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.
If you have any questions about this Privacy Policy, please contact us at sales@greymore.tech .