EVRST Invoice logo
EVRST Invoice
Back to home

Privacy Policy

Version 2026-06-01 · Effective 2026-06-01

Data controller: Codecraft Innovations W.L.L (CR No. 179283-1, Kingdom of Bahrain)

1. Introduction & Scope

Codecraft Innovations W.L.L ("we", "us", or "our") respects your privacy. This Privacy Policy explains how we handle data in connection with your use of the EVRST INVOICE desktop application (the "Software").

EVRST INVOICE is designed as an offline-first application. This means that the core business and operational data you enter into the Software lives entirely on your own computer. We do not have a central database of your business data.

Under the Personal Data Protection Law (PDPL) of the Kingdom of Bahrain and other applicable data protection laws (such as those in the GCC, EU, or UK), you (the customer) are the Data Controller of the business data and personal information you enter into the Software. We are the Data Controller only for the strictly limited licensing and support data transmitted to us, as detailed below.

2. What Data We Process and Why

A. Data stored ONLY locally on your machine (We have NO access)

The following data is stored exclusively in a local SQLite database on your computer. We cannot see, access, retrieve, or process this data.

  • Company profile: Business name, address, tax ID, commercial registration number, logo, and bank details.
  • User accounts: Names, emails, passwords (stored only as a bcrypt hash), and optional PINs (hashed).
  • Contacts: Your customers and vendors (names, emails, phones, addresses, tax IDs).
  • Operational data: Inventory/stock items, invoices, quotations, purchase invoices, delivery notes, vouchers, payments, audit logs, document-design settings, and app settings.
  • Authentication tokens: If you connect Google Drive, the Google OAuth tokens are stored locally on your machine.

Your Responsibility: Because this data resides solely on your device, you are entirely responsible for backing it up, securing your computer, and establishing a lawful basis to process any personal data of your own customers or staff.

B. Licensing Data (Sent to our servers)

To activate your license, bind it to your device, and prevent software piracy, the Software transmits the following limited information to our cloud licensing provider:

  • License information: License key, business email (the email the license is registered under), and business name.
  • Device fingerprint: A cryptographic hash derived from non-personal machine attributes (e.g., hostname, OS platform/architecture, CPU model). This identifies the machine, not the user, and binds the license to a single device.
  • Validation data: Activation/validation timestamps and current license status.

Legal Basis & Purpose: We process this data for the performance of our license contract with you and for our legitimate interest in preventing unauthorized use or piracy of the Software. This is the only customer data routinely sent to us.

C. Optional: Google Drive Backup (User-Initiated)

If you choose to use the cloud backup feature, a backup file (a compressed copy) of your local data is uploaded directly to your own Google Drive account. The backup file is not additionally encrypted by the Software; its confidentiality relies on the security of your Google account. We do not receive, process, or store these backups. Your use of Google Drive is subject to Google's own privacy policy and terms of service.

D. Optional: Support Requests (User-Initiated)

When you submit a support ticket directly from within the Software, the message is routed to our support inbox (invoice-support@evrst.me) via a third-party email relay.

  • Data included: Ticket type, subject line, the message text you write, and basic app/system diagnostic info (e.g., app version).
  • Legal Basis & Purpose: We process this data based on our legitimate interest in providing customer support and resolving technical issues you report.

E. Website Contact Form (User-Initiated)

When you submit the enquiry form on this website, the details you provide (such as name, email, phone, country, business type, and your message) are delivered to our sales inbox (sales@evrst.me) through a third-party form-delivery service (Web3Forms). This website may also use a geolocation lookup (ipapi.co) to suggest a default display currency; this reads only your approximate country from your IP address and is not stored by us. We process this data based on our legitimate interest in responding to your enquiry.

3. What We Do NOT Collect

We believe in strict data minimization. EVRST INVOICE is built to respect your privacy by design. We explicitly DO NOT:

  • Collect or store your business/operational data (invoices, customers, inventory, etc.) on our servers.
  • Use analytics, telemetry, tracking pixels, or behavioral profiling within the Software.
  • Serve advertisements inside the Software.
  • Sell, rent, or share any of your personal data with third parties for marketing purposes.

4. Third-Party Processors

We use a select number of trusted third-party service providers to facilitate licensing, support, and website enquiries. These providers act as data processors and are bound by their own privacy policies:

  • Supabase: Acts as our cloud licensing database provider where License Keys and Device Fingerprints are stored, hosted in the Asia-Pacific (Singapore) region.
  • EmailJS: Acts as the email relay service routing your in-app support requests to our inbox.
  • Web3Forms: Acts as the form-delivery service routing website enquiry-form submissions to our sales inbox.
  • Google Drive: An optional service you may connect to host your own backup files (compressed copies of your local data).

5. Storage & Security

  • Local Security: Your business data relies on the security of your own Windows Device. Passwords inside the local Software are secured using bcrypt hashing. You are responsible for securing your Device and your Google account.
  • In-Transit Security: All cloud communications (licensing and the support email relay) are encrypted via HTTPS/TLS. License-server requests additionally use HMAC-signed payloads to prevent tampering.

6. Data Retention

  • Local Data: Retained on your Device indefinitely, subject to your own deletion or uninstall actions.
  • Licensing Data: Retained in our cloud licensing database for the active life of your License, plus a period of 5 years following license expiration or termination to maintain financial and contractual records.
  • Support Emails: Retained for 2 years after the support ticket is resolved to assist with future inquiries.

7. Data Subject Rights

Depending on your jurisdiction (including the Bahrain PDPL), you may have the right to request access to, correction of, deletion of, or restriction of processing regarding your personal data held by us.

  • To exercise your rights: Contact us at connect@codecraftbase.com.
  • Regarding your business data: Because we do not have access to the local database on your machine, any data subject requests you receive from your customers or employees must be handled by you directly using the tools provided within the EVRST INVOICE Software. We cannot access or delete your local data for you.

8. Children

The Software is a B2B (business-to-business) product and is not intended for or directed at children under the age of 18. We do not knowingly collect personal data from minors.

9. International Transfers

The limited licensing and support data we collect may be transferred to, processed, and stored on servers located outside the Kingdom of Bahrain (for example, by our processors like Supabase, EmailJS, and Web3Forms). By using the Software or this website, you acknowledge that your licensing/support/enquiry data may be transferred across borders, subject to appropriate legal safeguards.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we issue major updates, you will be prompted within the Software (or via email) to review and accept the new Privacy Policy. Your continued use of the Software following such updates constitutes your acceptance of the revised terms.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Codecraft Innovations W.L.L

Commercial Registration (CR) No. 179283-1

Kingdom of Bahrain

Privacy & Company Contact: connect@codecraftbase.com

Software Support: invoice-support@evrst.me

Domains: https://evrst.world | https://evrst.me | https://codecraftbase.com