eDocuPortal

Data Protection Statement

Last updated: 2/20/2026

Introduction

Euro Smart Homes LLC ("we," "us," "our") operates eDocuPortal, a technical validation service for electronic invoices. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and applicable data protection laws.

All data processing for eDocuPortal takes place exclusively on EU-hosted infrastructure (Frankfurt, Germany) in compliance with GDPR requirements.

Our Privacy-First Architecture

eDocuPortal is designed from the ground up to minimize data collection:

  • No user accounts required: You can use our core validation service without registration or login
  • Ephemeral file processing: Uploaded files are deleted immediately after validation (typically within 30 seconds)
  • No persistent storage: We do not store your invoices or validation results unless you explicitly save them (requires account, future feature)
  • EU-only hosting: All data is processed on servers located in Frankfurt, Germany
  • No third-party trackers: We do not use Google Analytics, Facebook Pixel, or similar tracking tools

What Happens to Your Uploaded Files

When you upload an invoice for validation:

  1. The file is transmitted securely over HTTPS to our server in Frankfurt, Germany
  2. The file is temporarily stored in an isolated directory for processing
  3. The official KoSIT validator checks the file against XRechnung/EN16931 standards
  4. A validation report is generated and sent to your browser
  5. The uploaded file and all temporary data are immediately deleted (within 30 seconds)

Important: We do not read, analyze, or store the business content of your invoices. The validation process is fully automated and technical only.

Technical Logs

For security and operational purposes, our servers automatically collect minimal technical logs:

  • IP address (anonymized after 7 days)
  • Timestamp of request
  • Request type (e.g., "POST /validate")
  • File size (not file content)
  • Validation duration
  • HTTP status code

These logs are retained for 30 days and used solely for troubleshooting, security monitoring, and abuse prevention. They are not shared with third parties.

No Sensitive Data Required

eDocuPortal does not require or collect:

  • Personal identification documents
  • Payment information (service is currently free)
  • Social security numbers or tax IDs
  • Passwords or authentication credentials (unless you create an account)

Third-Party Services

Our infrastructure relies on the following GDPR-compliant providers:

  • Vercel (Frontend Hosting): EU region, GDPR-compliant
  • Fly.io (Backend Hosting): Frankfurt, Germany region, GDPR-compliant

We have data processing agreements (DPAs) in place with all providers. Your data does not leave the European Union.

Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right to access (Art. 15 GDPR): Request information about what data we hold about you
  • Right to rectification (Art. 16 GDPR): Correct inaccurate data
  • Right to erasure (Art. 17 GDPR): Request deletion of your data ("right to be forgotten")
  • Right to restriction (Art. 18 GDPR): Limit how we process your data
  • Right to data portability (Art. 20 GDPR): Receive your data in a machine-readable format
  • Right to object (Art. 21 GDPR): Object to processing based on legitimate interests
  • Right to withdraw consent (Art. 7 GDPR): Withdraw consent at any time

To exercise any of these rights, contact us at: info@edocuportal.com
We will respond within 30 days.

Security Measures

We implement state-of-the-art technical and organizational measures to protect your data:

  • Encryption in transit: All connections use HTTPS (TLS 1.3)
  • Automatic file deletion: Uploaded files are wiped within 30 seconds
  • Isolated processing: Each validation runs in an isolated environment
  • Regular security updates: Infrastructure is kept up-to-date
  • Access control: Only authorized personnel have system access
  • Monitoring: Automated alerts for suspicious activity

Data Breach Notification

In the unlikely event of a data breach that affects your personal data, we will:

  • Notify the relevant supervisory authority within 72 hours (Art. 33 GDPR)
  • Notify affected individuals without undue delay if the breach poses a high risk (Art. 34 GDPR)
  • Take immediate corrective action to prevent further breaches

Children's Privacy

eDocuPortal is a B2B service not intended for use by individuals under 18 years of age. We do not knowingly collect data from children.

Changes to This Statement

We may update this data protection statement to reflect changes in our practices or legal requirements. We will post the updated version on this page with a new "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated statement.

Contact & Complaints

Data Protection Contact:
Euro Smart Homes LLC
info@edocuportal.com

Right to Lodge a Complaint:
If you believe we have not handled your data properly, you have the right to lodge a complaint with your local data protection authority.