Data processing terms for businesses

Last updated: March 6, 2026

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between Ready Invoices (operated by OMEGA LAB INC, “Processor,” “we,” “us”) and the customer (“Controller,” “you”) who uses the Ready Invoices Platform. It governs our processing of personal data on your behalf under Article 28 of the GDPR and similar data protection laws.

1. Subject matter & duration

• Processor provides invoice, estimate, and payment management services to Controller.
• Processing covers the personal data contained in documents, customer lists, payment records, and other content you upload.
• Processing lasts for the term of our underlying agreement plus any deletion period described below.

2. Roles & instructions

• You act as data controller; we act as data processor.
• We process personal data only on documented instructions from you (including via the Platform settings and APIs).
• If we believe an instruction violates applicable law, we will promptly inform you.

3. Categories of data & data subjects

Depending on your use of the Platform, personal data may include:

• Customer and vendor contact information (names, addresses, emails, phone numbers, tax IDs).
• Financial and billing data (invoice line items, payment histories, bank references).
• Employee or contractor data if you invoice on their behalf.

Data subjects may include your customers, vendors, employees, or other individuals whose data you enter.

4. Processor obligations

• Process personal data solely to provide, secure, and improve the Platform or as required by law.
• Ensure persons authorized to process the data are bound by confidentiality obligations.
• Implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure.
• Maintain records of processing and make them available upon request.

5. Sub-processors

Ready Invoices may engage third-party sub-processors (e.g., hosting providers, payment processors). We:

• Only use sub-processors that implement appropriate security measures.
• Remain responsible for their performance.
• Provide notice of new sub-processors and give you the opportunity to object where required.

6. Assistance to controller

• We assist you in responding to data subject requests (access, rectification, erasure, etc.) via in-product tools or support.
• We assist with data protection impact assessments, breach notifications, and consultations with supervisory authorities where reasonably required.

7. Security incidents

We notify you without undue delay after becoming aware of a personal data breach affecting your data, providing information to help you meet any notification obligations. We cooperate with you in mitigating the effects of the incident.

8. Audits & information

Upon reasonable written request, we provide documentation necessary to demonstrate compliance with this DPA. You may conduct audits once per year (or following a confirmed security incident) with reasonable notice and without disrupting our operations. Audits may be satisfied by industry-standard certifications or third-party assessments.

9. Return or deletion of data

Upon termination of our services, you may export your data via the Platform. We delete or anonymize personal data within your account within 60 days after closure, unless we are legally required to retain it (e.g., for tax or accounting obligations) or you instruct us otherwise.

10. International transfers

Personal data may be stored and processed in Seychelles or any country where Ready Invoices or its sub-processors operate. We ensure adequate safeguards for international transfers, including standard contractual clauses where applicable.

11. Governing law

This DPA is governed by the laws of the Republic of Seychelles, without regard to conflict-of-law principles.

12. Contact

For questions about this DPA, contact the Ready Invoices privacy team at team@omega-lab-inc.net.