Oris Invoiceby ORIS Intelligence
Start free
🇪🇬 Egypt home
Egypt · EG

Privacy Policy

How we collect, use, store, and share personal information when you use Oris Invoice. Aligned with the local data-protection regime listed below.

Aligned with: Egyptian PDPL 151/2020·Effective: April 29, 2026

Not legal advice. This page is a templated baseline aligned with Egyptian PDPL 151/2020. It does not constitute independent legal advice and has not been reviewed by counsel for your specific circumstances. For questions or to request the executed PDF version, email legal@orisinvoice.com.

1. Who we are

Oris Invoice is operated by ORIS Intelligence Pvt Ltd. For users resident in Egypt, this Privacy Policy is governed by the Egyptian Personal Data Protection Law (PDPL) Law No. 151 of 2020 and its Executive Regulations. The competent supervisory authority is the Personal Data Protection Center (CPDC), once fully operational.

2. What personal data we collect

We collect: account identifiers (name, email, phone, national ID where required), organisation tax registration data (Tax Card / Tax Registration Number, Commercial Register Number), invoice and customer master data, payment metadata, and standard system telemetry. We do not collect sensitive personal data unless you upload it within an invoice description.

3. Lawful basis and purpose

We process personal data on the basis of (a) Egyptian PDPL Art. 2 — contract; (b) PDPL — legal obligation under the Egyptian VAT Law and ETA e-invoicing rules; (c) PDPL — legitimate interest in security; (d) PDPL — explicit consent for non-essential analytics.

4. Sub-processors and international transfers

Vetted list available on request. For Egyptian residents, primary data hosting is in me-central-1 (UAE) or eu-south-1 (Milan). Cross-border transfers comply with PDPL Art. 14 — adequacy decisions, controller-to-processor contracts approved by CPDC, or explicit data-subject consent.

5. Retention

Account and invoice data retained for the longer of (a) subscription duration plus 30 days, or (b) the 5-year statutory retention under the Egyptian Tax Procedures Law. Audit logs retained for the same period on INSERT-only basis. Backups retained 35 days.

6. Your rights (PDPL Art. 4)

You may request access, correction, erasure (subject to retention overrides), restriction, objection, portability, or lodge a complaint with CPDC. Submit to privacy@orisinvoice.com — we respond within 30 days.

7. Security (PDPL Art. 9)

AES-256-GCM at rest. Sensitive fields (national ID, bank account, tax IDs) individually encrypted at the column level with KMS-managed keys. PostgreSQL Row-Level Security keyed on org context. SOC 2 Type II + ISO 27001-aligned ISMS.

8. Cookies and analytics

Essential cookies for authentication only. Optional analytics cookies disabled by default; require consent. No cross-site tracking pixels.

9. Children's data

Oris is a B2B service not directed at individuals under 18 (PDPL + Egyptian Civil Code). We do not knowingly collect personal data from children.

10. Contact and updates

Privacy: privacy@orisinvoice.com. DPO: dpo@orisinvoice.com. Material changes posted 30 days before effective.