Last updated: 15 July 2026

This privacy policy describes how invoiceNow (“the Software”, “the app”) handles information when you use the desktop application and when you optionally connect a Google account to send invoices via Gmail. invoiceNow is free software developed by Oisin McGrath (“I”, “me”, “the developer”) under the GNU General Public License, version 2 (GPLv2) only — not any later version.

Plain summary: invoiceNow runs on your computer. I do not run a cloud account system for your invoices. I do not receive your email content or Gmail tokens on any server of mine. Optional Gmail access is only to send messages you approve, using Google’s API from your machine.

This document is written so you (and Google’s OAuth review) can see exactly what the Software does with data. It is not legal advice. For how the Software is licensed and the “use at your own risk” rules, see the Terms of use and the LICENSE file shipped with the Software.

1. What invoiceNow is

invoiceNow is a desktop application for people who create tax invoices (especially Australian sole traders). It can store business profile details, contacts, invoices, and PDF files on your device, and optionally help you email a PDF using:

I operate no invoiceNow backend server that stores your invoices, contacts, or mail. There is no invoiceNow cloud login for your business data. If you never connect Gmail or Outlook, the app never talks to Google or Microsoft about your mail.

2. Who is the “controller” of what?

3. Google user data — what we access, use, store, and share

Google requires apps that use Google APIs to disclose clearly how they access, use, store, or share Google user data. That is the purpose of this section.

3.1 Scopes (access)

If you choose Gmail and click Connect, the Software requests only:

The Software does not request broader Gmail scopes such as full mailbox read, modify, or mail.google.com.

3.2 How Google user data is used

Google user data obtained through these APIs is used only to:

It is not used for advertising, analytics products, credit scoring, AI model training on your mail, resale, or any purpose other than those user-facing features.

3.3 How Google user data is stored

After you sign in, OAuth access and refresh tokens (and the connected email address returned by Google) are stored only on your own machine, inside invoiceNow’s local application-data directory. They are never uploaded to a server the developer controls.

Example locations of that application-data directory:

Message content you type for an invoice email, and PDF attachments generated by the app, also live on your device (and, when you send via Gmail API, are transmitted over an encrypted TLS connection from your device to Google so Google can deliver the message — that transmission is part of using Gmail, not a transfer to me).

3.4 Sharing / transfer of Google user data

I do not sell, rent, or trade Google user data. I do not share Google user data with advertisers, data brokers, or information resellers.

The only “transfers” of Google-related data in normal use are:

If you yourself forward, export, or back up files from your computer, that is under your control, not mine.

3.5 Google API Services User Data Policy — Limited Use

invoiceNow’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. Email is sent only on your explicit action

The Software does not send email automatically in the background or on a schedule. A Gmail API send happens only when you start an email action and confirm the preview. Desktop mail opens a draft in your mail program; you still press Send there.

5. Other data the app processes locally (not Google)

On your device, the Software may store, for example:

That information is not uploaded to me. I have no server that receives your invoicing database.

6. Security

Reasonable steps for a local desktop app include: using HTTPS for OAuth and API calls to Google/Microsoft; storing tokens in your user profile data directory rather than shipping them in the installer; and not logging token secrets to a developer backend.

You are responsible for device security (OS updates, account passwords, disk encryption, backups, who can use your login). Anyone with access to your user account can typically access the local database and tokens. I cannot secure a computer I do not control.

7. Retention and deletion

Google access

Revoke the app at any time: https://myaccount.google.com/permissions (Google Account → third-party access / connections). After revocation, Google will reject the app’s tokens.

Local data

Because I hold no server-side copy of your Google tokens or invoice database, revoking Google access and deleting local files is a complete removal from the product’s perspective.

Tokens remain on disk until you disconnect or delete them. There is no separate cloud retention period on my side.

8. Microsoft / Outlook (for completeness)

If you connect Outlook, the Software uses Microsoft identity and Graph delegated permissions appropriate to sending mail (for example Mail.Send and User.Read), with tokens stored locally the same way. The same principles apply: no developer backend, send only on your action, tokens on your machine. Microsoft’s own terms and privacy policy apply to Microsoft’s services.

9. Children

invoiceNow is a business tool intended for adults aged 18 and over. It is not directed at children, and Connect features should not be used with a child's Google account.

10. Free software and honesty about risk

invoiceNow is free software. I provide it in the hope that it is useful. I do not sell a paid privacy “service”, do not host your data, and do not promise perfection. Privacy practices described here describe how the Software is designed to behave. Bugs, misuse, malware on your machine, or third-party outages can still cause problems — that risk sits with you under the GPL and the Terms of use.

11. This website

Public pages at oisinmcgrath.com (home, this policy, terms) are static. They use no tracking, no analytics, and no advertising cookies that I configure. Your browser and host may still produce ordinary server or TLS logs outside my product design; I do not run ad trackers on these pages.

12. Changes

If how the Software uses Google user data changes, I will update this policy and the “Last updated” date. Material changes to Google data use should also be reflected in the product and, where required, fresh consent. Continued use after an update means you should re-read this page when you upgrade.

13. Contact

Privacy questions about invoiceNow: [email protected]

Developer: Oisin McGrath · https://oisinmcgrath.com

This policy is provided for transparency and product compliance (including Google OAuth). It is not a guarantee against all legal claims in every jurisdiction.