Privacy Policy for Faktura

Last Updated: 11/02/2026

Thank you for visiting Faktura ("we," "us," or "our"). This Privacy Policy outlines how we collect, use, and protect your personal and non-personal information when you use our website located at https://faktura.lu (the "Website").

By accessing or using the Website, you agree to the terms of this Privacy Policy. If you do not agree with the practices described in this policy, please do not use the Website.

1. Data Controller

The entity responsible for processing your personal data is:

Morgul Labs S.à r.l.-S

Luxembourg, Luxembourg

2. Information We Collect

2.1 Personal Data

We collect the following personal information:

• Account Information: Name, email address, and business details when you register.
• Payment Details: Processed via Stripe (we do not store full credit card numbers).
• Billing Data: Invoices, customer names, and addresses you enter into the platform.
• Communication: Emails sent to our support team.

2.2 Non-Personal Data

We use cookies to collect technical information like IP addresses, browser types, and usage patterns to improve our service.

3. Legal Basis for Processing

We process your data based on the following legal grounds:

• <strong>Contract:</strong> To provide the invoicing services you signed up for.
• <strong>Legal Obligation:</strong> To comply with Luxembourg accounting and tax laws.
• <strong>Legitimate Interests:</strong> To improve our platform and ensure security.

4. Purpose of Data Collection

We use your data to provide invoicing services, process payments, provide customer support, and meet legal requirements for financial record-keeping.

5. Data Retention

We retain your data for as long as your account is active. Please note that under Luxembourg law, accounting records (including invoices) must be retained for at least 10 years.

6. Data Sharing

We do not sell your data. We share it only with essential service providers like Stripe (payments) and ZeptoMail (emails), or when required by Luxembourg authorities.

7. International Transfers

We store your data on servers located within the European Economic Area (EEA). If we use sub-processors outside the EEA, we ensure they provide adequate protection as required by GDPR.

8. Your Rights

Under GDPR, you have the following rights:

• Access your personal data
• Rectify inaccurate data
• Request erasure ('right to be forgotten')
• Restrict processing
• Data portability
• Object to processing

9. Supervisory Authority

If you believe your data rights have been violated, you have the right to lodge a complaint with the Luxembourg National Commission for Data Protection (CNPD).

10. Children's Privacy

Faktura is not intended for children under the age of 18. We do not knowingly collect personal information from children.

11. Updates to the Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal obligations. Significant changes will be notified via email.

12. Contact Information

For any privacy-related questions or to exercise your rights, contact us at: support@faktura.lu