GDPR & Data Management

Complete control over your personal data. Export or delete at any time.

Privacy First: thelawin.dev is stateless. We never store your invoice data. PDFs are generated and returned immediately.

On This Page

→ Data Export (Art. 15) → Account Deletion (Art. 17) → What We Never Store → GDPR Rights Summary → Frequently Asked Questions

Data Export (Article 15 - Right of Access)

Format

JSON (machine-readable)

Processing Time

1-2 minutes

Rate Limit

1 per 24 hours

Download all your personal data in machine-readable format (JSON). This includes your account information, API keys, usage statistics, OAuth connections, and Stripe billing history.

How to Export Your Data (6 steps)
  1. 1 Go to Settings
  2. 2 Scroll to the Privacy & Data section
  3. 3 Click Request Data Export
  4. 4 Wait 1-2 minutes for processing
  5. 5 Check your email for the download link
  6. 6 Download your data (link expires after 48 hours)
What's Included in the Export? (7 files)
File Content
account.json Email, locale, plan, registration date, OAuth providers
api_keys.json Key names, environments (sandbox/live), creation dates, last usage
usage_logs.json API calls, endpoints, formats, response times (10,000 most recent)
oauth_identities.json Connected OAuth accounts (Google, GitHub, LinkedIn)
stripe_billing.json Complete billing history, invoices, subscriptions, payment methods
metadata.json Export timestamp, file count, total size
README.txt Export information and file descriptions

Security & Privacy

For your security, sensitive data is excluded from exports:

Passwords
API key hashes
OAuth tokens
Session tokens

Account Deletion (Article 17 - Right to Erasure)

Safety Delay

15 minutes

Cancellation

Via email link

Reversible?

No (after 15 min)

Permanently delete your account and all associated data. This action is irreversible, but includes a 15-minute safety delay to prevent accidental deletions.

Deletion Timeline:

0

Request submitted

Email sent with cancellation link

15m

Cancellation window closes

Account deletion executes

Deletion complete

Confirmation email sent

How to Delete Your Account (9 steps)
  1. 1 Go to Settings
  2. 2 Scroll to the Danger Zone
  3. 3 Read what will be deleted vs. retained
  4. 4 Enter your password
  5. 5 Check the confirmation checkbox
  6. 6 Click Delete My Account
  7. 7 Check your email for the deletion schedule notification
  8. 8 Wait 15 minutes (or cancel via email)
  9. 9 Your account will be permanently deleted
What Gets Deleted vs. Retained?

✅ Deleted:

  • Your account and profile
  • All API keys (sandbox and live)
  • OAuth connections (Google, GitHub, LinkedIn)
  • Data exports
  • All Stripe subscriptions (canceled automatically)

⚠️ Retained (German Tax Law):

  • Anonymized usage logs

    user_id set to NULL (cannot be traced back to you, required for 6-10 years)

  • Stripe customer record

    Required for tax compliance (10 years)

GDPR Compliance: This complies with GDPR Article 17 (Right to Erasure) while respecting German tax law exceptions (Article 17(3)(b) - legal obligations).

Data We Never Store

Unlike other invoice APIs, thelawin.dev is truly stateless. We never store:

Invoice data (names, addresses, amounts)
Generated PDFs
XML attachments
Item descriptions or prices

The only invoice-related data we keep is anonymized metadata:

Endpoint called (/v1/generate)
Template used (minimal, etc.)
Success/failure status
Response time (milliseconds)

GDPR Rights Summary

GDPR Article Right How to Exercise
Art. 15 Right of Access Request Data Export in Settings
Art. 16 Right to Rectification Update information in Settings
Art. 17 Right to Erasure Delete Account in Danger Zone
Art. 20 Right to Data Portability Download JSON export (machine-readable)
Art. 21 Right to Object Email hello@thelawin.dev

Frequently Asked Questions

Can I export data multiple times per day?

No. Data exports are rate-limited to 1 per 24 hours to prevent abuse. If you need more frequent exports, contact support at hello@thelawin.dev.

What happens to my invoices if I delete my account?

Nothing. We never stored them. thelawin.dev generates PDFs on-demand and returns them immediately. No invoice data (buyer/seller info, amounts, items) is ever stored on our servers.

Can I recover my account after deletion?

No. Account deletion is permanent and irreversible after the 15-minute cancellation window closes. You'll need to create a new account if you want to use thelawin.dev again.

Why do you retain anonymized usage logs?

German tax law (HGB/AO) requires businesses to retain accounting records for 6-10 years. We anonymize the logs (user_id set to NULL) so they cannot be traced back to you, while still meeting legal requirements.

How do I cancel a scheduled account deletion?

Click the "Cancel Deletion" link in the email we sent you. This link is valid for 15 minutes. If the window has closed, your account has already been deleted.

Contact & Questions

For privacy-related questions or to exercise additional GDPR rights:

hello@thelawin.dev

Next Steps

Manage Your Data

Export data or delete account in Settings

Privacy Policy

Read our full privacy policy (German)

API Security

Learn about API key management

Contact Support

Questions? We're here to help