Solid Invoice Documentation Hub

Explore feature guides, reports and exports, and our privacy-first security stance.

Privacy-Aware Exports

Why exports require an intentional confirmation step — and what changes the moment you create a PDF, CSV, or ZIP.

Security Explainer

The boundary

Inside Solid Invoice, your business data lives in an encrypted container. An export is the moment you intentionally create a file that can be used outside the app — for example, to email a PDF invoice, share a ZIP backup, or save a CSV for tax time.

Key idea: exports are meant to be portable — so they leave the app’s encrypted store by design.

Why confirmations exist

Exports are powerful, so Solid Invoice treats them as a deliberate action:

  • Clear warning: you’re told the file will exist outside the encrypted store.
  • Explicit intent: you choose where it goes (Files, email, AirDrop, etc.).
  • Authentication gate (when required): exports can require biometric or passcode confirmation before proceeding.

This is consistent with our TNO (Trust No One) stance: the safest export is the one you knowingly created and placed on purpose.

What stays encrypted

Your on-device store remains encrypted at rest. Solid Invoice uses modern cryptography primitives (for example, authenticated encryption such as AES-GCM), with a 256-bit symmetric key stored in the device Keychain.

If you enable iCloud Keychain, that Keychain item can roam across your devices for the same Apple ID. If you do not enable it, the key remains local to the device.

Where risk enters

Once a file is outside the encrypted container, its privacy depends on what you do next:

  • Emailing: recipients get a copy. Your email provider and the recipient’s provider may store it.
  • Files / cloud folders: saving to a synced folder can place a copy on a server (depending on the provider).
  • Shared devices: saving to a shared Mac or shared iPad user space can expose the file to others with access.
Tip: Treat exports like cash or a contract. Save to a private folder, share only with trusted recipients, and delete old copies you no longer need.

How to export safely

  • Confirm the destination: choose a private folder or vault-backed location when possible.
  • Minimize copies: export only what you need; delete temporary exports after use.
  • Verify recipients: especially for emailed PDFs (double-check addresses).
  • Prefer device-to-device sharing: when appropriate (for example, direct AirDrop to your own device).