Compliance & Legal
9 reference articles covering GDPR data processing, EU VAT compliance, eIDAS electronic signatures, GoBD retention, and Peppol e-invoicing. Updated when the underlying directive does.
Compliance
EU invoice compliance — Art. 226 mandatory fields, sequence numbering, retention
Every invoice Clozo issues complies with EU VAT Directive Art. 226: 14 mandatory fields, sequential numbering with no gaps, immutability after issue, and 10-year retention.
Compliance
GDPR: what Clozo stores about you, why, and for how long
Clozo runs 13 distinct processing activities under GDPR Art. 30. Each one has a documented purpose, a lawful basis under Art. 6(1), a recipient list, and a retention window. This article is the user-facing summary of our Records of Processing Activities.
Compliance
eIDAS: what makes a Clozo signature legally binding in the EU
EU Regulation 910/2014 (eIDAS) defines three signature levels and gives each a clear legal weight. Clozo issues an Advanced Electronic Signature (AES) under Art. 3(11) — equivalent to a handwritten signature for almost all freelancer contracts.
Compliance
EU VAT compliance: Art. 226, OSS, reverse charge, B2C distance sales
The EU VAT Directive (2006/112/EC) sets the rules every Clozo invoice meets by design — mandatory fields under Art. 226, place-of-supply under Art. 44–58, OSS for cross-border B2C, and reverse charge for B2B intra-community services.
Compliance
10-year retention: GoBD §147 AO and its EU equivalents
Tax-relevant documents — invoices, receipts, signed agreements, payment records — must be available to a tax-office inspector for ten years. Clozo enforces this server-side across every EU jurisdiction.
Compliance
Cross-border invoicing: EU intra-community vs third-country, currency rules
Invoicing across borders has two dimensions: the VAT rule (driven by EU VAT Directive Art. 44–58) and the currency / FX rule (driven by national bookkeeping law). Clozo handles the first automatically; the second usually requires a one-time decision per client.
Compliance
Data-subject requests: how clients exercise GDPR rights and what you must do
Articles 15–22 GDPR give your clients the right to access, correct, port, or erase the personal data you hold about them. As a controller of *your* clients' data, you have one month to respond. Clozo's tooling helps you answer each request efficiently.
Compliance
Sub-processors: who Clozo uses, where data goes, and why it's safe
Clozo uses 11 sub-processors to deliver the service; 6 are EU-based, 5 are US-based with active EU-US Data Privacy Framework certification + Standard Contractual Clauses + supplementary measures documented in our Transfer Impact Assessment.
Compliance
Disputes & chargebacks: the Stripe lifecycle and how to win evidence
A chargeback is a card issuer reversing a Stripe charge at the cardholder's request. You have ~7 days to submit evidence; Stripe and the card networks decide the outcome. This article is the freelancer's playbook.
Reference, not legal advice
These pages document how Clozo applies EU rules in product. They're kept current with the underlying directives, but they're not a substitute for advice from your accountant or lawyer about your specific situation. When in doubt, ask hello@useclozo.com.