The problem
Most invoicing tools are built to extract, not to serve
Freelancers and small businesses spend real money on invoicing software that does almost nothing. Monthly subscriptions for features they use once. Data locked in proprietary formats. Emails stored in plaintext on undisclosed servers.
RupaX exists because invoice generation should be a utility, not a subscription. You fill in the form, you get a signed PDF, and your data is cleaned up automatically. No account, no recurring charge, no retention of data you didn't authorise.
We believe invoicing infrastructure should be transparent about its security model, free to use for core functionality, and built with the same engineering rigour as financial software.
Our principles
Four things we will never compromise on
Security by default
Encryption and HMAC signing are not optional add-ons. Every invoice payload is encrypted and signed before it reaches our database — always, without exception.
Minimal data retention
We store the least data necessary. Emails are hashed, not stored. Invoices expire automatically. Cleared data is gone — not archived, not sold, not re-used.
Honest pricing
The core product is free. No freemium bait-and-switch. No feature walls. If we ever add paid tiers for advanced features, the free tier will remain fully functional.
Arithmetic correctness
All monetary values are computed in integer cents/paise. Floating-point arithmetic is never used for financial calculations — a subtle failure mode that costs businesses real money.
Under the hood
A stack chosen for correctness, not trend
RupaX is built on a FastAPI backend with SQLModel for ORM, WeasyPrint for server-side PDF rendering, and slowapi for rate limiting. The frontend is intentionally dependency-free — no React, no build step, no 500 KB of JavaScript for a form.
We chose this stack because every component has a single, well-understood job. There is no abstraction for its own sake. The codebase is readable by any Python developer on day one.
API
FastAPI
Async Python API with Pydantic v2 validation. Field validators normalise and sanitise all user input before it reaches the database.
ORM
SQLModel
Type-safe database models with SQLAlchemy backing. Supports SQLite for development and PostgreSQL for production.
Crypto
Fernet + HMAC
AES-128-CBC encryption via the Fernet scheme. HMAC-SHA256 signatures for integrity verification on every read.
PDF
WeasyPrint
Server-side HTML-to-PDF conversion. No headless browser required. Reliable, predictable, print-quality output.
Rate Limiting
slowapi + Redis
20 invoice generations per IP per hour. Redis-backed in production with in-memory fallback for development environments.
Frontend
Vanilla JS
Zero dependencies. No build pipeline. The editor is a single HTML file with embedded CSS and a plain JavaScript module — loads in milliseconds.
Security model
How your data is protected end to end
01
Input validation & sanitisation
All fields pass through Pydantic validators before processing. Emails are normalised and validated. HTML and script injection in text fields is sanitised at the application layer.
pydantic · sanitize_input()02
AES payload encryption
The complete invoice payload — including all line items, client details and business info — is serialised to JSON and encrypted with Fernet (AES-128-CBC + PKCS7 + HMAC-SHA256) before database write.
cryptography.fernet · Fernet.encrypt()03
HMAC signature generation
An HMAC-SHA256 signature of the encrypted payload ciphertext is stored alongside it. On every read, the signature is re-verified before any decryption is attempted — rejecting tampered records.
hmac.new() · SHA-25604
Email pseudonymisation
User email addresses are SHA-256 hashed before storage. The hash is one-way — RupaX cannot recover your email from the stored value, and a database breach does not expose email addresses.
hashlib.sha256() · one-way hash05
Automatic 7-day expiry
Invoice records and their rendered PDF files are automatically purged after 7 days. Expired invoice endpoints return HTTP 410 Gone — tokens become permanently invalid.
expires_at · cleanup_expired_pdfs()What we never do
Store emails in plaintext
Emails are SHA-256 hashed before any database write. There is no column in any table that stores a raw email address.
Serve PDFs past expiry
Invoice expiry is checked before any decryption is attempted. Expired invoices return HTTP 410 — the PDF is also deleted from disk.
Use wildcard CORS with credentials
CORS is configured with an explicit allow-list of origins. Wildcard
* is never combined with allow_credentials=True. Allow unauthenticated deletion
DELETE requests require either a Bearer access token (owner) or a server-side admin key. Anonymous deletion is rejected at the API layer.
Common questions
Frequently asked questions
Everything you need to know about using RupaX.
Is RupaX free to use?
Yes — completely. There are no subscription fees, no invoice limits, and no hidden charges. You can create, download and send as many invoices as you need without ever paying anything.
Do I need to create an account?
No account is required. Your business details are saved locally in your browser. Profile data syncs to the server using your email hash — there is no registration, no password, no email verification.
How is my invoice data protected?
Every invoice payload is encrypted with AES-Fernet before database storage and signed with HMAC-SHA256 for integrity. Your email is stored only as a SHA-256 hash. Even a full database compromise would not expose your invoice content in plaintext.
How long are invoices stored?
Invoices and their PDF files are automatically deleted after 7 days. Once expired, the access token returns HTTP 410 Gone and the PDF file is removed from the server. No long-term storage of invoice data occurs.
Is RupaX GST compliant for India?
Yes. RupaX supports India GST at 18% with GSTIN displayed on the invoice. All monetary values are calculated in integer paise to avoid floating-point rounding errors — a requirement for financial compliance.
Can I use my own company logo?
Yes. The invoice editor accepts PNG, JPG and SVG logos up to 2 MB. Uploaded images are compressed client-side before submission and embedded directly in the PDF output. No CDN hosting is involved.
What currencies are supported?
RupaX supports INR (Indian Rupee), USD (US Dollar), EUR (Euro), GBP (British Pound), AUD (Australian Dollar), CAD (Canadian Dollar) and JPY (Japanese Yen). Additional currencies can be added to the codebase with a one-line configuration change.
What is the fare splitter?
The fare splitter tab lets you divide any bill amount evenly across up to 100 people. Remainders are distributed one paise at a time so the total always adds up exactly — no rounding discrepancies, no awkward "someone owes 1 extra paisa" situations.