| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Discuss (mail)
• Invoicing (account) |
| Lines of code | 5757 |
| Technical Name |
flexigo_spain_verifactu |
| License | OPL-1 |
| Website | https://flexigotech.com |
| Versions | 18.0 19.0 |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Discuss (mail)
• Invoicing (account) |
| Lines of code | 5757 |
| Technical Name |
flexigo_spain_verifactu |
| License | OPL-1 |
| Website | https://flexigotech.com |
| Versions | 18.0 19.0 |
Flexigo VERI*FACTU / SIF Compliance
Full turnkey SIF (Sistema Informático de Facturación) compliance for Spanish companies. Implements the complete hash chain required by Royal Decreto 1007/2023 (RRSIF) and Orden HAC/1177/2024, with automatic AEAT submission, GDPR flows, multi-channel alerts, and asesoría multi-tenant support — all in Odoo 19.
Odoo 19 VERI*FACTU SIF Compliant SHA-256 Chain GDPR Multi-company OPL-1Key Features
🔗 Tamper-proof Hash Chain
SHA-256 chaining per company with SELECT FOR UPDATE serialization. Every invoice post and cancellation appends to the chain automatically. Nightly integrity verification with under-60s SLO for 100k records.
📡 Automatic AEAT Submission
Async queue with exponential backoff (6 retries), HTTP 429 rate-limit handling, mock mode for CI/staging, and dead-letter alerting. Supports both VERI*FACTU and no-VERI*FACTU (XMLDSig) modalities.
📱 QR Code on Every Invoice
ISO/IEC 18004 Level-M QR with AEAT cotejo URL printed on every invoice PDF. Minimum 30×30 mm as required by Orden HAC/1177/2024 art.12.
🔐 AES-256-GCM Certificate Vault
PFX/P12 certificates encrypted at rest with AES-256-GCM, key derived via PBKDF2-HMAC-SHA256 from an instance secret. Raw certificate data never logged or exposed in list views.
📋 Append-only Event Log
24 event types covering all Orden HAC/1177/2024 art.15 events plus operational extensions. Every event has its own SHA-256 hash. ORM-level write/unlink blocked.
🏢 Asesoría Multi-tenant
Dedicated Asesoría Operator role with cross-company read access via Odoo's standard company_ids mechanism. Per-company record rules still apply.
🔔 Multi-channel Alerts
4-tier alert stack: email → Odoo activity → Slack/Telegram/Teams webhook → persistent banner. Triggers: chain integrity failure, certificate expiry (30-day), dead letter queue, environment switch.
🗂 Historical Migration
Import from 9 source systems: Holded, Sage 50/200, Sage Despachos, A3 ASESOR, Contasol (cp850 DBF), FacturaPlus, Quipu, Generic CSV/XLSX. Pre-flight check validates all records before committing to the chain.
⚖️ GDPR Compliance
DSAR wizard (GDPR art.15 access export + art.17(3)(b) erasure refusal) with all 4 required legal bases and AEPD supervisory authority route. Privacy Officer role with scoped access.
📜 Declaración Responsable
Auto-generated on module activation per RRSIF art.8, citing all component software versions. Printable PDF. Supersedes prior declaration on upgrade.
Security Roles
| Role | Permissions |
|---|---|
| SIF Manager | Full access: certificates, modality, environment, migration, declaración responsable |
| Accountant | Invoicing flow, remediation inbox, reports; no certificate access |
| Auditor (read-only) | Read all records, export reports, zero write access |
| Privacy Officer | DSAR export and erasure-refusal flow only |
| Asesoría Operator | Cross-company console; per-company record rules still apply |
| POS Operator | POS flow only; no back-office access |
Configuration
- Install the module. A chain is initialised automatically for each company.
- Go to Verifactu / SIF → Configuration → Setup Wizard.
- Set the company scope (obligado/voluntario/out_of_scope), modality, environment and a strong instance secret (≥32 characters).
- Upload your PFX/P12 certificate (required for no-VERI*FACTU XMLDSig modality only).
- Create at least one Invoice Series.
- Post an invoice — the SIF record, QR code and AEAT submission are created automatically.
Supported Source Systems for Migration
Holded · Sage 50 · Sage 200 · Sage Despachos · A3 ASESOR / a3ERP · Contasol · FacturaPlus · Quipu · Generic CSV/XLSX
Technical Requirements
- Odoo 19.0 (Community or Enterprise)
- Python packages:
cryptography,signxml,qrcode[pil],lxml,openpyxl,dbfread - Depends:
base, account, account_edi, l10n_es, mail
Support
FlexigoTech — flexigotech.com
License: OPL-1
For support requests, please contact support@flexigotech.com
English walkthrough
Espanol walkthrough
Deutsch walkthrough
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module