Privacy Policy
Last Updated: December 26, 2025
Welcome to Bilsy!
At Bilsy, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our mobile application, and engage with our voice-powered invoicing services.
By using Bilsy, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.
Questions? Contact us at info@bilsy.app
1. Information We Collect
1.1 Information You Provide Directly
We collect information that you voluntarily provide to us when you:
- Join our waitlist: Email address
- Create an account: Name, email address, phone number, business name, business address
- Use voice features: Voice recordings (processed for invoice creation, then deleted)
- Create invoices: Client information, invoice details, payment information
- Contact us: Name, email, message content
- Connect payment methods: Stripe account information (we do not store credit card details)
1.2 Information Collected Automatically
When you access Bilsy, we automatically collect certain information:
- Device Information: Device type, operating system, unique device identifiers
- Usage Data: App features used, time spent, clicks, navigation paths
- Location Data: Approximate location based on IP address (for regional features)
- Log Data: IP address, browser type, access times, pages viewed
- Cookies: Session data, preferences, analytics (see Cookie Policy below)
1.3 Voice Data Processing
Important: How We Handle Voice Recordings
Voice recordings are processed in real-time and immediately deleted.
- Voice audio is sent to our AI processing service (encrypted in transit)
- Audio is converted to text and structured invoice data
- Original voice recording is permanently deleted within seconds
- We retain only the text transcript and extracted invoice data
- Voice data is NEVER stored, sold, or used for marketing
1.4 Third-Party Integrations
We collect information when you connect third-party services:
- Stripe (Payment Processing): Payment account details, transaction history
- Cloud Storage: Invoice and document backups
- Email Services: Email address for sending invoices
2. How We Use Your Information
We use your information for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide voice-powered invoicing services | Contract performance |
| Process payments and transactions | Contract performance |
| Send invoices to your clients | Contract performance |
| Improve AI voice recognition accuracy | Legitimate interest |
| Customer support and communication | Contract performance |
| Send product updates and newsletters | Consent (you can opt-out anytime) |
| Detect fraud and ensure security | Legal obligation |
| Analytics and app improvement | Legitimate interest |
| Comply with legal requirements | Legal obligation |
3. How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
3.1 Service Providers
We share information with trusted third-party service providers who help us operate Bilsy:
- Stripe: Payment processing (PCI-DSS compliant)
- Cloud hosting providers: AWS, Google Cloud (data storage)
- Email service providers: Transactional and marketing emails
- Analytics providers: Google Analytics, Mixpanel (usage analytics)
- AI processing services: Voice-to-text conversion (OpenAI, Google Cloud Speech)
All service providers are bound by data protection agreements and are prohibited from using your data for their own purposes.
3.2 Business Transfers
If Bilsy is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.
3.3 Legal Requirements
We may disclose your information if required by law or in response to:
- Court orders or legal processes
- Government requests
- Protection of our rights, property, or safety
- Investigation of fraud or security issues
3.4 With Your Consent
We may share information with third parties when you explicitly consent, such as:
- Sending invoices to your clients (as directed by you)
- Integrating with accounting software (QuickBooks, Xero, etc.)
4. Your Privacy Rights
4.1 GDPR Rights (European Users)
If you are located in the European Economic Area (EEA), you have the following rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
- Right to Lodge a Complaint: File a complaint with your local data protection authority
4.2 CCPA Rights (California Users)
If you are a California resident, you have the following rights:
- Right to Know: Request disclosure of personal information collected
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt-out of the sale of personal information (we do not sell data)
- Right to Non-Discrimination: Equal service regardless of privacy rights exercise
4.3 How to Exercise Your Rights
To exercise any of these rights, contact us at:
- Email: privacy@bilsy.app
- Subject Line: "Privacy Rights Request - [Your Request Type]"
- Response Time: We will respond within 30 days
We may ask you to verify your identity before processing requests.
5. Data Security
We implement industry-standard security measures to protect your information:
5.1 Technical Safeguards
- Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Secure Servers: SOC 2 Type II certified cloud infrastructure
- Access Controls: Role-based access, multi-factor authentication
- Regular Audits: Third-party security assessments and penetration testing
- Monitoring: 24/7 security monitoring and intrusion detection
5.2 Organizational Safeguards
- Employee training on data protection
- Strict data access policies
- Background checks for staff with data access
- Incident response plan
5.3 Payment Security
We do not store credit card information. All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor. We never see or store your full credit card details.
Security Breach Notification
In the unlikely event of a data breach affecting your personal information, we will:
- Notify you via email within 72 hours
- Notify relevant authorities as required by law
- Provide details about the breach and steps you should take
- Implement immediate remediation measures
6. Data Retention
We retain your information for as long as necessary to provide services and comply with legal obligations:
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 7 years (tax compliance) |
| Invoice data | 7 years (accounting/tax requirements) |
| Voice recordings | Immediately deleted after processing (seconds) |
| Voice transcripts | Duration of account (for AI improvement, anonymized) |
| Payment transaction logs | 7 years (financial compliance) |
| Support communications | 3 years after last interaction |
| Marketing emails (waitlist) | Until you unsubscribe |
| Analytics data | 26 months (Google Analytics default) |
Account Deletion: When you delete your account, we will:
- Delete personal information within 30 days
- Retain invoice data for 7 years (legal requirement)
- Anonymize usage data for analytics
7. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience:
7.1 Types of Cookies We Use
- Essential Cookies: Required for app functionality (login, session management)
- Analytics Cookies: Google Analytics, Mixpanel (usage statistics)
- Preference Cookies: Remember your settings and preferences
- Marketing Cookies: Facebook Pixel (ad performance, with consent)
7.2 Cookie Management
You can control cookies through:
- Browser settings (block all cookies or selectively)
- Our cookie consent banner (on first visit)
- Privacy settings in your account
Note: Disabling essential cookies may affect app functionality.
7.3 Do Not Track
We do not currently respond to "Do Not Track" (DNT) browser signals. You can disable tracking through cookie settings.
8. Children's Privacy
Bilsy is not intended for users under 18 years old.
We do not knowingly collect personal information from children under 18. If we discover we have collected information from a child, we will delete it immediately.
If you believe a child has provided us with personal information, please contact us at info@bilsy.app.
9. International Data Transfers
Primary Data Processing Location: United States
If you are located outside the United States, your information may be transferred to and processed in the US, where data protection laws may differ from your country.
9.1 EU-US Data Transfers
For European users, we rely on:
- Standard Contractual Clauses (SCCs): Approved by the European Commission
- Adequacy Decisions: Where applicable
- Your Consent: For certain data transfers
9.2 International Users' Rights
Regardless of location, you have the same privacy rights outlined in Section 4.
10. Third-Party Links
Our website and app may contain links to third-party websites (Instagram, Stripe, etc.). We are not responsible for the privacy practices of these sites.
We encourage you to review the privacy policies of any third-party services you access through Bilsy.
11. California Shine the Light Law
California residents can request information about personal information disclosed to third parties for direct marketing purposes.
However, we do not share personal information with third parties for their direct marketing purposes.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.
Material Changes: We will notify you via email or app notification if we make significant changes affecting your rights.
Your Continued Use: Continued use of Bilsy after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal information:
Bilsy Privacy Team
Email: privacy@bilsy.app
General Inquiries: info@bilsy.app
Data Protection Officer: dpo@bilsy.app (for GDPR inquiries)
Mailing Address: [Your Business Address - To be added]
Response Time: We aim to respond within 48 hours for general inquiries and 30 days for privacy rights requests.
14. Dispute Resolution
If you have a complaint about our privacy practices:
- Contact our privacy team at privacy@bilsy.app
- We will investigate and respond within 30 days
- If unresolved, EU users can contact their local supervisory authority
- California users can contact the California Attorney General
Thank you for trusting Bilsy with your information.
We are committed to protecting your privacy and providing transparent, secure services. Your trust is our top priority.