Legal

Privacy Policy

Effective date: February 1, 2026

BillAI Inc. ("BillAI", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our billing infrastructure platform, APIs, website, and related services (the "Services").

1. Information We Collect

Information you provide

  • Account information — Name, email address, phone number, company name, job title, and billing address when you create an account or contact us
  • Company profile — Industry, business model, annual revenue range, and pricing plan selection
  • Payment information — Payment method details processed through our third-party payment providers (Stripe, Braintree, Razorpay, Adyen). BillAI does not store full credit card numbers
  • Customer billing data — Data you submit to the Services about your end customers, including names, emails, addresses, subscription details, and usage events
  • Communications — Messages, feedback, and support requests you send to us

Information collected automatically

  • Usage data — API calls, feature usage, login activity, and performance metrics
  • Device and browser information — IP address, browser type, operating system, and device identifiers
  • Cookies and similar technologies — Session cookies for authentication, preference cookies, and analytics cookies
  • Log data — Server logs, error reports, and audit trails

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Services
  • Process billing, generate invoices, and calculate taxes on your behalf
  • Authenticate users and secure your account
  • Send transactional communications (invoices, payment receipts, alerts)
  • Provide customer support and respond to inquiries
  • Monitor and improve the performance, security, and reliability of the Services
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations and enforce our Terms of Service
  • Send product updates and marketing communications (with your consent)

3. How We Share Your Information

We do not sell your personal information. We may share information with:

  • Service providers — Third-party vendors that help us operate the Services, including cloud infrastructure providers (AWS), payment processors (Stripe, Braintree, Razorpay, Adyen), tax calculation (Avalara), email delivery (AWS SES), and analytics tools
  • Your end customers — Invoice and billing information is delivered to your customers through the Services as directed by you
  • Legal compliance — When required by law, subpoena, or government request, or to protect the rights, safety, or property of BillAI, our users, or the public
  • Business transfers — In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity

4. Data Processing and Storage

Your data is processed and stored in secure data centers. Our infrastructure includes:

  • PostgreSQL / TimescaleDB — Transactional data and time-series storage with encryption at rest
  • ClickHouse — Analytics and aggregation queries with role-based access controls
  • TigerBeetle — Double-entry accounting ledger ensuring financial data integrity
  • Dragonfly (Redis-compatible) — Encrypted session and cache storage with automatic expiration

All data is encrypted in transit using TLS 1.2 or higher. Customer billing data is encrypted at rest using AES-256 encryption.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Services. After account termination, we retain data for up to 30 days to allow for data export, after which it is securely deleted. Some data may be retained longer to comply with legal obligations (e.g., tax records, audit logs) or to resolve disputes.

Usage events and billing records may be retained for up to 7 years as required by financial regulations.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — Request a copy of the personal information we hold about you
  • Correction — Request correction of inaccurate or incomplete information
  • Deletion — Request deletion of your personal information, subject to legal retention requirements
  • Portability — Request your data in a structured, machine-readable format
  • Restriction — Request that we limit processing of your information
  • Objection — Object to processing based on legitimate interests or for marketing purposes
  • Withdraw consent — Withdraw consent for optional data processing at any time

To exercise any of these rights, contact us at privacy@billai.com. We will respond within 30 days.

7. Cookies

We use the following types of cookies:

  • Essential cookies — Required for authentication, security, and core functionality
  • Preference cookies — Remember your settings and preferences
  • Analytics cookies — Help us understand how the Services are used to improve performance

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Services.

8. International Data Transfers

If you are located outside the United States, your information may be transferred to and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required by applicable law.

9. Security

We implement industry-standard security measures to protect your information, including encryption, access controls, audit logging, regular security assessments, and vulnerability scanning. However, no method of transmission over the Internet is 100% secure. We encourage you to use strong passwords and keep your API keys confidential.

10. Children's Privacy

The Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will promptly delete it.

11. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. BillAI does not sell personal information.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data based on legitimate interests (operating the Services), contractual necessity (providing Services you requested), consent (marketing communications), or legal obligations. You have the rights described in Section 6, plus the right to lodge a complaint with your local data protection authority.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Services at least 30 days before they take effect. The "Effective date" at the top of this page indicates when the policy was last revised.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

privacy@billai.com

BillAI Inc.
100 Innovation Drive, Suite 500
San Francisco, CA 94105