Privacy Policy

1. Who We Are

BillAI ("we," "us," or "our") is a personal bill tracking and comparison service. This Privacy Policy applies to all users of the BillAI website and application (collectively, the "Service"). If you have questions about this policy, please contact us.

2. Information We Collect

We collect only the information necessary to provide the Service:

Information you provide directly:

• Username and password (password is hashed and never stored in plain text)
• Email address (optional — only required if you enable the weekly digest)
• Bill data: provider name, service category, monthly cost, ZIP code, and due date
• Notes and ratings you attach to bills or providers

Information collected automatically:

• Session tokens stored in secure, HTTP-only cookies to keep you logged in
• Basic usage and error logs for service reliability and debugging

Information we never collect:

• Full bank account numbers, credit card numbers, or financial account credentials
• Social Security numbers or government-issued ID numbers
• Precise geolocation beyond the ZIP code you provide
• Any information about third parties or other people in your household

3. How We Use Your Information

We use the information we collect to:

• Operate and provide the Service, including bill tracking, comparisons, and alerts
• Send the optional weekly email digest summarizing your bills and savings (if you opt in)
• Send transactional emails related to your account, such as email verification and password resets
• Generate anonymized regional benchmark data — your ZIP code and bill category may be aggregated with other users' data to calculate regional medians. This aggregated data is stripped of any personally identifiable information before use
• Improve the Service by analyzing usage patterns and fixing errors
• Comply with legal obligations

We do not use your data for advertising, profiling, or any purpose not described in this policy.

4. How We Share Your Information

We do not sell, rent, or share your personal information with third parties for their own purposes.

We may share your information only in the following limited circumstances:

• Stripe: If you subscribe to a paid plan, your payment is processed by Stripe, Inc. We share only the information necessary to complete the transaction. We never see or store your full card number. Stripe's use of your data is governed by Stripe's Privacy Policy.
• Resend: If you provide an email address, transactional and digest emails are delivered via Resend. Your email address is shared with Resend solely for delivery purposes.
• Legal requirements: We may disclose your information if required by law, subpoena, or other legal process, or if we believe disclosure is necessary to protect our rights or the safety of others.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a materially different privacy policy.

5. Data Storage and Security

Your data is stored on secure servers. We implement reasonable technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction, including:

• Passwords hashed using bcrypt before storage
• Session tokens stored in HTTP-only, same-site cookies
• HTTPS encryption for all data in transit
• Access controls limiting who can access production data

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately and change your password from the Settings page.

6. Cookies and Tracking

BillAI uses the following cookies:

• session_id: A secure, HTTP-only cookie that keeps you logged in for up to 30 days.
• billai_tos: Records that you have accepted the Terms of Service.
• billai_theme: Stores your light/dark mode preference locally in your browser.

We do not use advertising cookies, cross-site tracking cookies, or any third-party analytics cookies.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account:

• Your username, email, password, and all personally identifiable information is permanently deleted
• Your active sessions are immediately invalidated
• Anonymized bill data (amounts and ZIP codes with no user association) may be retained to maintain the accuracy of regional benchmark data

You can delete your account at any time from Settings → Danger Zone.

8. Your Rights

Depending on where you live, you may have the following rights regarding your personal data:

• Access: You can view your account information in Settings at any time.
• Correction: You can update your email address and password from Settings.
• Deletion: You can permanently delete your account and associated data from Settings → Danger Zone.
• Opt-out of emails: You can disable the weekly digest at any time from Settings → Email, or by clicking the unsubscribe link in any digest email.
• Data portability: If you would like a copy of your data in a portable format, contact us and we will respond within a reasonable timeframe.

To exercise any of these rights or if you have questions about your data, please contact us.

9. Children's Privacy

BillAI is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or prominent notice within the Service. Your continued use of the Service after any changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out through our Contact page. We will respond within a reasonable timeframe.