Privacy Policy

billplit is a shared expense tracking tool built and operated by Bitavox ("we", "us", "our"). Our registered address is [Your Company Address], and you can reach us any time at privacy@billplit.com.

For the purposes of applicable data protection law — including the EU General Data Protection Regulation (GDPR) and the UK GDPR — Bitavox is the data controller for the personal data you give us when you use billplit.

This policy explains what data we collect, why we collect it, how long we keep it, and what rights you have over it. We have tried to write it in plain language. If something is unclear, please ask — we'd rather explain it to you directly than hide behind boilerplate.

We only collect data that is genuinely necessary to run the service. Here is a plain-language breakdown of each category, what it is, why we need it, and the legal basis we rely on under GDPR Article 6.

We do not collect sensitive personal data (such as racial or ethnic origin, health data, or political opinions). We do not build advertising profiles. We do not sell your data — ever.

One of billplit's core features is that you can photograph or upload a bill and have the amount, date, and category filled in automatically. That extraction is powered by an AI language model.

Here is what actually happens when you upload a bill:

1. The image or PDF is temporarily sent to the AI provider's API over an encrypted connection (HTTPS/TLS).
2. The model returns structured data — typically the total amount, vendor name, and date — which is then pre-filled in your expense form.
3. You review the extracted data before anything is saved. If the AI gets it wrong, you can edit or discard it entirely.
4. The original file is stored on our secure file storage and linked to your expense record so you have a copy.

We use Anthropic's Claude API for AI extraction. Anthropic processes data on our behalf under a data processing agreement and does not use your inputs to train their models. You can read Anthropic's privacy policy at anthropic.com/privacy.

The AI processing involves automated decision-making in a limited sense — it suggests values — but it does not make any decision that affects you legally or significantly, because you always confirm or edit the result before it is saved. This means Article 22 GDPR (right to object to solely automated decisions) is not triggered, but we tell you about it anyway because we think you should know.

We share your data only where it is strictly necessary to run the service. The table below lists every third-party processor we currently use, what they do, and where they are based.

Where vendors are located outside the European Economic Area, we ensure an adequate transfer mechanism is in place — either an adequacy decision, Standard Contractual Clauses (SCCs), or a Data Processing Agreement that meets GDPR requirements.

We may also disclose data where required by law, court order, or to protect the safety of users or others. We will always try to notify you of such requests unless we are legally prevented from doing so.

We keep your data for as long as your account is active and for a limited period afterwards to handle any queries or disputes. The specific retention periods are:

• Account and space data: Kept while your account is active. When you delete your account, all your spaces and their data are permanently deleted within 30 days.
• Expense and bill data: Kept for the lifetime of the space. If you delete a space, its expenses are deleted with it.
• Uploaded bill files: Kept for the lifetime of the associated expense. Deleting an expense deletes the attached file.
• Payment records: Kept for 7 years to comply with tax and accounting regulations. This is a legal obligation we cannot waive.
• Server logs: Automatically deleted after 90 days.
• Support correspondence: Kept for up to 2 years, in case the same issue recurs.

When data is deleted, it is removed from our production systems and from backups within the next scheduled backup rotation (typically within 30 days).

Under GDPR (and equivalent legislation in the UK and Switzerland), you have the following rights regarding your personal data. These are real rights — not just checkboxes we ticked to look compliant.

• Right of access. You can ask us for a copy of all the personal data we hold about you. We will provide it within 30 days, in a readable format, at no charge.
• Right to rectification. If any data we hold is inaccurate or incomplete, you can ask us to correct it. You can also update most of your data directly in the app settings.
• Right to erasure ("right to be forgotten"). You can ask us to delete your personal data. We will do so unless we are required to keep certain records by law (such as financial records — see section 5).
• Right to data portability. You can request a copy of your data in a structured, machine-readable format (JSON or CSV) so you can take it elsewhere.
• Right to restrict processing. You can ask us to pause how we use your data while a complaint or dispute is being resolved.
• Right to object. Where we process data based on legitimate interests (such as security monitoring), you can object. We will stop unless we have compelling grounds to continue.
• Right to withdraw consent. Where we rely on consent as our legal basis (such as optional marketing emails), you can withdraw it at any time. This does not affect the lawfulness of any processing done before you withdrew.

To exercise any of these rights, email us at privacy@billplit.com. We will respond within 30 days. We may need to verify your identity before we action the request — we will ask for the minimum information needed to do this.

You also have the right to lodge a complaint with a data protection supervisory authority. If you are based in France, that is the CNIL. In the UK, it is the ICO. We would prefer you contact us first so we can try to resolve the issue, but you are under no obligation to do so.

We use a small number of cookies and local storage entries. We do not use advertising cookies or third-party tracking.

• Session token: A secure, HTTP-only cookie that keeps you logged in. It expires when you log out or after 30 days of inactivity. This cookie is strictly necessary — the app cannot function without it.
• Preferences: A small local storage entry that remembers your currency preference and any display settings. No personal data is stored here.
• Analytics: If we use analytics (currently we use a privacy-first tool that does not set cookies), we will update this section accordingly.

Because the only cookie we set is strictly necessary for the service to work, we do not display a cookie consent banner for it. If we ever introduce non-essential cookies, we will obtain your consent first.

We take security seriously, not just because the law requires it, but because your financial data is sensitive and you are trusting us with it.

Measures we have in place include:

• All data transmitted between your device and our servers is encrypted in transit using TLS 1.2 or higher.
• Data at rest (in our database and file storage) is encrypted using AES-256.
• Access to production systems is restricted to authorised team members and protected by multi-factor authentication.
• We use magic links for authentication, which means there is no password database to breach.
• File uploads are scanned for malware before storage.
• Dependency and security patches are applied on a rolling basis.

No system is completely immune to attack. If you discover a vulnerability, please report it responsibly to security@billplit.com and we will respond promptly.

In the event of a personal data breach that is likely to affect your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and notify you without undue delay, as required by GDPR Article 33.

billplit is not intended for use by anyone under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has created an account, please contact us at privacy@billplit.com and we will delete it promptly.

We recognise that some users are co-parents who may add their children's expenses (school fees, medical costs, etc.). In this context, the child is not a user of billplit — they are mentioned in expense descriptions entered by adults. We treat this data with the same care as all other data in the account.

We will update this policy if our data practices change or if the law requires it. When we make a material change, we will send a notification to your registered email address at least 14 days before the change takes effect, and we will post a notice on the app. The updated policy will state the date it was last revised.

For minor changes (fixing typos, clarifying language without changing substance), we will simply update the page without advance notice.

If you disagree with a change, you can close your account before it takes effect. Continued use of billplit after the effective date constitutes acceptance.

If you have any question about this policy, want to exercise a right, or just want to talk through how we handle data, we are reachable in the following ways:

• Email: privacy@billplit.com
• Post: [Your Company Name], [Your Address], [City, Country]

We aim to respond to all privacy enquiries within 5 business days, and we are required by law to respond to formal rights requests within 30 days.