Privacy Policy

Last updated: December 25, 2025

Introduction

At BillBird, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our subscription tracking service.

You can view the complete legal Privacy Policy document for detailed information.

How We Use Your Data

Legal Basis: Contract Performance

  • Scan emails for subscription detection
  • Display tracking dashboard
  • Send renewal reminders
  • Process payments and provide support

Legal Basis: Legitimate Interests

  • Improve service and security
  • Prevent fraud

Legal Basis: Consent (Optional)

  • Marketing emails (you can opt out anytime)

Data Security

  • Encryption: TLS 1.2+ in transit, AES-256 at rest
  • IMAP Credentials: Encrypted before storage using envelope encryption
  • Passwords: Bcrypt hashing with salt
  • Servers: EU-based data storage (Supabase)
  • Access Controls: Role-based permissions and MFA support
  • Regular Audits: Ongoing security monitoring

Third-Party Services

We share data only with essential service providers under GDPR-compliant agreements:

  • Supabase - Database hosting (EU)
  • N8N - Email processing (EU)
  • Stripe - Payment processing (PCI DSS certified)
  • StackBlitz - Application hosting

We never sell your data.

Your GDPR Rights

  • Access - Get a copy of your data
  • Rectify - Correct inaccurate information
  • Erase - Delete your account ("right to be forgotten")
  • Export - Download data in JSON/CSV format
  • Object - Stop certain data processing
  • Withdraw Consent - Disconnect email access anytime

Exercise your rights: [YOUR EMAIL] | Response within 30 days | Free

Data Retention

  • Active accounts: Duration of account
  • After deletion: 30 days
  • Backups: 90 days
  • Billing records: 7 years (legal requirement)

International Transfers

Data stored primarily in the EU. Transfers outside EU/EEA protected by Standard Contractual Clauses and encryption.

Cookies

  • Essential: Session management (required)
  • Functional: Preferences (optional)
  • Analytics: Usage stats (with consent)

No advertising, tracking pixels, or profiling cookies.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy, please contact us.