Privacy Policy

Last updated: 2026-04-27

BillSense ("we", "us", "our") respects your privacy. This Policy explains what we collect, why, how we use it, and the rights you have over your data.

1. What we collect

• Account data: email address, password (stored as a salted bcrypt hash — never in plaintext), account creation date.
• Home and device data you enter: home name, country, currency, electricity rate, devices, estimated usage, and automation rules.
• Usage logs: readings you submit or that the app records to estimate cost and detect leaks.
• Subscription and billing metadata: plan tier, subscription status, renewal date. Payment card details are handled exclusively by Apple, Google, or Stripe — we never see or store them.
• Analytics events: which screens you visit, which features you use, which paywall variant you saw. We do not collect precise location or contacts.
• Device and connection metadata: IP address, app version, OS, device model — used for security and debugging.

2. How we use it

• To deliver the core Service (cost estimates, leak detection, fix plans, alerts).
• To authenticate you and prevent unauthorized access.
• To process subscriptions and respect your plan tier.
• To improve the Service via aggregate analytics — never to identify you personally in our reporting.
• To send transactional email (account verification, billing receipts, account changes).
• To comply with legal obligations.

3. Sub-processors we share data with

We use the following third parties to operate the Service. Each is bound by data processing agreements and only receives the minimum data necessary.

• Railway (railway.app) — hosting and managed Postgres database.
• RevenueCat (revenuecat.com) — subscription management and entitlement tracking.
• Stripe (stripe.com) — credit card processing for web purchases.
• Apple App Store / Google Play — in-app purchase processing on iOS and Android.
• Cloudflare (cloudflare.com) — DNS, TLS, and static asset delivery.

We do not sell your personal data to advertisers or data brokers.

4. Data retention

We retain account data for as long as your account exists. If you delete your account, we delete your personal data within 30 days, except where retention is required by law (e.g. financial records). Aggregated, de-identified analytics may be retained indefinitely.

5. Your rights

Depending on your jurisdiction (GDPR, CCPA, and similar), you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your account and associated data.
• Export a copy of your data in a machine-readable format.
• Object to certain processing or withdraw consent.

To exercise any of these, email privacy@billsense.app. We respond within 30 days.

6. Security

We use industry-standard practices: TLS for data in transit, bcrypt for password storage, JWT bearer tokens with short expiry, rate limiting on sensitive endpoints, and access controls on the database. No system is perfectly secure — if you suspect a breach of your account, contact us immediately.

7. Children's privacy

The Service is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us data, contact us and we will delete it.

8. International transfers

Your data may be processed in countries other than your own (primarily the United States, where most of our sub-processors operate). We rely on Standard Contractual Clauses and equivalent safeguards where applicable.

9. Cookies and tracking

This website uses only essential cookies required for the site to function. The mobile app does not use third-party advertising or tracking SDKs.

10. Changes to this Policy

We may update this Policy from time to time. Material changes will be announced by email or in-app notice at least 14 days before the change takes effect.

11. Contact

For privacy questions or data subject requests: privacy@billsense.app. For all other inquiries: support@billsense.app.