Privacy Policy for Bill

We process personal data from three categories of people:

2.1 Users of the Bill app (individuals)

2.2 Company customers' contact persons

For the companies that are our customers, we process contact details for the employees who administer the integration: name, email, position, and organization.

2.3 People whose data appears in public source material

Bill collects knowledge from the public web. When personal data appears in such material, for example the names of customer service staff published on a company website, our default is to strip it during collection, or not to collect at all if the material looks sensitive.

We process personal data to:

• Answer your questions in the Bill app
• Provide the technical service to company customers who have integrated Bill
• Improve the quality of the service and prevent misuse
• Fulfill legal obligations

Legal basis:

• Consent (where required, for example at registration and when uploading content)
• Performance of contract (to deliver the service you've requested)
• Legitimate interest (to improve and secure the service)

We do not use personal data for:

• Advertising or targeted marketing
• Profiling
• Resale to third parties

We use an AI provider to generate answers to your questions. Today that is OpenAI (ChatGPT API). We may change provider in the future.

Regardless of provider, these requirements apply:

• Your questions are transmitted over encrypted channels.
• The provider does not store your data.
• The provider does not train its models on your data.
• The provider acts as a data processor under GDPR, with Standard Contractual Clauses (SCC) for data transfers outside the EU and EEA.

If we change providers, we will update this policy and our sub-processor list. You can request a current list at any time via privacy@billuminate.io.

All data is stored within the EU, via Railway in secure EU data zones.

We encrypt data at rest and in transit (SSL/TLS). Access to stored data is controlled, monitored, and logged. No individual has access to your content. Only the application itself uses it to answer your questions.

We retain personal data only as long as necessary for the purpose, or as required by law.

You can delete all your data at any time through the "clear my data" function in the app, or by emailing privacy@billuminate.io.

Under GDPR, you have the right to:

• Access your data
• Correct inaccurate data
• Delete your data
• Restrict or object to processing
• Have your data transferred to another provider (data portability)
• Withdraw consent you have previously given

Contact privacy@billuminate.io to exercise any of these rights.

You also have the right to lodge a complaint with Integritetsskyddsmyndigheten (IMY, the Swedish Authority for Privacy Protection) if you believe we are processing your data incorrectly.

Bill builds its knowledge base partly on public material from the web, in accordance with the Robots Exclusion Protocol (RFC 9309). Our working methods and commitments are described in detail on our transparency page.

If personal data that concerns you appears in such material and you want us to remove it, email privacy@billuminate.io. We will respond within 7 days.

Questions about how we process personal data?

privacy@billuminate.io