Privacy Policy

This policy applies to visitors of our marketing site, account holders, and anyone who calls our HTTP APIs or uses the dashboard. If you use the Service on behalf of an organization, you represent that you have authority to bind that organization to this policy.

The Service is intended for business and developer use. It is not directed to children under 13, and we do not knowingly collect personal information from children.

INBIL LLC is the business responsible for personal information described in this policy.

Contact: support@inbill.dev · +1 (239) 255-7619 · 30 N Gould St Ste R, Sheridan, WY 82801, United States.

Account and identity: email address, authentication identifiers, optional display name, OAuth profile data when you sign in with Google or GitHub, and session or API credentials (API keys are stored only as secure hashes).

Billing: subscription plan, Stripe customer and subscription identifiers, and payment status. Card numbers and full payment details are processed by Stripe; we do not store full card numbers on our servers.

Invoice and extraction data (“Customer Content”): files you upload (PDF, images), URLs you submit for ingestion, extracted text, structured fields (amounts, dates, line items, vendor or customer names, tax identifiers where present), deduplication metadata, and usage timestamps recorded in our usage ledger.

Technical and security: IP address, user agent, request logs, error diagnostics, and abuse-prevention signals necessary to operate and secure the Service.

Analytics (production only): when enabled, Google Analytics 4 may collect page views and interaction events on our public marketing pages. See Section 8.

Directly from you when you register, configure settings, upload invoices, call our APIs, or contact support.

Automatically through your browser or API client when you interact with the Service.

From identity providers (Google, GitHub) when you choose social login.

From Stripe when you subscribe or manage billing.

From subprocessors that help us run extraction and infrastructure, as described below.

Provide, maintain, and improve the Service, including OCR, parsing, validation, persistence, quotas, and dashboard features.

Authenticate users and API requests, prevent fraud and abuse, and enforce our Terms of Service.

Process subscriptions, invoices, and account administration.

Communicate with you about security, support, and material changes to the Service or policies.

Comply with law, respond to lawful requests, and protect our rights and users.

Generate aggregated or de-identified statistics that do not identify you.

To extract structured data from invoices, we may send document text and, when needed, images to OpenAI’s APIs under our instructions. We use this processing to return JSON results to you and to improve reliability of extraction — not to train public models on your identifiable Customer Content without your direction.

You are responsible for ensuring you have a lawful basis to upload Customer Content, including any personal data appearing on invoices (for example employee names or contact details on expense receipts).

We do not sell your personal information. We do not share personal information for cross-context behavioral advertising.

We share information with service providers that process data on our behalf under contractual obligations, including: Supabase (authentication and database hosting), Stripe (payments), OpenAI (extraction), Google (OAuth and, in production, analytics), GitHub (OAuth), and our hosting provider (currently Vercel).

We may disclose information if required by law, court order, or governmental request, or when we believe disclosure is necessary to protect rights, safety, or security.

A merger, acquisition, or asset sale may involve transfer of information with notice where required by law.

We use essential cookies and similar technologies for authentication and security.

In production deployments we may enable Google Analytics 4 on public marketing pages to understand traffic and product interest. You can limit analytics through browser settings, ad-blocking tools, or Google’s opt-out add-on.

We do not currently operate a separate cookie consent banner for U.S. visitors; if we expand marketing in jurisdictions that require consent, we will update this section.

We retain account and billing records for as long as your account is active and as needed for tax, accounting, and legal obligations.

Customer Content is retained until you delete it or delete your account, subject to backup cycles and legal holds.

Security and operational logs are retained for a limited period appropriate to troubleshooting and abuse prevention.

We implement administrative, technical, and organizational measures designed to protect information, including encryption in transit, hashed API keys, and access controls on production systems. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

Depending on where you live, you may have rights to access, correct, delete, or obtain a copy of personal information we maintain about you, and to opt out of certain processing.

California residents (CCPA/CPRA): You may request to know, access, correct, or delete personal information, and to opt out of sale or sharing (we do not sell personal information). You may designate an authorized agent. We will not discriminate against you for exercising these rights. Submit requests to support@inbill.dev; we will verify your request and respond within the timeframes required by law (typically 45 days).

Other U.S. states (including Colorado, Connecticut, Virginia, Texas, and others with comprehensive privacy laws): Similar rights may apply. Contact us at the same address to exercise them.

Account deletion: You may delete your account through the Service where available, or by emailing support@inbill.dev. Deletion removes associated Customer Content subject to backup and legal retention limits.

We are based in the United States. If you access the Service from outside the U.S., you understand that information may be processed in the United States and other countries where our providers operate, which may have different data protection laws than your jurisdiction.

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date. Material changes may be communicated by email or in-product notice where appropriate.

Questions or privacy requests: support@inbill.dev · +1 (239) 255-7619 · INBIL LLC, 30 N Gould St Ste R, Sheridan, WY 82801, United States.