Privacy Policy
This Privacy Policy explains what BillCrafter (“BillCrafter”, “we”, “us”) collects when you use billcrafter.com and our invoice tools (the “Service”), how we use it, and the choices you have.
1. Information we collect
We aim to collect as little as possible.
- Account data. When you create an account we store your email address and a hashed password (we never store passwords in plain text). If you sign in with Google, we receive your basic profile email.
- Content you enter. The business details, clients, saved items, and invoices/estimates/quotes/receipts you create and choose to save to your account.
- Usage data. Counts needed to enforce export limits (anonymous 1 export, free 10/month, Pro unlimited), and basic, aggregated analytics about how the Service is used.
- Payment data. If you subscribe to Pro, payments are processed by Stripe. We receive your subscription status but do not store your full card number.
- Device & log data. IP address, browser type, and request logs, used for security and to operate the Service.
Before you create an account, drafts are kept in your browser’s local storage and are not sent to us.
2. How we use information
- Provide, maintain, and secure the Service and your account.
- Save and sync your business profile, clients, items, and documents.
- Enforce free/paid export limits and process Pro subscriptions.
- Detect, prevent, and respond to fraud, abuse, and security incidents.
- Communicate with you about your account, security, and product updates.
- Improve the Service using aggregated, non-identifying insights.
Under the GDPR, our legal bases are performance of a contract (providing the Service), our legitimate interests (security and improvement), consent (where required), and legal obligations.
3. Your invoice content is yours
The documents and client details you create belong to you. We access them only to provide the Service (for example, to store, render, and export them) or where required by law. We do not sell your personal information or your invoice content, and we do not use it for advertising.
4. How we share information
We share data only with service providers that help us run the Service, under contracts that protect your data:
- Cloudflare — hosting, database (D1), storage (R2), and sessions (KV).
- Stripe — subscription billing for Pro.
- An email provider for account and transactional messages.
We may also disclose information to comply with the law, enforce our Terms, or in connection with a merger or acquisition (with notice where required). We do not sell personal data.
5. Cookies
We use a strictly necessary, secure session cookie to keep you signed in. We keep any analytics minimal and privacy-respecting. You can control cookies in your browser; disabling the session cookie will sign you out.
6. Data retention & deletion
We keep your account and content while your account is active. You can delete individual clients, items, profiles, and documents at any time, and you can delete your entire account, which removes your associated data (subject to limited retention for legal, security, or backup purposes).
7. Security
We protect data in transit and at rest, hash passwords, and scope every account’s data to that account. No method of transmission or storage is 100% secure, but we work to protect your information and to respond promptly to any incident.
8. Your rights
Depending on where you live (including the EU/UK under GDPR and California under the CCPA/CPRA), you may have the right to access, correct, delete, or export your data, to object to or restrict certain processing, and to withdraw consent. California residents may request disclosure of data practices and to opt out of “sale” or “sharing” — note that we do not sell or share personal information. We will not discriminate against you for exercising these rights. To make a request, contact us below.
9. International transfers
We operate on globally distributed infrastructure, so your data may be processed in countries other than yours. Where required, we use appropriate safeguards for such transfers.
10. Children
The Service is not directed to children under 16, and we do not knowingly collect their personal information. If you believe a child has provided us data, contact us and we will delete it.
11. Changes to this policy
We may update this policy from time to time. We will change the “Last updated” date and, for material changes, provide additional notice.
12. Contact us
Questions or requests: privacy@billcrafter.com.