Privacy Policy

BrutalBill ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoice generation platform and related services (the "Service").

By using BrutalBill, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access the Service.

We use the information we collect to:

• Provide, maintain, and improve the BrutalBill Service.
• Process your invoices, contracts, and related financial documents.
• Send transactional emails (invoice delivery, payment reminders, receipts).
• Provide customer support and respond to your requests.
• Analyze usage trends to improve our product and user experience.
• Generate AI-powered suggestions (e.g., pricing advice, line item expansion) — processed securely and not shared with third parties.
• Detect, investigate, and prevent fraudulent or unauthorized activity.
• Comply with legal obligations and enforce our terms.

We do not sell, trade, or rent your personal information to third parties. We may share data only in these limited circumstances:

• Service Providers: Trusted partners who assist in operating our Service (e.g., Firebase, Stripe, Cloudinary, Resend, OpenAI). These providers are bound by contractual obligations to keep your data secure.
• Legal Requirements: When required by law, subpoena, court order, or governmental request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.
• With Your Consent: We may share your data for purposes you have explicitly agreed to.

We retain your personal information for as long as your account is active or as needed to provide you services. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements).

Invoice data and associated documents may be retained for up to 7 years to comply with tax and financial record-keeping requirements in applicable jurisdictions.

Depending on your location, you may have the following rights under applicable data protection laws (including GDPR, CCPA, and others):

To exercise any of these rights, contact us at privacy@brutalbill.com. We will respond within 30 days.

We use essential cookies to maintain your session and authentication state. We may also use analytics cookies to understand usage patterns and improve the Service. We do not use advertising or third-party tracking cookies.

We implement industry-standard security measures to protect your data, including:

• TLS encryption for all data in transit.
• Encryption at rest for sensitive data stored in our databases.
• Firebase Authentication with secure token-based sessions.
• Regular security audits and vulnerability assessments.
• Strict access controls limiting data access to authorized personnel.
• Firestore security rules enforcing row-level data access.

While we take reasonable precautions, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

BrutalBill is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such data promptly.

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective" date at the top of this page and notify you via email or a prominent notice on the Service. We encourage you to review this page periodically for any changes. Continued use of the Service after modifications constitutes acceptance of the updated policy.