Privacy Policy
Last updated: June 27, 2026
SnapBilly (“we”, “our”, “us”) operates the SnapBilly web application, mobile applications (iOS and Android), and desktop applications (Windows and macOS), collectively referred to as the “Service.” This Privacy Policy explains how we collect, use, store, share and protect your personal information when you use the Service. By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy.
1. Information We Collect
Information you provide directly
| Data category | Examples | Purpose |
|---|---|---|
| Account information | Full name, email address, password | Account creation and authentication |
| Business information | Business name, address, logo, tax label/number (VAT/EIN/GST), country, currency | Invoice branding and tax compliance |
| Customer data | Your clients’ names, emails, phone numbers, companies, addresses | Invoice generation and delivery |
| Financial data | Invoice amounts, line items, expense amounts/categories, payment method labels | Invoicing, expense tracking, and P&L reporting |
| Payment details | Bank/SWIFT/sort codes and payment tags you choose to display on invoices | Shown on invoices so your clients can pay you |
| Uploaded files | Business logos, expense receipts | Invoice branding and expense record-keeping |
Information collected automatically
We collect authentication tokens (Firebase Authentication), anonymized usage analytics, error reports, device/browser information, your IP address, and consent records (timestamp, IP, user agent and the document version you accepted) for security and legal compliance.
Information from third parties
If you sign in with Google, we receive your name, email and profile picture. Our billing provider Dodo Payments shares your subscription status and plan with us. We never receive or store your credit card number.
2. How We Use Your Information
- Providing the Service — creating invoices, managing customers, tracking expenses, generating reports and PDFs, and sending invoices by email.
- Authentication & security — verifying identity, managing sessions and enforcing row-level data isolation.
- Billing & subscriptions — processing payments via Dodo Payments and managing trials and plan changes.
- Transactional communications — invoice delivery, reminders, receipts and account emails via Resend.
- Product improvement — analyzing aggregated, anonymized usage.
- Legal compliance — maintaining consent records and enforcing our Terms.
We do not sell, rent or trade your personal information to third parties for marketing purposes.
3. Data Storage & Security
Data is stored in Supabase (PostgreSQL) with row-level security enabled on every table, so you can only access your own data. All connections use HTTPS/TLS 1.2+. Files live in private storage accessible only via short-lived signed URLs. Authentication uses Firebase with server-verified JWTs, payment card data is handled exclusively by Dodo Payments, and secrets are stored in environment variables only.
4. Third-Party Service Providers
We share data only with the processors needed to operate the Service:
| Provider | Purpose | Policy |
|---|---|---|
| Firebase (Google) | Authentication | Google Privacy |
| Supabase | Database, storage, edge functions | Supabase Privacy |
| Dodo Payments | Payment processing (Merchant of Record) | Dodo Payments Privacy |
| Resend | Transactional email | Resend Privacy |
| Vercel | Web hosting and CDN | Vercel Privacy |
5. Data Retention
Active account data is kept for the life of your account. Deleted invoices/customers are soft-deleted and permanently purged 90 days later. Consent/signing records are retained for 7 years after account deletion for legal compliance. Error logs are kept for 90 days.
6. Your Rights
Depending on your jurisdiction (GDPR, CCPA, UK GDPR) you have rights to access, rectification, erasure, data portability, restriction, objection and withdrawal of consent. You can export your invoices, customers and expenses to CSV/Excel from within the app. To exercise any right, email us at support@snapbilly.com with your account email; we respond within 30 days.
7. Account Deletion
You may delete your account at any time from account settings. On deletion your account is deactivated immediately, all personal data, invoices, customers, expenses, receipts and uploaded files are permanently deleted within 30 days, and any active subscription is cancelled. Your consent/signing record is retained for 7 years for legal compliance and is not associated with any personal data after deletion.
8. Cookies & Tracking
SnapBilly uses only essential cookies required for authentication. We do not use third-party advertising or cross-site tracking cookies. You may disable analytics in your account settings.
9. Children’s Privacy
SnapBilly is not directed at individuals under 18 and we do not knowingly collect their information. If we learn a user is under 18 we will promptly delete the account.
10. International Data Transfers
Your data may be processed in the United States and the European Union via our providers. Where data is transferred across borders it is protected by Standard Contractual Clauses and the providers’ compliance with applicable data-protection frameworks.
11. Changes to This Policy
We may update this Privacy Policy. For material changes we will update the “Last updated” date, notify you by email and/or an in-app banner at least 14 days in advance, and require re-acceptance for continued use.
12. Contact Us
For privacy inquiries, data requests or complaints, email support@snapbilly.com. Postal address: SnapBilly — remote-first (registered address available on request).
