1. Introduction
Welcome to Billvate. We are committed to protecting your privacy and personal data. This Privacy Policy explains how Stackvate Inc. ("Company," "we," "us," or "our") collects, uses, discloses, and safeguards your information when you use our invoice generation service.
By using our Service, you consent to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.
Privacy Commitment
We believe in transparency about our data practices. We collect only the information necessary to provide our Service and comply with legal obligations. We never sell your personal data to third parties.
2. Information We Collect
We collect information in several ways to provide and improve our Service:
2.1 Information You Provide
Account Information
- Email address
- Password (encrypted)
- Full name
- Phone number
Business Information
- Business name
- Business address
- Tax ID (optional)
- Business logo
Client Data
- Client names
- Client email addresses
- Client phone numbers
- Client addresses
Invoice Data
- Invoice details
- Line items & amounts
- Invoice dates
- Notes & descriptions
2.2 Information Collected Automatically
| Data Type | Purpose |
|---|---|
| IP Address | Security, fraud prevention, geographic compliance |
| Browser Type & Version | Technical support, compatibility |
| Device Information | Security, session management |
| Access Times | Security monitoring, usage analytics |
| Pages Visited | Service improvement |
| Referring URL | Marketing analytics |
2.3 Payment Information
Payment card details are processed securely by our payment processor, Stripe. We do not store full credit card numbers on our servers. We only receive:
- Last four digits of your card
- Card brand (Visa, Mastercard, etc.)
- Expiration date
- Billing address
3. How We Use Your Information
We use collected information for the following purposes:
3.1 Service Delivery
- Create and manage your account
- Generate invoices and PDFs
- Process payments and subscriptions
- Send invoices to your clients
- Provide customer support
3.2 Communication
- Send service-related emails (password resets, account notifications)
- Respond to your inquiries and support requests
- Notify you of changes to our Service or policies
- Send product updates (with your consent)
3.3 Security & Fraud Prevention
- Detect and prevent fraudulent activity
- Monitor for security threats
- Enforce our Terms of Service
- Comply with legal obligations
3.4 Service Improvement
- Analyze usage patterns
- Improve user experience
- Develop new features
- Fix bugs and technical issues
4. Compliance Data Processing
Important: Compliance Monitoring
To maintain a secure and legal Service, we perform compliance monitoring that includes scanning invoice content for prohibited keywords and screening users against sanctions lists.
4.1 Content Scanning
We use automated systems to scan invoice content for:
- Prohibited keywords associated with illegal activities
- References to prohibited goods or services
- Patterns indicating fraudulent invoicing
This scanning is automated and does not involve human review unless a potential violation is detected.
4.2 Sanctions Screening
We screen users against the following lists:
- OFAC Specially Designated Nationals (SDN) List
- Other U.S. government sanctions lists
Screening is performed at registration, periodically, and when adding clients to your account.
4.3 Geographic Verification
We use IP geolocation to verify you are not accessing the Service from a sanctioned country or region. We also detect VPN, proxy, and Tor usage.
4.4 Compliance Data Retention
Compliance-related records are retained for 7-10 years as required by anti-money laundering and sanctions regulations. This includes:
- Compliance flags and review outcomes
- SDN screening results
- Account suspension/termination records
- Appeals and their outcomes
5. Data Sharing
We Do Not Sell Your Data
We never sell, trade, or rent your personal information to third parties for marketing purposes.
5.1 When We Share Data
We may share your information only in these circumstances:
| Circumstance | Details |
|---|---|
| With Your Consent | When you explicitly authorize us to share |
| Service Providers | Trusted partners who help us operate (payment processing, email delivery, hosting) |
| Legal Requirements | When required by law, court order, or government request |
| Compliance Reporting | Reporting sanctions violations or suspected illegal activity to authorities |
| Business Transfers | In connection with a merger, acquisition, or sale of assets |
| Protection of Rights | To protect our rights, property, or safety, or that of our users |
5.2 Data Shared with Clients
When you send invoices to clients, they can view:
- Your business name and logo
- Your business address
- Invoice details and amounts
- Any notes you include on the invoice
6. Third-Party Services
We use the following third-party services that may collect information:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Stripe | Payment processing | stripe.com/privacy |
| MaxMind | IP geolocation for compliance | maxmind.com/privacy |
| Email Provider | Transactional email delivery | Varies by provider |
| Cloud Hosting | Infrastructure and data storage | Varies by provider |
These third parties have their own privacy policies governing how they use your information. We encourage you to review their policies.
7. Data Security
We implement robust security measures to protect your data:
7.1 Technical Measures
- Encryption in Transit: All data transmitted using TLS/SSL encryption
- Encryption at Rest: Sensitive data encrypted in our databases
- Password Hashing: Passwords hashed using bcrypt with unique salts
- Access Controls: Role-based access limiting who can view data
- Firewalls: Network-level protection against intrusion
- Regular Backups: Automated backups with secure offsite storage
7.2 Operational Measures
- Regular security audits and vulnerability assessments
- Employee security training
- Incident response procedures
- Limited access to production systems
Security Notice
While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.
8. Data Retention
We retain your data for different periods depending on the type:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Data | Duration of account + 90 days | Service delivery |
| Invoices & Transactions | 7 years after creation | Tax and accounting requirements |
| Compliance Records | 7-10 years | AML/sanctions regulations |
| Security Logs | 2 years | Security and fraud prevention |
| Support Communications | 3 years | Service improvement |
| Marketing Preferences | Until withdrawn | Consent management |
After the retention period, data is securely deleted or anonymized.
9. Your Rights
You have the following rights regarding your personal data:
9.1 Access
You can access your account information at any time through your account settings. You can also request a copy of all data we hold about you.
9.2 Correction
You can update or correct your information through your account settings or by contacting us.
9.3 Deletion
You can request deletion of your account and associated data. Note that we may retain certain data as required by law or for legitimate business purposes.
9.4 Export
You can export your invoice data at any time in common formats (PDF, CSV).
9.5 Objection
You can object to certain processing of your data, particularly for marketing purposes.
9.6 How to Exercise Your Rights
To exercise any of these rights, contact us at support@billvate.com. We will respond within 30 days.
10. GDPR Rights (European Union Users)
If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):
10.1 Legal Bases for Processing
We process your data under the following legal bases:
- Contract: Processing necessary to provide our Service
- Legitimate Interest: Security, fraud prevention, service improvement
- Legal Obligation: Compliance with applicable laws
- Consent: Marketing communications (where applicable)
10.2 Additional Rights
- Right to Restriction: Request limitation of processing
- Right to Portability: Receive data in a structured, machine-readable format
- Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
- Right to Lodge a Complaint: File a complaint with your local data protection authority
10.3 Data Protection Officer
For GDPR-related inquiries, contact our Data Protection Officer at privacy@billvate.com.
11. CCPA Rights (California Residents)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
11.1 Right to Know
You can request information about the categories and specific pieces of personal information we collect about you.
11.2 Right to Delete
You can request deletion of personal information we have collected, subject to certain exceptions.
11.3 Right to Non-Discrimination
We will not discriminate against you for exercising your CCPA rights.
11.4 Categories of Information Collected
In the past 12 months, we have collected the following categories of personal information:
- Identifiers (name, email, phone number)
- Commercial information (invoices, transactions)
- Internet activity (usage data, IP addresses)
- Geolocation data (derived from IP address)
- Professional information (business details)
11.5 Do Not Sell
We do not sell personal information as defined by the CCPA.
11.6 How to Submit a Request
California residents can submit requests by emailing privacy@billvate.com with subject "CCPA Request".
13. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.
13.1 Safeguards
When transferring data internationally, we use appropriate safeguards such as:
- Standard Contractual Clauses approved by the European Commission
- Data processing agreements with all service providers
- Ensuring recipients are certified under appropriate frameworks
13.2 U.S. Data Processing
Our primary servers are located in the United States. By using our Service, you consent to the transfer of your data to the U.S.
14. Children's Privacy
Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will take steps to delete such information.
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Email notification to your registered address
- Prominent notice on our website
- Updating the "Last Updated" date
We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance.
16. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Email: support@billvate.com
- Privacy Inquiries: privacy@billvate.com
- Website: https://billvate.com
Data Controller:
Stackvate Inc.
Attn: Privacy Team
United States