BillSync

Privacy Policy

billsync.eu

Last updated: 29 March 2026 | Version: 1.1

1. Data Controller

  • Websyncpro Ltd
  • Company Number: 16123307
  • Registered Address: F04 1st Floor, Knightrider House, Knightrider Street, Maidstone, Kent, ME15 6LU, United Kingdom
  • VAT Number: GB505637887
  • Email: privacy@websyncpro.eu
  • Website: https://billsync.eu
  • Supervisory Authority: Information Commissioner's Office (ICO), United Kingdom
  • ICO Website: https://ico.org.uk

2. What Data Do We Collect?

When using billsync.eu, we process the following personal data:

Account Data

  • Full name
  • Email address
  • Password (encrypted)
  • User identifier (generated)

Invoice Data

  • Supplier/customer names and addresses
  • Company names, tax numbers, VAT numbers
  • Invoice numbers, dates, amounts
  • Email contents containing invoices
  • Attached invoice documents (PDF, images)

Integration Data

  • Google account OAuth tokens (Sheets, Drive, Gmail)
  • Email forwarding addresses (unique identifiers)
  • Google Sheets and Drive file identifiers

Usage Data

  • Log files (IP addresses, browser type, timestamps)
  • Activity logs (feature usage, error logs)

3. Legal Basis and Purpose

Data CategoryLegal BasisPurpose
Account DataPerformance of ContractProvision of SaaS service, identification
Invoice DataPerformance of ContractAutomated invoice processing
Integration DataPerformance of ContractGoogle Sheets/Drive synchronisation
Usage LogsLegitimate InterestService improvement, security

4. Data Processors and Third Parties

Our trusted data processors:

ProcessorServiceRegionSafeguard
Supabase Inc. (USA)Database hosting, user authentication, file storageEU (AWS eu-central-1)DPA, SCCs, TIA
Google LLC (USA)Google Sheets, Drive, Gmail integrationUser-selected Google Workspace regionGoogle Cloud DPA, SCCs

We do not sell your data to third parties for marketing purposes.

Google API Services — Limited Use Disclosure

  • We do not share, transfer, or disclose Google user data to any third parties.
  • Google Drive and Google Sheets data is used solely to store and organize the authenticated user's own invoice documents.
  • We do not use Google Workspace API data to develop, improve, or train generalized AI and/or ML models.
  • Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. International Data Transfers

Your data is stored in the Central EU (Frankfurt) within the Supabase infrastructure. When using Google services (Sheets, Drive), data may be transferred to Google's global infrastructure. Google provides adequate protection through SCCs and Privacy Shield successor frameworks. We have conducted a Transfer Impact Assessment (TIA) to ensure adequate protection for international data transfers.

6. Your Rights Under GDPR/UK GDPR

You have the following rights:

Right of AccessYou may request a copy of your personal data
Right to RectificationCorrection of inaccurate data
Right to ErasureDeletion of your account and associated data (subject to legal retention obligations)
Right to RestrictionRestriction of processing under certain circumstances
Right to Data PortabilityExport of your data in a machine-readable format
Right to ObjectObjection to processing based on legitimate interest
Right to Withdraw ConsentRevocation of OAuth permissions

To exercise your rights, contact us at: privacy@websyncpro.eu

7. Account Deletion and Data Retention

Full Account Deletion: You may irrevocably delete your account at any time from the settings page.

ALL data will be immediately and permanently deleted from our systems:

  • User profile and login credentials
  • OAuth tokens and integration settings
  • Activity logs and cached data
  • Invoice data and processed documents

Important Notice Regarding Invoice Retention:

The original sources of your invoices (your email account, Google Drive, Google Sheets) remain under your responsibility. It is the user's obligation to retain invoices stored in their own Drive, Sheets, or email accounts in accordance with accounting retention requirements. We have no legal or contractual obligation to retain invoices after account deletion. After deletion, no data remains with us — all responsibility rests with you.

8. Data Security

We implement industry-standard security measures:

Encryption at Rest

Supabase/AWS default encryption

TLS/SSL Encryption

In transit (HTTPS)

Row-Level Security (RLS)

Users can only access their own data

OAuth 2.0

Secure Google account integration

Regular Backups

Daily automatic backups (30-day retention)

Access Control

Role-based permissions, audit logging

9. Cookies and Tracking

We use essential cookies only:

  • Session management (login state)
  • CSRF protection
  • User preferences

We do not use third-party tracking or advertising cookies.

10. Children's Privacy

billsync.eu is designed for business users aged 18 and over. We do not knowingly collect data from children under 18.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification.

Version History: v1.1 — 29 March 2026 — Added Google API Services Limited Use Disclosure | v1.0 — 27 February 2026 — Initial version

12. Contact

For data protection enquiries or to exercise your rights:

Email: privacy@websyncpro.eu

Website: https://billsync.eu

Address: Websyncpro Ltd, F04 1st Floor, Knightrider House, Knightrider Street, Maidstone, Kent, ME15 6LU, United Kingdom

Complaints: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been infringed.

ICO: https://ico.org.uk | 0303 123 1113

privacy@websyncpro.eu

© 2026 Websyncpro Ltd. All rights reserved.