Privacy Policy

Effective September 2025

Overview

xbill.co ("we," "us," or "our") is committed to protecting your privacy through minimal data collection and privacy-first design. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website.

Our Privacy-First Approach

We believe in collecting only what's necessary and protecting your privacy by design:

• No behavioral tracking across websites
• Cookieless analytics
• Minimal data collection with maximum privacy protection
• Anonymous usage insights only

Information We Collect

Information You Provide (When You Sign Up)

• Account information: Name and email address when you voluntarily create an account
• Newsletter subscription: Email address and optionally your name when you subscribe
• Communication: Messages you send us through contact forms or email

Information We Collect Automatically (Anonymous)

• Usage analytics: Anonymous, aggregated website usage patterns via our privacy-first server-side analytics
• Technical data: Hashed IP addresses (irreversibly anonymized), general browser type, pages visited
• Geographic data: Country/region level only (not precise location)

What We DON'T Collect

• ❌ Personal browsing behavior or detailed profiles
• ❌ Cross-site tracking data
• ❌ Advertising or marketing identifiers
• ❌ Precise location data
• ❌ Data from third-party sources

How We Use Your Information

Account Data

• Provide and maintain your account and services
• Authentication and security
• Communicate about your account or services
• Send newsletter communications (with your consent)

Anonymous Analytics Data

• Understand website usage patterns (aggregated only)
• Improve our website and services
• Monitor website performance and security

Legal Basis for Processing (GDPR)

• Essential cookies: Legitimate interest (GDPR Art. 6(1)(f)) for website functionality
• Account data: Contract performance when you sign up (GDPR Art. 6(1)(b))
• Newsletter: Consent when you subscribe (GDPR Art. 6(1)(a))
• Anonymous analytics: Legitimate interest (GDPR Art. 6(1)(f)) for service improvement
• Communications: Consent when you contact us

Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may only share information with:

• Email Service Provider: We use Resend to deliver newsletters and account-related emails
• Authentication Services: We use Google OAuth for optional account sign-in
• Database Hosting: We use MongoDB for secure data storage
• Legal requirements: When required by law or to protect our rights

We do NOT share data with: Google Analytics, advertising networks, or data brokers.

Your Rights (GDPR/CCPA)

You have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and data
• Restrict processing
• Data portability for your account data
• Object to processing
• Withdraw consent for communications
• Unsubscribe from newsletters at any time

Note: Our anonymous analytics data cannot be linked back to you and thus cannot be accessed, corrected, or deleted on an individual basis.

Data Security

We implement strong technical and organizational measures to protect your information:

• Encrypted data transmission and storage
• Regular security updates and monitoring
• Access controls and authentication
• Anonymous data processing where possible

International Data Transfers

We process data primarily within the US/EU. Any international transfers comply with GDPR adequacy decisions or appropriate safeguards.

Data Retention

• Newsletter subscriptions: Retained until you unsubscribe or request deletion
• Account data: Retained while your account is active, deleted upon account deletion
• Analytics data: Anonymous and aggregated, no individual retention periods apply
• Communication data: Retained for 3 years for support purposes

Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13.

Cookie Policy

We use only essential cookies for website functionality (authentication and security). We do NOT use:

• Tracking cookies
• Analytics cookies
• Advertising cookies
• Third-party cookies

Our analytics are cookieless and anonymous. See our Cookie Policy for details.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Effective Date."

Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, please contact us at hi@xbill.co.

This policy was last updated on September 2025.