BillyBoxBillyBox
Sign In

Privacy Policy

Last updated: April 2026

BillyBox is a service operated by Hormesis S.R.L., a company registered in Romania. This policy describes how we collect, use, and protect your data.

1. Information we collect

Account Information

When you create an account, we collect your email address and password (stored securely hashed).

Email Access

BillyBox connects to your email accounts using OAuth 2.0 for Gmail and Outlook/Hotmail/Live (no passwords stored — Google or Microsoft authenticates you and issues a refresh token), or IMAP with an app password for Zoho and other IMAP providers. All credentials and tokens are encrypted at rest with AES-256 and used solely to fetch invoice attachments and follow invoice download links.

Invoice Documents

We store invoice documents (PDFs, XMLs, images) that you import or that are fetched from your email. We extract basic information like issuer name, amount, and date for classification purposes.

2. How we use your information

  • To provide the invoice management service
  • To authenticate you and secure your account
  • To send transactional emails (verification, password reset)
  • To improve the service and fix bugs

We do not sell your data. We do not use your invoice data for advertising.

3. Data security

We implement industry-standard security measures:

  • Passwords are hashed using bcrypt
  • Email credentials are encrypted with AES-256
  • All data transmitted over HTTPS
  • Regular security audits and updates

4. Data retention

We retain your data for as long as your account is active. Upon account deletion:

  • Account data is deleted immediately
  • Invoice documents are deleted within 30 days
  • Backups are purged within 90 days

5. Your rights

You have the right to:

  • Access your data
  • Export your data
  • Request deletion of your data
  • Disconnect email accounts at any time

6. Third-party services

We may use third-party services for:

  • Payment processing (Stripe)
  • Email delivery (Resend)
  • Error monitoring (Sentry)
  • AI document classification (Anthropic, OpenAI — your data is not used for training)

These services have their own privacy policies and only receive data necessary for their function.

7. Cookies

We use essential cookies only for authentication. We do not use tracking or advertising cookies.

8. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service.

9. Contact

For privacy-related questions, please contact us at support@billybox.app.