Privacy Policy

1. Introduction

bilz.ai ("we", "us", or "our") operates an AI-powered invoice processing platform designed for the restaurant and hospitality industry. We are committed to protecting the privacy and security of your personal and business data in accordance with the General Data Protection Regulation (GDPR) and other applicable European data protection laws.

This Privacy Policy describes what information we collect, how we use it, and the choices you have regarding your data. By using our platform, you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

We collect and process the following categories of data to provide and improve our services:

• Account information — your name, email address, business name, and contact details provided during registration.
• Invoice data — photographs, scans, and digital copies of invoices you upload, including supplier names, product descriptions, quantities, prices, and tax information.
• Business data — restaurant profiles, supplier relationships, product catalogs, cost categories, and financial summaries generated through your use of the platform.
• Usage analytics — device information, browser type, IP address, pages visited, features used, and interaction patterns to help us improve the platform experience.
• Communication data — messages and correspondence when you contact our support team.

3. How We Process Your Data

The core function of bilz.ai is to extract, structure, and analyze invoice data using artificial intelligence. Here is how your data flows through our system:

• AI/OCR processing — when you upload an invoice (photo, scan, or PDF), our system uses optical character recognition (OCR) and AI models to extract line items, prices, supplier details, and totals.
• Data structuring — extracted information is organized into structured records, matched to your existing product catalog and supplier list, and categorized for cost analysis.
• Analytics and insights — we generate cost trends, price comparisons, and spending reports to help you manage your restaurant's expenses effectively.
• Service improvement — aggregated and anonymized data may be used to improve the accuracy of our AI models. Individual business data is never shared or made identifiable.

Our legal basis for processing your data includes the performance of our contract with you (Article 6(1)(b) GDPR), your consent where applicable (Article 6(1)(a) GDPR), and our legitimate interests in improving the service (Article 6(1)(f) GDPR).

4. Third-Party Services

To deliver accurate AI-powered invoice processing, we use the following third-party services:

• OpenAI — for natural language processing and data extraction from invoice content. Invoice text and images may be sent to OpenAI's API for processing. OpenAI does not use data submitted via their API to train their models.
• Google AI (Gemini) — for supplementary AI processing, including vision-based invoice analysis. Google's API data processing terms apply.
• Cloud infrastructure — we use industry-standard cloud providers with data centers in the European Union to host and process your data.
• Analytics providers — we use privacy-respecting analytics tools to understand how users interact with our platform.

All third-party providers are bound by data processing agreements and are required to handle your data in compliance with GDPR. We do not sell your data to any third party.

5. Data Storage and Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it:

• All data is encrypted in transit (TLS 1.3) and at rest (AES-256 encryption).
• Data is stored on servers located within the European Union.
• Access to production systems is restricted to authorized personnel with multi-factor authentication.
• We conduct regular security audits and vulnerability assessments.
• Uploaded invoice images are stored securely and are only accessible by authorized users within your organization.

While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We continuously work to improve our security practices.

6. Data Retention

We retain your data only for as long as necessary to fulfill the purposes described in this policy:

• Account data — retained for the duration of your active account, plus 30 days after account deletion to allow for recovery.
• Invoice and business data — retained for as long as your account is active. Upon account deletion, all invoice data is permanently removed within 90 days.
• Usage analytics — anonymized analytics data may be retained indefinitely. Identifiable usage logs are deleted after 12 months.
• Legal obligations — certain data may be retained longer if required by applicable tax, accounting, or legal regulations.

7. Your Rights (GDPR)

As a data subject under the GDPR, you have the following rights regarding your personal data:

• Right of access — you can request a copy of the personal data we hold about you.
• Right to rectification — you can ask us to correct inaccurate or incomplete data.
• Right to erasure — you can request deletion of your personal data, subject to legal retention requirements.
• Right to restrict processing — you can ask us to limit how we use your data in certain circumstances.
• Right to data portability — you can request your data in a structured, machine-readable format.
• Right to object — you can object to processing based on legitimate interests or direct marketing.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

8. Cookies

We use cookies and similar technologies to operate and improve our platform:

• Essential cookies — required for the platform to function, including authentication and session management. These cannot be disabled.
• Functional cookies — remember your preferences such as language, locale, and display settings.
• Analytics cookies — help us understand how visitors use the platform so we can improve the experience. These are only set with your consent.

You can manage your cookie preferences at any time through your browser settings or our cookie consent banner. Disabling non-essential cookies will not affect the core functionality of the platform.

9. International Data Transfers

Your data is primarily stored and processed within the European Union. When data is processed by third-party AI services (such as OpenAI or Google AI), it may be temporarily transferred outside the EU. In such cases, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and the providers' data processing agreements.

10. Children's Privacy

bilz.ai is a business-to-business service designed for restaurant operators and hospitality professionals. Our platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we will notify you by email or through a prominent notice on our platform. The "Last updated" date at the top of this page indicates when this policy was most recently revised.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your data, please reach out to us:

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed unlawfully.