Privacy Policy

1. Introduction

bilz.ai is operated by S12V Labs LLC ("bilz", "we", "us", or "our"), a limited liability company organized in the State of Wyoming, United States. We provide an AI-powered invoice processing and cost-control platform for the restaurant and hospitality industry.

This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to our website and our services. By using bilz.ai, you agree to the collection and use of information as described here.

2. Information We Collect

We collect and process the following categories of information to provide and improve our services:

• Account information — your name, email address, business name, and contact details provided during registration.
• Invoice data — photographs, scans, and digital copies of invoices you upload, including supplier names, product descriptions, quantities, prices, and tax information.
• Business data — restaurant profiles, supplier relationships, product catalogs, cost categories, and financial summaries generated through your use of the platform.
• Usage analytics — device information, browser type, IP address, pages visited, features used, and interaction patterns to help us improve the platform.
• Communication data — messages and correspondence when you contact our support team.

3. How We Use Your Data

The core function of bilz.ai is to extract, structure, and analyze invoice data using artificial intelligence. Here is how your data flows through our system:

• AI/OCR processing — when you upload an invoice (photo, scan, or PDF), our system uses optical character recognition (OCR) and AI models to extract line items, prices, supplier details, and totals.
• Data structuring — extracted information is organized into structured records, matched to your existing product catalog and supplier list, and categorized for cost analysis.
• Analytics and insights — we generate cost trends, price comparisons, and spending reports to help you manage your restaurant's expenses effectively.
• Service improvement — aggregated and de-identified data may be used to improve the accuracy of our AI models. Your individual business data is never sold or made identifiable to others.

4. Third-Party Services

To deliver accurate AI-powered invoice processing, we rely on the following types of third-party services:

• OpenAI — for natural language processing and data extraction from invoice content. Invoice text and images may be sent to OpenAI's API for processing. OpenAI does not use data submitted via their API to train their models.
• Google AI (Gemini) — for supplementary AI processing, including vision-based invoice analysis, under Google's API data processing terms.
• Cloud infrastructure & billing — we use industry-standard U.S. cloud providers to host and process your data, and a third-party payment processor to handle subscription billing.
• Analytics providers — we use privacy-respecting analytics tools to understand how users interact with our platform.

All third-party providers are bound by data processing agreements and are required to safeguard your data. We do not sell your data to any third party.

5. Data Storage and Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it:

• All data is encrypted in transit (TLS 1.3) and at rest (AES-256 encryption).
• Data is stored on servers located in the United States.
• Access to production systems is restricted to authorized personnel with multi-factor authentication.
• We conduct regular security reviews and vulnerability assessments.
• Uploaded invoice images are stored securely and are only accessible by authorized users within your organization.

While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We continuously work to improve our security practices.

6. Data Retention

We retain your data only for as long as necessary to fulfill the purposes described in this policy:

• Account data — retained for the duration of your active account, plus 30 days after account deletion to allow for recovery.
• Invoice and business data — retained for as long as your account is active. Upon account deletion, all invoice data is permanently removed within 90 days.
• Usage analytics — de-identified analytics data may be retained indefinitely. Identifiable usage logs are deleted after 12 months.
• Legal obligations — certain data may be retained longer if required by applicable tax, accounting, or legal regulations.

7. Your Privacy Rights

Depending on where you live, you may have rights regarding your personal information, including the right to:

• Know and access — request a copy of the personal information we hold about you and how we use it.
• Correct — ask us to fix inaccurate or incomplete information.
• Delete — request deletion of your personal information, subject to legal retention requirements.
• Data portability — request your data in a structured, machine-readable format.
• Opt out — opt out of certain uses of your information. We do not sell or "share" your personal information as those terms are defined under California law.

California residents have these rights under the California Consumer Privacy Act (CCPA/CPRA), and we will not discriminate against you for exercising them. To make a request, contact us at [email protected]. We will respond within the timeframe required by applicable law.

EEA, UK and Switzerland. If you are in the European Economic Area, the United Kingdom or Switzerland, you additionally have the right to object to or restrict processing, to withdraw consent at any time (without affecting processing carried out before withdrawal), and to lodge a complaint with your local data protection supervisory authority. We process personal data on the following legal bases: your consent (for analytics and marketing cookies), performance of a contract (to provide the service you sign up for), and our legitimate interest in operating, securing and improving bilz.ai. To exercise any of these rights, contact us at [email protected].

8. Cookies

We use cookies and similar technologies to operate and improve our platform:

• Essential cookies — required for the platform to function, including authentication and session management. These cannot be disabled.
• Functional cookies — remember your preferences such as language, locale, and display settings.
• Analytics cookies — help us understand how visitors use the platform so we can improve the experience. These are only set with your consent.

You can manage your cookie preferences at any time through your browser settings or our cookie consent banner. Disabling non-essential cookies will not affect the core functionality of the platform.

9. Where Your Data Is Processed

Your data is primarily stored and processed in the United States. When data is processed by third-party AI services (such as OpenAI or Google AI), it may be processed in other locations. In those cases, we require appropriate contractual safeguards and data processing agreements to protect your information.

For users in the EEA, the UK or Switzerland, transfers of personal data to the United States and to our sub-processors are made under an appropriate transfer mechanism, such as the European Commission's Standard Contractual Clauses.

10. Children's Privacy

bilz.ai is a business-to-business service designed for restaurant operators and hospitality professionals. Our platform is not intended for use by individuals under the age of 16, and we do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we will notify you by email or through a prominent notice on our platform. The "Last updated" date at the top of this page indicates when this policy was most recently revised.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how we handle your data, please reach out to us: