Privacy Policy
Last updated: December 30, 2025
1. Introduction
Welcome to BillableDay ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our time tracking and task management service.
By using BillableDay, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Name (if provided via Google OAuth)
- Profile picture (if using Google OAuth)
Service Data
As you use BillableDay, we store:
- Client information (names, hourly rates)
- Task details (titles, descriptions, due dates)
- Time entries (start times, durations, notes)
- Calculated revenue based on your hourly rates
Automatically Collected Information
We may collect certain information automatically, including:
- Browser type and version
- Device information
- IP address
- Usage patterns within the application
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve BillableDay
- Process and display your time tracking and revenue data
- Send you service-related communications
- Respond to your requests and support inquiries
- Protect against unauthorized access and abuse
- Analyze usage patterns to improve our service
4. Data Storage & Security
Your data is stored securely using Supabase, a trusted database platform with enterprise-grade security:
- All data is encrypted in transit (TLS 1.2+) and at rest
- Row-Level Security (RLS) ensures you can only access your own data
- Regular automated backups
- SOC 2 Type II compliant infrastructure
While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure.
5. Google OAuth
When you sign in with Google:
- We receive only your email, name, and profile picture from Google
- We do not access your Google Calendar, Drive, or other Google services
- We do not store your Google password
- You can revoke access anytime via your Google account settings
7. Data Sharing
We do not sell, trade, or rent your personal information. We may share data only in these circumstances:
- Service providers: Supabase (database), Vercel (hosting), PostHog (analytics, with consent)
- Legal requirements: If required by law or valid legal process
- Business transfers: In connection with a merger or acquisition
- With your consent: When you explicitly authorize sharing
8. Your Rights
You have the right to:
- Access: Request a copy of your data
- Export: Download your data in standard formats
- Correct: Update inaccurate information
- Delete: Request deletion of your account and data
- Privacy Mode: Hide financial amounts in the UI
To exercise these rights, contact us at support@billableday.com
9. Data Retention
We retain your data for as long as your account is active. If you delete your account:
- Your data will be permanently deleted within 30 days
- Backups containing your data are purged within 90 days
- Anonymized analytics data may be retained indefinitely
10. Children's Privacy
BillableDay is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Email: support@billableday.com
13. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). This section describes those rights and how to exercise them.
Categories of Personal Information Collected
In the past 12 months, we have collected the following categories of personal information:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Email address, name, IP address | Yes |
| Commercial Information | Client names, hourly rates, revenue data | Yes |
| Internet Activity | Browser type, usage patterns, device info | Yes |
| Professional Information | Task details, time entries, work history | Yes |
| Geolocation Data | Approximate location (country/region only) | Yes |
| Sensitive Personal Information | N/A | No |
Business Purposes for Collection
We collect and use personal information for the following business purposes:
- Providing the Service: Operating BillableDay, processing your time tracking and task data
- Account Management: Creating and maintaining your account, authentication
- Customer Support: Responding to inquiries and providing assistance
- Security: Protecting against unauthorized access, fraud prevention
- Service Improvement: Analyzing usage to improve features and performance
- Legal Compliance: Meeting legal obligations and enforcing our terms
Third-Party Sharing
We share personal information with the following categories of third parties:
- Service Providers: Supabase (database hosting), Vercel (web hosting)
- Analytics Providers: Only with your consent via cookie preferences
Your California Rights
As a California resident, you have the right to:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
- Right to Delete: Request deletion of your personal information, subject to certain exceptions
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: Opt out of the sale or sharing of personal information for cross-context behavioral advertising
- Right to Limit Use of Sensitive PI: Limit the use of sensitive personal information (we do not collect sensitive PI)
We Do Not Sell Your Personal Information
BillableDay does not "sell" or "share" your personal information as those terms are defined under CCPA/CPRA. We do not exchange your data for monetary or other valuable consideration, and we do not share your data for cross-context behavioral advertising. The "Do Not Sell or Share My Personal Information" link in our footer reflects our commitment to transparency, even though we do not engage in these practices.
Non-Discrimination
We will not discriminate against you for exercising your California privacy rights. We will not:
- Deny you goods or services
- Charge you different prices or rates
- Provide you with a different level or quality of service
- Suggest that you may receive a different price or level of service
How to Submit a Request
To exercise your California privacy rights, you may:
- Email us at support@billableday.com with the subject line "California Privacy Request"
- Use the "Cookie Settings" link in our footer to manage your cookie preferences
We will respond to verifiable consumer requests within 45 days. If we need more time (up to an additional 45 days), we will inform you of the reason and extension period in writing.
Verification
To protect your privacy, we will verify your identity before fulfilling your request. We may ask you to provide information that matches the information we have on file, such as your email address. If you use an authorized agent to submit a request, we may require proof of authorization.