Privacy Policy

1. Introduction

Bill Saved (“we,” “our,” or “us”) operates the billsaved.com website and related services. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our bill analysis and call services.

By creating an account or using our services, you agree to the collection and use of information as described in this policy.

2. Information We Collect

We collect the following categories of information:

Account information: Email address and password when you create an account. If you sign in via Google OAuth, we receive your name and email from Google.

Verification profile:Name, address, phone number, date of birth, and security verification answers (such as mother's maiden name) that you voluntarily provide. This information is used to authenticate your identity when Bill Saved contacts service providers on your behalf.

Bill data: Documents you upload (PDFs and images of bills), including the content extracted by Bill Saved such as account numbers, charge descriptions, amounts, and provider names.

Payment information: Credit or debit card details are collected and processed by Stripe, our payment processor. We store only the last four digits and card brand for display purposes. Full card numbers never touch our servers.

Usage data: Log data, browser type, pages visited, and timestamps for the purpose of improving our service and diagnosing technical issues.

Voice fingerprint (Handled Call only): If you use the Handled Call tier, we compute a short spectral fingerprint from a sample of your voice during account setup. This biometric data is used solely to verify that the authorization phrase on a recorded Handled Call was spoken by you, not by an imposter. The fingerprint is stored encrypted at rest, never shared with providers, and deleted within 30 days of account deletion. You can opt out of Handled Call at any time from Settings, which removes the fingerprint immediately.

3. How We Use Your Information

We use your information for the following purposes:

To analyze your bills and identify overcharges, billing errors, and savings opportunities. To authenticate your identity with service providers when Bill Saved calls on your behalf. To process payments and calculate fees based on verified savings. To improve Bill Saved's analysis accuracy and call effectiveness. To communicate with you about your account, calls, and savings. To comply with legal obligations and enforce our Terms of Service.

4. Data Storage and Security

Your data is stored in encrypted databases hosted on Supabase infrastructure. Uploaded bill files are stored in private, encrypted storage buckets accessible only to the account owner and our analysis system. We implement row-level security policies ensuring users can only access their own data.

Sensitive verification data (such as the last four digits of your SSN/SIN) is encrypted at the application layer before storage.

5. Data Sharing and Sub-Processors

We do not sell, rent, or share your personal information with third parties for marketing purposes. We share information only in the following circumstances:

Service providers on your behalf: When Bill Saved calls a company on your behalf, it provides your account information to authenticate as the account holder. This occurs only for situations you explicitly choose to pursue.

Sub-processors: Bill Saved uses the following service providers to operate the platform. Each is contractually bound to handle your data only as instructed by us:

• Supabase (US) — primary database, file storage, and authentication
• Vercel (US) — web hosting and edge runtime
• Stripe (US) — payment processing
• xAI (US) — document analysis (Grok Vision) and live coaching engine; uploaded bills and call transcripts are sent for inference and not retained for training
• Voximplant (US/EU) — outbound calling, hold management, conference bridging, and call recording
• Resend (US) — transactional email delivery
• Upstash (US) — rate limiting and caching
• Sentry (US) — error monitoring; we redact PII before forwarding events
• Cloudflare Turnstile — bot prevention on signup and waitlist forms

Cross-border data transfers: Bill Saved is operated from Canada (Ontario). Most of our sub-processors are located in the United States, which means personal data is transferred between Canada and the US in the course of normal operation. By using Bill Saved you consent to this cross-border processing. We use sub-processors with industry-standard data-protection commitments (SOC 2, ISO 27001, or equivalent).

Legal requirements: We may disclose information if required by law, court order, or governmental regulation.

6. Data Retention

We retain your account data, bill analyses, and call records for as long as your account is active. If you delete your account, we will remove your personal information and uploaded files within 30 days, except where retention is required for legal, tax, or accounting obligations.

Anonymized and aggregated data (such as overall success rates and common charge patterns) may be retained indefinitely for the purpose of improving our system.

7. Your Rights

You have the right to:

Access the personal data we hold about you by requesting it through your account settings or contacting us directly. Correct inaccurate information in your profile at any time. Delete your account and all associated data by contacting support@billsaved.com. Export your data in a machine-readable format upon request.

8. Cookies

We use essential cookies to maintain your login session and remember your preferences. We do not use advertising cookies or tracking pixels. We do not sell cookie data to third parties.

9. Children's Privacy

Bill Saved is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through a notice on our website. Your continued use of Bill Saved after changes take effect constitutes acceptance of the updated policy.

11. Call Authorization

Bill Saved uses a contemporaneous per-call authorization model. Before each call where Bill Saved speaks on your behalf (Handled Call tier), you authenticate with the provider and speak a recorded authorization phrase on the call. There is no standing pre-authorization. See our product page for details.

12. Call Activation Records

Each time you initiate a call, a record is created capturing: biller name, biller phone number, account last 4 digits, situation type, your jurisdiction, calling hour verification status, and activation timestamp. These records are used for compliance tracking and to ensure all pre-call checks have been completed.

13. Call Records and Compliance

All calls placed by Bill Saved on your behalf are recorded. Call recordings are retained for 90 days and are available to you upon request. Call records include: call initiation time, duration, outcome, whether recording was disclosed (always yes), whether an identity inquiry was raised by the biller, and whether an opt-out was requested.

To request a call transcript or recording, contact our Privacy Officer.

14. Jurisdiction and Data Routing

Your state or province determines which legal framework applies to your calls (US TCPA or Canadian CRTC/CASL). Bill Saved determines your jurisdiction from the state or province you provide in your account profile.

15. Applicable Privacy Frameworks

Bill Saved is designed to comply with the privacy frameworks that apply to our users:

• PIPEDA (Personal Information Protection and Electronic Documents Act) for Canadian users. Your rights include access, correction, and withdrawal of consent.
• CASL (Canadian Anti-Spam Legislation) governs marketing email. We treat transactional messages (call status, receipts) and marketing messages (product updates) separately, and you can opt out of marketing at any time without affecting transactional messages.
• CCPA / CPRA for California residents. You have the right to know what personal information we collect, request deletion, correct inaccurate information, limit use of sensitive personal information, and opt out of any sale or sharing. Bill Saved does not sell personal information.
• Quebec Law 25.Quebec residents have the specific rights enumerated under Law 25, including data portability and the right to require human review of automated decisions. Handled Call service is not currently offered in Quebec — Call Assist and Coached Call are available and governed by Law 25.
• GDPR. Bill Saved is not directed at users in the European Economic Area or the United Kingdom. If you are located in the EEA/UK and create an account anyway, we will honor data subject rights (access, rectification, erasure, restriction, portability, and objection) on a best-effort basis and you can contact privacy@billsaved.com to exercise them.

16. Privacy Officer

Bill Saved's Privacy Officer is Patrick Novak. For data subject access requests (DSARs), privacy complaints, or questions about this policy, contact: privacy@billsaved.com. We respond to all privacy requests within 30 days.

17. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at privacy@billsaved.com.