Privacy Policy

1. Introduction

Bill Saved (“we,” “our,” or “us”) operates the billsaved.com website and related services. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our bill analysis and dispute resolution services.

By creating an account or using our services, you agree to the collection and use of information as described in this policy.

2. Information We Collect

We collect the following categories of information:

Account information: Email address and password when you create an account. If you sign in via Google OAuth, we receive your name and email from Google.

Verification profile:Name, address, phone number, date of birth, and security verification answers (such as mother's maiden name) that you voluntarily provide. This information is used to authenticate your identity when our AI contacts service providers on your behalf.

Bill data: Documents you upload (PDFs and images of bills), including the content extracted by our AI such as account numbers, charge descriptions, amounts, and provider names.

Payment information: Credit or debit card details are collected and processed by Stripe, our payment processor. We store only the last four digits and card brand for display purposes. Full card numbers never touch our servers.

Usage data: Log data, browser type, pages visited, and timestamps for the purpose of improving our service and diagnosing technical issues.

3. How We Use Your Information

We use your information for the following purposes:

To analyze your bills and identify overcharges, billing errors, and savings opportunities. To authenticate your identity with service providers when our AI calls on your behalf. To process payments and calculate fees based on verified savings. To improve our AI's analysis accuracy and negotiation effectiveness. To communicate with you about your account, disputes, and savings. To comply with legal obligations and enforce our Terms of Service.

4. Data Storage and Security

Your data is stored in encrypted databases hosted on Supabase infrastructure. Uploaded bill files are stored in private, encrypted storage buckets accessible only to the account owner and our analysis system. We implement row-level security policies ensuring users can only access their own data.

Sensitive verification data (such as the last four digits of your SSN/SIN) is encrypted at the application layer before storage.

5. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. We share information only in the following circumstances:

Service providers on your behalf: When our AI calls a company to dispute charges, it provides your account information to authenticate as the account holder. This occurs only for bills you explicitly choose to dispute.

Payment processing: Stripe receives payment information necessary to process transactions.

Legal requirements: We may disclose information if required by law, court order, or governmental regulation.

6. Data Retention

We retain your account data, bill analyses, and dispute records for as long as your account is active. If you delete your account, we will remove your personal information and uploaded files within 30 days, except where retention is required for legal, tax, or accounting obligations.

Anonymized and aggregated data (such as overall success rates and common charge patterns) may be retained indefinitely for the purpose of improving our AI system.

7. Your Rights

You have the right to:

Access the personal data we hold about you by requesting it through your account settings or contacting us directly. Correct inaccurate information in your profile at any time. Delete your account and all associated data by contacting support@billsaved.com. Export your data in a machine-readable format upon request.

8. Cookies

We use essential cookies to maintain your login session and remember your preferences. We do not use advertising cookies or tracking pixels. We do not sell cookie data to third parties.

9. Children's Privacy

Bill Saved is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through a notice on our website. Your continued use of Bill Saved after changes take effect constitutes acceptance of the updated policy.

11. Standing Authorization Agreement (SAA)

Before Bill Saved can place calls on your behalf, you must sign a Standing Authorization Agreement (SAA). This is a one-time digital agreement that authorizes Bill Saved to act as your representative for all billing disputes. The SAA captures: your full legal name, state or province, IP address, user agent, electronic signature hash, and timestamp. For Canadian users, separate CASL express consent is recorded.

You may revoke your SAA at any time from your account settings with immediate effect. Revocation cancels all pending disputes. SAA records are retained for 7 years for compliance audit purposes. Your SAA version is tracked to ensure you are always covered by the most current terms.

12. Dispute Activation Records (DAR)

Each time you initiate a dispute, a Dispute Activation Record (DAR) is created linking to your SAA. The DAR contains: biller name, biller phone number, account last 4 digits, dispute type, your jurisdiction, calling hour verification status, and activation timestamp. DARs are used for compliance tracking and to ensure all pre-call legal checks have been completed.

13. Call Records and Compliance

All calls placed by Bill Saved on your behalf are recorded. Call recordings are retained for 90 days and are available to you upon request. Call records include: call initiation time, duration, outcome, whether recording was disclosed (always yes), whether an identity inquiry was raised by the biller, and whether an opt-out was requested.

To request a call transcript or recording, contact our Privacy Officer.

14. Jurisdiction and Data Routing

Your state or province determines which legal framework applies to your calls (US TCPA or Canadian CRTC/CASL). Bill Saved maintains a jurisdiction tier system: Green Tier (service available), Amber Tier (coming soon), and Red Tier (not yet available due to stricter two-party consent laws). Your jurisdiction is determined from the state/province you provide when signing your SAA.

15. Privacy Officer

Bill Saved's Privacy Officer is Patrick Novak. For data subject access requests (DSARs), privacy complaints, or questions about this policy, contact: privacy@billsaved.com. We respond to all privacy requests within 30 days.

16. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at privacy@billsaved.com.