privacy policy

1. When does this Privacy Policy apply?

Billi runs two main services:
‍
- Our iOS/Android application (“Billi App”);
- The website https://billi.app (“Billi Website”)

This privacy policy applies to your use of the Billi App, to your use of the Billi Website, as well as to your communications with us, our social media and our marketing activities, such as our use of targeting cookies or newsletters (together, the “Services”).
‍
This Privacy Policy applies to personal information. We consider that “personal information” means any information which allows us to identify you directly or indirectly, including “cookies” and other electronic data. A “cookie” is information that a website puts on your computer’s hard disk so that the website can remember something about you at a later time. In this Privacy Policy, when we refer to “cookies” we include other technologies with similar purposes, such as pixels, tags and beacons. If you are looking for more information on cookies, you can refer to websites such as https://www.cookiecentral.com/ and https://www.allaboutcookies.org/. For more information about what we do with cookies, refer to Section 4 of this Policy.
‍
Any information that does not identify someone, or could not be used for identification is not personal information. For example, we may collect non-identifiable information about the use of our Services for analytics research purposes, and to produce market insights.
‍
This Privacy Policy is for transparency purposes and some of the data that we identify in this Privacy Policy as personal information may not be protected as personal information under applicable laws. For instance, business contact information is often excluded and you may not have the same rights over such data.

2. When does this Privacy Policy not apply?

If you click through to links to third parties’ websites, applications or services from our Services, this Privacy Policy does not apply to the collection, use and disclosure of personal information by such external services. We use Flinks and/or Plaid to connect to your financial institution to obtain access to relevant financial information so we can offer our Services. We do not control how Flinks, Plaid or any financial institution that you interact with collects personal information. It is always a good idea to read their privacy policies to understand what they do with your personal information!

3. What Personal information do we collect about you, and why?

We collect personal information (1) to allow you to interact with your spending, (2) to allow you to create a customer account and to confirm your identity, (3) to communicate with you, including by sending push notifications, (4) to conduct our marketing activities, including IBA, (5) for analytics purposes and to improve our Services, and to (6) to process job applications.
‍
Such personal information may include cookies, mobile identifiers, electronic data and business contact information, such as an e-mail address. If you communicate with us through social media, we will have access to the information that you make publicly available.
‍
When you interact with Billi, we collect personal information from you directly, but also through other sources, notably Flinks, Plaid and financial institutions, to offer our Services.
‍
Please see below for further details on which categories of personal information we collect, and how we use them.
‍
Billi App Account Information
‍
We collect this information to allow you to create an account:

• Email address
• Password

Banking Information - Billi App
‍
When you use the Billi App, we collect information about your bank account from your financial institution(s) through Flinks and/or Plaid, such as which bank(s) you have accounts with, regular payments, minimum balance, and other information relevant to the application. Flinks and/or Plaid provide us with banking information to allow you to link the App to your bank account(s) to track your spending.

Usage Data - Billi App
‍
To allow you to use the Billi App, we collect information about your financial account(s), including information about:

• The accounts you have, and the stats of your accounts, such as credit card balance;
• Which financial institutions you have accounts with;
• What investments you have and how they are performing;
• What transactions you make in your accounts.

Billi App allows you to have a full picture of your finances and how you spend your money. We collect information from your financial accounts through Flinks and/or Plaid to provide you with visualizations of your spending, tracking your spending habits, and to add up your transactions. We also use data about transactions to identify products that may be of interest to you, for internal use so we can improve our Services, and for marketing purposes.

Biometric - Billi App

We use Apple and Google’s biometric authentication technology to facilitate logging into the Billi App. We use biometric authentication technology, such as Apple Face ID, to ensure that it is really you accessing the account. You have the choice to login by biometric authentication or to continue by password. If you continue by biometric authentication, please note that the technology is provided by Apple for the iOS App or Google for the Android App. This information is linked to your Apple or Android ID, and we do not collect it.

Apple ID/Google ID

We request permission to collect your Apple ID or Google ID. We request permission to collect this in order to track your use of Billi App, notably for analytics and advertising purposes if you have opted into such tracking.

Job application

We sometimes post job opportunities, in which case we collect your contact information, curriculum vitae and other relevant information to assess your application, such as a cover letter. We collect this information to assess whether your qualifications match the position we are looking to fill.

Newsletter and Promotional Messages

When you sign up to receive our Billi App newsletter or promotional messages, we collect the following:

• Email address
• Consent to receive emails.If you consent to receive our newsletters or marketing or promotional materials, we will regularly send newsletters announcing promotions, requests and important information. You can unsubscribe at any time directly in the emails or by contacting us.

Electronic data

Electronic data may include:

• your device's Internet Protocol address (e.g. IP address)
• browser type
• browser version
• pages of our Service.

Electronic data is collected automatically when users navigate the Internet and, therefore, when you are using the Services. Electronic data is collected because it is useful to provide you with the Service, such as to recognize your browser default language or to maintain the Service.

Analytics Data

We collect analytics data, including the:

• Time and date of your visit(s)
• Time spent on our website
• What site you came from
• What pages you visited
• Unique device identifiers and other diagnostic data for analytics purposes.

We use analytics data to understand if we have any bugs, which pages of our Website are popular, how to improve our Services, and for similar purposes. Please refer to Section 4 to learn more about analytics cookies. Analytics data does not allow us to determine your identity, and is generally provided as aggregated data or by reference to an anonymous identifier.

Communication Data

When you reach out to us, we collect:

• Email address
• Identification data
• Message content
• Logs of live chats

If you communicate with us by email, on social media or by any other means, we collect the personal information that you share with us, such as your email address and the content of your communication. We may collect your cell phone number to conduct SMS marketing campaigns. If we do so, you can unsubscribe from receiving our SMS communications.

Social Media Data

Publicly available information. If you follow us or interact with us on social media, such as via our Facebook page, we may process your personal information for marketing or advertising purposes, subject to applicable laws, including those on consent.

4. How do we use “cookies”?

Billi uses both first-party and third-party cookies:

First-Party Cookies – First-party cookies are those that are issued by us, and they can only be set or retrieved by us. They are used for purposes specific to us, such as to personalize the Website.

Third-Party Cookies – Third-party cookies are placed on our Billi Website by other entities, such as to create new functionalities or conduct advertising.

We also conduct user tracking using mobile identifiers for functionality purposes, notably to enable user authentication and event tracking through Firebase. We also use Adjust for multiple purposes, including to tracks user actions such as how many times you open the app, how many bank connections you do, and whether you opted into marketing communications.
‍
We use the following types of cookies on the Billi Website.
‍
Essential

Essential cookies are necessary to operate the core functions of our Services. These include login cookies, session ID cookies, language cookies as well as security cookies.

Functional

Functional cookies are used to provide you with some functionalities and to remember preferences, consents and configurations.

Analytics

Analytics cookies are used to generate aggregated statistical data about traffic and behaviour of users when using our Services. We use Google analytics to keep track of how Billi is used.

Targeting Cookies

These cookies are used to deliver advertising more relevant to you and your interests. They are also used to limit the number of times you see an ad as well as to help measure the effectiveness of a campaign. Notably, we use Twitter, Facebook, Google DoubleClick and Microsoft cookies for advertising.

5. How do we use your personal information?

We collect your personal information when you interact with our Services and that we obtain from financial institutions to provide our Services.
‍
In the Billi App, you provide us with information from your accounts so we can help you (1) track your balances, bills and subscriptions, (2) check all your accounts in one place, and (3) visualize and add up your spending, among others.
‍
We also use data about your transactions to propose products that would interest you, for internal analytics purposes so we can improve our Services, and to conduct IBA to better market our products and Services.

6. Do you conduct interest-based advertising?

We conduct IBA on the Billi Website. This means that the ads that you are being served are personalized based on your behaviour when browsing online. Using retargeting cookies also allows us to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about. This is enabled through cookies and requires the processing of electronic data that is considered personal information under certain laws.
‍
If you are not comfortable with this, you can opt out of IBA by managing your cookies and other tracking technologies. Please see Section 7 of the Privacy Policy for an explanation of how to do this.
‍
We also conduct user tracking for advertising purposes in the Billi App if you opt in to receive such advertising.

7. Do you share my personal information with third parties?

Yes, we do share your personal information with third parties, as explained below. However, we do not sell your personal information to third parties.
‍
Financial Service Providers

We partner with some financial service providers to offer you the Services.

IT Service Providers

We use service providers to provide and host our Services online, such as Amazon Web Services to store data, you can find their privacy policy at AWS Privacy (amazon.com). We use Firebase for authentication on Billi App, you can find their privacy policy at Privacy and Security in Firebase (google.com).

Communication Service Providers

We use communication partners to send you emails, to manage our live chats and to send other communications.

Analytics and Performance Providers

We use third-party service providers to monitor and analyze the use of our Service. Notably, we use Google Analytics, Hotjar, UxCam and Adjust.

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Services. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

We use Hotjar to conduct web analytics on how users interact with our Services.

We use Adjust within the Billi App to record user events for business analytics.

We use UxCam within the Billi App to identify usability problems with our Services.

Marketing and Partners

We may use third-party service providers to market our Services, such as Salesforce and ActiveCampaign. We also use third party cookies such as Twitter, Facebook and Google DoubleClick for advertising purposes.

Business Transactions

We may disclose your personal information in connection with, or during negotiations of, any merger, sale of assets, financing or acquisition of all or a portion of our business by another entity or investors.

Business Partners

With your consent, if required by applicable laws, we may share your personal information with our business partners to offer you certain products, services or promotions, or as part of cross-referencing or promotional activities.

Law Enforcement
‍
Under certain circumstances, we may be required to disclose your personal information if required to do so by law or in response to licit requests by competent authorities. We only share personal information for these reasons when we are legally required to do so, and after we made our own verifications.

Other legal requirements

We may disclose your personal information if we are required to do so by applicable legal requirements, such as to:

• comply with a legal obligation;
• protect our rights and defend ourselves in a lawsuit or other proceedings;
• prevent or investigate possible wrongdoings in connection with the Services.

8. How can I manage my cookie preferences?

Browsers and devices have tools that allow you to control cookies; you can block them, ensure that you are notified when you are subject to cookies and control the cookies already stored on your device. However, if you block all of the cookies, you may not be able to access all the functionalities of the Service.

You can also use WebChoices, which is a browser-based tool for opting out of IBA. AdChoices provides additional solutions and explanations to control block and control cookies, as well as plug-ins to retain opt-out cookie preferences, even if you delete your cookies.
‍
Depending on the browser that you are using, different instructions are applicable. Click on your browser to have more information:
‍
‍Google Chrome
‍Firefox
‍Safari
‍Microsoft Edge

You can opt out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page at https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en.

Mobile identifiers are used for in-app advertising. If you use a device with an operating system of iOS14.5 or later, you will only be tracked for in-app advertising if you enable this feature.

9. Where and for how long do you store my personal information?

In accordance with the Personal Information Protection and Electronic Documents Act (“PIPEDA”), we retain personal information for as long as necessary to provide you with the Services, to perform our marketing campaigns effectively or as required by applicable laws, whichever is longer. We use both persistent and session cookies. Session cookies are deleted once you close your browser, whereas persistent cookies remain active on your device for some time. For instance, Google Analytics cookies remain installed on your device for 2 years.

We store your personal information on AWS servers in Canada. Your personal information may be collected, used and disclosed outside of Canada by our service providers, such as in the United States. We do not collect, use or disclose any sensitive information as part of the Services.

10. How do you keep my personal information safe?

We limit access to your personal information on a need-to-know basis. We use Flinks and/or Plaid to access your financial information. Flinks and Plaid use SOC2 security standards such as encryption and security testing.

We use AWS to store personal information; AWS is certified as compliant with ISO/IEC 27001 and ISO/IEC 27701 standard.

However, it is important that you also take precautions when using the Internet, especially when using public Wi-Fi, and to never share your account passwords.

11. Push notifications and marketing communications

If you have chosen to enable them, Billi App will send you push notifications. You can disable these at anytime by modifying your settings. If you opt-in to receive marketing communications, we will send you marketing communications such as our newsletter or emails promoting new or relevant products or services, unless you opt-out, which you can do at anytime by clicking on the unsubscribe button in our emails.

12. What are my rights regarding my personal information?

PIPEDA, or other applicable provincial privacy law, provides you with some rights over your personal information. Your rights vary depending on the laws that apply to your situation, and the specific circumstances of the request. Some of the rights that may apply to you include the following rights:Right to access your personal information; andRight to rectify your personal information if incorrect, incomplete, invalid or ambiguous.If you want to exercise one of these rights and the situation allows for such exercise, we will help you without additional charges. However, if you request a transcription, reproduction or transmission of your personal information, we may have to charge a reasonable fee to process your request, subject to applicable laws. In this case, we will contact you about these charges before addressing your request.

For security reasons and to avoid any fraudulent request, we may be required to ask that you provide a proof of identity with your request. After the request has been handled, we will securely delete such personal information.

If your request is denied, we will notify you in writing, and provide you with detailed motives and information on how to contest our decision. We will keep the relevant personal information until you have exhausted your options. In any event, we will respond to your request within thirty (30) days, unless agreed otherwise.

If you are located in Canada, note that the Office of the Privacy Commissioner of Canada drafted this FAQ to help you access your personal information when it is held by a business. You can also contact the Office of the Privacy Commissioner of Canada’s Information Center:
‍
Telephone 9:00 am to 4:00 pm EST Toll-free: 1-800-282-1376
‍
Mailing address Office of the Privacy Commissioner 30 Victoria Street Gatineau, Québec K1A 1H3
‍
You can also use this online form.
‍
If you have any issue with how we collect, store, use or disclose your personal information, or how we responded to your request, please let us know. We will do our best to improve our processes to make certain that it does not happen again. We will also provide you with additional information about our practices if you would like us to do so.
‍
If you are still not satisfied, you can lodge a complaint to the Office of the Privacy Commissioner of Canada, using this online form, or to your local privacy regulators.
‍
To exercise your right, you can simply reach out to us at hello@bill.app.
‍
To learn more about your rights under PIPEDA, you can visit the website of the Office of the Privacy Commissioner.

13. Can we update this Privacy Policy?

We may update this Privacy Policy from time to time, please ensure that you review it whenever you use our Service. Below is the latest update date.
‍
Last update: June 2022