Privacy Policy

This Privacy Policy applies to personal information processed by deezbills inc. ("deezbills," "we," "us," or "our"), including through our website, the deezbills application, and any related services. We may revise this Privacy Policy from time to time. If there are material changes, we will notify you as required by applicable law. If you continue to use our services after the updated Privacy Policy takes effect, you will be deemed to have accepted the changes.

We collect information you provide when creating your account and using deezbills, including your name, email address, password, phone number (if you enable SMS), and timezone. During onboarding, we collect demographic and lifestyle information such as your city, province or state, country, housing situation, monthly housing cost, number of adults and children living with you, vehicle and pet ownership, spending personality, age group, student status, employment type, financial goals, financial confidence, income stability, debt situation, and emergency fund status. We also collect the financial information you enter into the service, including account details, expenses, income sources, budgets, and goals. If you connect your Gmail account, deezbills accesses limited Gmail message data needed to identify financial emails, including message headers, sender information, subject lines, body text, and structured data embedded in messages. deezbills does not fetch attachment data through this Gmail integration. If you enable SMS, we record your consent timestamp and IP address for compliance purposes. We automatically collect usage data through cookies, local storage, and sessions.

We use your information to operate and improve the service, authenticate your identity, process payments through Stripe, send account notifications and security alerts, deliver SMS messages you have opted into, power AI features such as Fred (expense categorization, financial insights, document parsing, and conversational financial assistance), personalize your experience based on your financial profile and preferences, and comply with legal obligations. For connected Gmail accounts, we use Gmail data only to identify financial documents, extract and normalize relevant billing or transaction details, create user-facing records in the app, prevent duplicate imports, maintain audit and security logs, and support connection management, retry, and deletion workflows. We may also use your information to send service-related emails such as payment confirmations, billing reminders, and security notifications.

We share your information with third-party service providers solely to operate the service. These providers include cloud infrastructure providers for hosting and data storage, artificial intelligence providers for powering Fred and other AI features (we may change providers at any time), Stripe for payment processing, Twilio for SMS delivery, Resend for email delivery, and Google for authentication (OAuth). For Gmail-connected accounts, relevant Gmail content and derived financial metadata may be processed by infrastructure and artificial intelligence service providers acting on our behalf solely to provide the user-facing features of deezbills. We do not sell Gmail data or other personal information. We do not use Gmail data for advertising, and we do not use Gmail data to train third-party AI models. We do not allow humans to read Gmail data except with your affirmative consent, when necessary for security or abuse prevention, or when required by law. We may also disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect the rights, property, or safety of deezbills, our users, or others.

If you choose to connect your Gmail account, deezbills requests the gmail.readonly scope through a dedicated Gmail OAuth client that is separate from Google sign-in. We access message data only to detect bills, statements, receipts, and other financial emails and to turn that information into features visible in the deezbills interface. We do not read, store, or process emails unrelated to financial document detection, and we do not fetch attachment data through this Gmail integration. deezbills does not store raw Gmail message bodies or attachment files as part of this integration. deezbills may store derived records and processing metadata such as Gmail message IDs, sender domain or display name, normalized subject, parsed financial fields, billing-document records, expense records, processing status, and audit logs needed to operate the feature. Gmail tokens are encrypted at rest. You can revoke Gmail access at any time through your Google account settings or within the deezbills application.

The use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. deezbills uses Gmail data only to provide or improve user-facing features that are visible and prominent in the app, such as detecting financial emails, extracting billing details, and creating records you can review inside deezbills.

deezbills uses third-party artificial intelligence providers to power features such as expense categorization, financial insights, receipt and statement parsing, and Fred conversations. Your financial data may be sent to these providers for processing. We are provider-agnostic and may change AI providers at any time without notice. We do not use your data to train third-party AI models. AI-generated content, including responses from Fred, may be inaccurate, incomplete, or outdated and does not constitute financial advice.

If you join or create a Space within deezbills, certain financial data may be visible to other Space members. Shared data may include budgets, financial accounts (when you enable per-account sharing), income sources, goals, expenses, and categories within a shared Space. You control which accounts are shared. You may leave a Space at any time, which revokes other members’ access to your shared data.

Subscription payments are processed by Stripe. Your credit card number and payment credentials are sent directly to Stripe and are never stored on our servers. We receive from Stripe only the information necessary to manage your subscription, such as subscription status, billing period, and a truncated card identifier. Stripe’s handling of your payment information is governed by Stripe’s own privacy policy and PCI-DSS compliance.

We implement a variety of security measures to protect your personal information. Sensitive personal data such as email addresses, phone numbers, and authentication secrets are encrypted at rest using AES-256-GCM encryption. All data is transmitted via TLS/SSL. We use additional envelope encryption with cloud key management for highly sensitive data. Despite these measures, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

You may request to access, update, correct, or delete your personal information by contacting us or through your account settings. You can change your communication preferences, disable SMS, disconnect Gmail, or close your account at any time. When you delete your account, your data is permanently deleted immediately. If you are in the EEA, you have additional rights under GDPR including the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority. If you are a California resident, you have rights under CCPA including the right to know, the right to delete, and the right to opt out of the sale of personal information. We do not sell your personal information.

deezbills is a federally incorporated Canadian corporation. Your data is stored and processed on infrastructure located in Canada and the United States (including Google Cloud Platform). If you access the service from outside these countries, your information may be transferred to, stored, and processed in Canada or the United States. By using deezbills, you consent to such transfers.

deezbills is not intended for anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under 18. If you are a parent or guardian and become aware that your child has provided us with personal data, please contact us and we will take steps to remove that information.

We retain your personal information only for as long as necessary to provide the service to you and to fulfill the purposes described in this policy. Gmail OAuth tokens are retained only while your Gmail connection remains active and are deleted when you disconnect the connection. Processed Gmail metadata linked to imported expenses is generally retained for up to 90 days. Certain non-imported processing records may be retained for up to 365 days to support retry, deduplication, audit, and abuse-prevention needs. Billing documents, expenses, and other records created inside deezbills from Gmail-derived data may remain in your account until you delete them or delete your account. Disconnecting Gmail revokes future access and deletes the Gmail connection plus associated processing records, but imported records you choose to keep in deezbills may remain until separately deleted. When you delete your account, your data is permanently deleted immediately. We may retain certain information as required by law or for legitimate business purposes such as resolving disputes or enforcing our agreements.

deezbills uses essential cookies for authentication and session management, local storage to persist your application preferences and state, and sessions to maintain your authenticated state. We may use first-party product analytics and event telemetry to understand how the service is used and improve the product. We do not use advertising cookies, marketing cookies, or third-party tracking pixels. You can disable cookies in your browser settings, but some functionality may become unavailable. See our Cookie Policy for more details.