✦ Legal ✦
Last updated: March 1, 2026
KillMyBill ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights with respect to that information. By using the Service, you agree to the collection and use of information in accordance with this policy.
We collect the following categories of information: Account information: When you sign in with Google, we receive your name, email address, and profile picture URL from Google. We store your name and email in our database to associate your letters with your account. Bill images: When you upload a bill, the image or PDF is transmitted to our AI analysis providers for processing. Images are not permanently stored on our servers. Generated letters: If you are signed in, the dispute letters we generate on your behalf are stored in our database linked to your account, so you can access your history. Payment information: When you make a payment, Stripe processes your card details directly. We store only a payment record (amount, status, and Stripe session ID) in our database — we never receive or store your full card number. Usage data: We may collect standard server logs including IP addresses, request timestamps, and error events for security and rate limiting purposes.
We use the information we collect to: - Provide and improve the Service - Generate dispute letters based on your uploaded bill - Authenticate your account and maintain your session - Process payments and send confirmation emails - Enforce rate limits and prevent abuse - Monitor errors and service health via Sentry - Respond to support requests
Bill images you upload are transmitted to third-party AI providers — Anthropic (Claude) and/or OpenAI (GPT-4o) — for analysis. These providers process the image to extract bill details such as provider name, amount, and account number. These providers have their own privacy policies and data retention practices. We encourage you to review: - Anthropic's Privacy Policy at anthropic.com/privacy - OpenAI's Privacy Policy at openai.com/policies/privacy-policy We do not control how these providers handle your data after it is transmitted to them for processing. We transmit only the minimum data necessary for analysis.
We use the following third-party services: Stripe: Payment processing. Stripe receives your payment card details directly. We store only a payment confirmation record. See stripe.com/privacy. Google OAuth: Account authentication. When you sign in with Google, we receive your name, email, and profile picture. See policies.google.com/privacy. Lob: Physical letter mailing. If you choose to mail a letter, your name and mailing address are transmitted to Lob. See lob.com/privacy-policy. Resend: Email delivery. If you choose to email a copy of your letter, your email address is transmitted to Resend. See resend.com/legal/privacy-policy. Upstash: Rate limiting. Request IP addresses are used as rate limit keys in Upstash Redis. See upstash.com/trust/privacy.txt. Sentry: Error monitoring. Anonymized error events and stack traces may be sent to Sentry. See sentry.io/privacy.
Account data (name, email): Retained while your account is active. Deleted upon account deletion. Generated letters: Retained while your account is active to support your letter history. Deleted when your account is deleted. Payment records: Retained as required for financial record-keeping and legal compliance. Server logs: Retained for a limited period for security and debugging purposes, then deleted automatically. Bill images: Not retained. Images are processed in memory and discarded after analysis.
We implement security measures to protect your information, including: - HTTPS encryption for all data in transit - Parameterized database queries to prevent SQL injection - Authentication required for access to your personal letter history - Rate limiting to prevent abuse - Content Security Policy headers to mitigate XSS attacks No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
Depending on your location, you may have the following rights: - Access: Request a copy of the personal information we hold about you - Deletion: Request that we delete your account and associated data - Correction: Request correction of inaccurate personal information - Portability: Request your data in a machine-readable format To exercise any of these rights, contact us through our website. We will respond within a reasonable timeframe.
We use browser local storage to temporarily store your bill analysis and generated letter within your current session. This data is stored only in your own browser and is not transmitted to our servers unless you are signed in and choose to save your letter. Authentication sessions use secure, HTTP-only cookies managed by NextAuth. We do not use tracking cookies or third-party advertising cookies.
The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the date at the top of this page. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.
If you have questions or concerns about this Privacy Policy or our data practices, please contact us through our website. We take privacy inquiries seriously and will respond promptly.
Also read our Terms of Service
Back to KillMyBill