Privacy Policy

1. Information we collect

a) Account information

When you sign up or join the waitlist, we collect your email address. If you authenticate via Google OAuth, we also receive your Google account name and profile picture as part of the standard OAuth response.

b) Gmail data (read-only)

When you connect your Gmail account, we request access under the https://www.googleapis.com/auth/gmail.readonly OAuth scope. This allows us to:

• Read email subjects, sender addresses, and body content
• Identify emails related to subscription billing, renewals, and receipts
• Extract billing amounts, service names, and renewal dates from those emails

We do not read, store, or process emails unrelated to billing or subscriptions. We do not access contacts, drafts, sent mail, or calendar data.

BeforeItBills' use of data obtained via Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

c) Usage data

We collect standard analytics data including pages visited, time on site, browser type, and device type via Vercel Analytics. This data is aggregated and not linked to your identity.

2. How we use your data

• To detect and display your upcoming subscription charges
• To send you pre-charge notifications (if enabled)
• To send product updates and early access announcements to waitlist members
• To improve the accuracy of our billing detection algorithms
• To operate, maintain, and improve the service

We do not use your Gmail data to serve advertisements, build advertising profiles, or sell to third parties. We do not allow humans to read your emails except where required by law or where you explicitly request support and provide consent.

3. Data storage and retention

Extracted billing data (service name, amount, renewal date) is stored in our database hosted on Supabase, which uses infrastructure located in the United States.

We retain your data for as long as your account is active. If you disconnect your Gmail account or delete your account, all associated email-derived data is deleted within 30 days.

Raw email content is processed in memory and is not persistently stored. We store only the structured billing data extracted from those emails.

4. Data sharing and third parties

We share data with the following third-party services to operate the product:

• Supabase — database hosting (stores account and billing data)
• Resend — transactional email delivery (receives your email address to send confirmation and notification emails)
• Vercel — hosting and analytics (aggregated, anonymised usage data)
• Google — OAuth authentication and Gmail API access

We do not sell, rent, or share your personal data or Gmail data with any other third parties.

5. Your rights and controls

You have the right to:

• Access — request a copy of the data we hold about you
• Deletion — request deletion of your account and all associated data
• Disconnection — revoke Gmail access at any time via your Google Account permissions page
• Correction — request correction of inaccurate data
• Portability — request an export of your data in a structured format

To exercise any of these rights, email us at privacy@beforeitbills.com. We will respond within 30 days.

6. Security

All data is transmitted over HTTPS. OAuth tokens are encrypted at rest. We do not store your Google account password. Access to production data is restricted to authorised personnel only.

7. Children

BeforeItBills is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe we have inadvertently collected such data, contact us at privacy@beforeitbills.com and we will delete it promptly.

8. Changes to this policy

We may update this policy as the product evolves. Material changes will be communicated via email to registered users at least 14 days before taking effect. The date at the top of this page reflects the most recent revision.

9. Contact

Questions about this policy: privacy@beforeitbills.com