BillPro Ltd. (“BillPro”, “us”, “we”, or “our”) operates the business known as BillPro which provides products and services relating to e-invoicing and electronic payment transactions. The objective is to allow our merchant clients and their customers worldwide to process electronic payment transactions smoothly and securely. Our services are fully described on our website (the “Site”) with the URL https://bill.pro and related subdomains, including but not limited to app.bill.pro and marketing landing pages (collectively, the “Service”).

Security and data privacy are fundamental to how we operate, especially in the context of payment processing. BillPro processes Personal Data in accordance with the European General Data Protection Regulation 2016/679 (“GDPR”) and other applicable data protection laws.

This Privacy Policy explains:

1. What Personal Data we collect
2. How we use and share Personal Data
3. Your rights as a visitor, client, or user
4. How we store, secure, transfer, and retain Personal Data

Your use of the Service constitutes your agreement to this Privacy Policy.

---

Summary

• Data Controller: BillPro Ltd., Suite 1 Burns House, 19 Town Range, GX11 1AA Gibraltar
• We collect information you provide and information generated through your use of the Service
• The information is used to provide the Service, create accounts, process payments, and operate our platform
• You can request access, correction, deletion, and limitation of your Personal Data
• Contact: privacy@bill.pro

---

1. Definitions

Service

The services described and/or offered on https://bill.pro and its subdomains.

Activate Payments

An optional feature where the Client instructs BillPro to obtain a Merchant Account for accepting card payments.

Card Schemes

Visa, Mastercard, Discover, American Express, Diners Club, UnionPay, JCB, and related sub-brands.

Client

A customer of BillPro.

Client Customer

A customer of a Client.

Client Data

Personal data and other information stored by a Client or User in the Service.

Client Customer Data

Personal data submitted by Client Customers through Public Areas, payment forms, or integrated systems.

Cookies

Small files stored on your device.

Data Controller

The entity that determines the purposes and means of processing Personal Data. For most data described here, this is BillPro Ltd.

Data Processor

An entity processing Personal Data on behalf of a Data Controller.

Data Subject

A living individual whose Personal Data is processed.

Merchant Account

A payment acceptance account issued by a licensed Payment Processor.

Payment Card

Any debit or credit card used for a Payment Transaction.

Payment Gateway

The technical system that receives, stores, and moves Payment Card and Client Customer Data during Payment Transactions.

Payment Processor

A licensed Payment Institution and Principal Member of the Card Schemes.

Payment Transaction

An electronic payment made using a Payment Card.

Personal Data

Any information relating to an identifiable natural person.

Public Area

The parts of the Site accessible without authentication.

Restricted Area

The parts of the Service accessible only via login.

Usage Data

Data collected automatically from use of the Service.

User

An employee or representative of a Client using the Restricted Areas.

Visitor

An individual using the Public Areas.

---

2. Information Collection and Use

BillPro collects several categories of information for the purposes described below. Our legal basis under GDPR is:

• performance of a contract
• compliance with legal obligations
• legitimate interests
• consent (where required)

---

2.1. User-Provided Personal Data

When you interact with the Service or contact us, you may provide Personal Data such as:

• Email address
• First and last name
• Date of birth
• Phone number
• Address, country, and location details
• Billing information (payment method, billing address, transaction information)
• Connected account identifiers (Google, Facebook, PayPal, etc.)
• Cookies and Usage Data (IP address, device information, activity logs)

We may use your Personal Data to contact you with transactional emails, account-related information, or—where legally permitted—marketing communications. You may unsubscribe at any time.

---

2.2. Information Collected or Uploaded by Clients

Clients may upload or generate Client Data or Client Customer Data.
BillPro has no direct relationship with Client Customers and processes such data strictly on behalf of Clients.

Each Client is responsible for:

• informing its customers
• obtaining consents
• defining retention periods
• lawful collection of Personal Data

---

2.3. Merchant Account Application Data

When a Client selects Activate Payments, Merchant Account Application Data may be collected. This may include:

• Personal information (Directors, UBOs, management, employees)
• Identification data
• Tax and regulatory information
• Business documentation
• Banking details
• Compliance data
• Credit reference checks
• Financial statements
• Payment service/banking relationship data

Processing relies on Client-provided consent. Consent can be revoked, but prior processing remains lawful.

---

2.4. Information Provided by Client Customers or Visitors

Client Customers provide Personal Data when interacting with:

• checkout/payment flows
• public contact forms
• API-integrated merchant sites
• onboarding or registration forms
• subscription or notification forms

Clients are responsible for informing Client Customers and ensuring lawful processing.

---

2.5. Automatically Collected Information (Usage Data)

We automatically collect:

• IP address and geolocation
• Browser and device identifiers
• Session information
• Pages visited and time spent
• Clickstream data
• Diagnostic logs

This is used to improve performance, security, and analytics.

---

2.6. Location Data

We may process approximate or precise location data if you allow it in your device settings.

---

2.7. Tracking and Cookies

We use:

• Session cookies
• Preference cookies
• Security cookies
• Advertising cookies

You may disable cookies, but some Service features may not function.

---

3. How We Use Your Data

We use the data we collect to:

• Provide, maintain, and improve the Service
• Process payments
• Operate and support user accounts
• Deliver transactional communications
• Provide customer assistance
• Monitor and secure the Service
• Detect fraud and misuse
• Comply with legal requirements
• Generate aggregated analytics and performance metrics
• Send news, updates, and offers (subject to consent or legitimate interest)

---

4. Additional Use: Landing Pages, Lead Handling & Platform Account Creation

Our marketing landing pages may collect Personal Data such as:

• name
• email address
• phone number
• company name
• website
• IP and device information

This data is used to:

4.1. Automatically Create a Platform User at app.bill.pro

When you complete a contact form or lead form on a landing page, your basic information is securely sent to app.bill.pro to:

• create a provisional user account
• trigger basic onboarding emails
• enable optional activation flows (payments, invoicing tests, etc.)

4.2. Send Leads to Attio (CRM)

We send contact information to Attio for:

• pipeline management
• lead qualification
• customer relationship workflows

All processing is under GDPR-compliant terms.

4.3. Send Emails via Brevo

Brevo may receive:

• contact details
• marketing preferences
• event-based triggers

Used for transactional and onboarding communications.

4.4. Integrations with Google Services

We use:

• Google Analytics
• Google Tag Manager
• Google Ads / Remarketing
• Google Signals (if enabled)

These services may process:

• device data
• browsing behaviour
• conversions
• anonymized or pseudonymized identifiers

You may opt out through Google’s tools.

---

5. Legal Basis Under GDPR

BillPro may process your Personal Data because:

• we need it to perform our contract with you
• you consented to the processing
• it serves our legitimate interests and is not overridden by your rights
• we must process the data for payment processing
• we must comply with a legal obligation

---

6. Your GDPR Rights (EEA Residents)

You have the right to:

• access your Personal Data
• request correction or deletion
• withdraw consent
• object to processing
• restrict processing
• request portability
• lodge complaints with your local data protection authority

Contact: privacy@bill.pro

We may verify identity before processing requests.

---

7. Data Transfer and Storage

We store Personal Data on:

• Amazon Web Services (AWS) in Germany
• Payment Gateway Provider servers in the United Kingdom and Ireland

Data may be transferred internationally subject to GDPR-approved safeguards.

We ensure:

• encryption in transit and at rest
• contractual data protection commitments
• no transfer to jurisdictions lacking adequate protection unless lawful measures exist

---

8. Disclosure and Sharing of Personal Data

BillPro does not sell, license, or rent Personal Data.
We may share Personal Data:

8.1. To Satisfy Legal Requirements

Including compliance with court orders, legal obligations, fraud prevention, and protection of rights.

8.2. With Affiliates

Entities under common ownership or control.

8.3. With Partner Payment Processors

When Clients activate payment capabilities.

8.4. With Service Providers

Including:

• hosting providers
• IT and security services
• professional advisors
• CRM, email, and communications providers
• analytics and advertising partners

All under GDPR-compliant agreements.

8.5. In Corporate Transactions

Including mergers, acquisitions, insolvency, and asset transfers.

---

9. Security of Data

We use industry-standard security controls, including:

• encryption
• access controls
• network monitoring
• PCI-DSS Level 1 compliant systems for Payment Card Data

No system is fully secure; use of the Service is at your own risk.

---

10. Retention of Data

We retain Personal Data only as long as necessary for:

• providing the Service
• legal obligations
• accounting and tax requirements
• fraud prevention
• dispute resolution

Usage Data may be retained longer for security or analytics.

---

11. BillPro as Data Processor vs Data Controller

BillPro as Data Processor

For Client Customer Data and Payment Gateway data, BillPro processes data strictly on behalf of Clients.

BillPro:

• does not decide data collection purposes
• does not access Client Customer Data except when required for support or legal compliance
• is not responsible for Client handling of consent, notice, or disclosures

BillPro as Data Controller

BillPro is the Data Controller for:

• Client and User account data
• Merchant Account Application Data
• landing-page lead data
• marketing and communication data
• platform account creation

---

12. Service Providers

Payment Providers

• ACI Limited
  Privacy Policy: https://www.aciworldwide.com/privacy-policy

Analytics

• Google Analytics
  https://support.google.com/analytics/topic/2919631

Advertising

• Google Ads
  https://support.google.com/adspolicy/answer/6008942

Remarketing

• Google Ads Remarketing
  https://support.google.com/google-ads/answer/6316

---

13. Links to Other Sites

We are not responsible for third-party websites or privacy practices.

---

14. Children and Privacy

The Service is not intended for individuals under 18.
We do not knowingly collect Personal Data from children.

---

15. Changes to This Privacy Policy

We may modify this Privacy Policy at any time.
Changes become effective when posted.

Continued use of the Service after updates constitutes acceptance.

---

16. Contact Us

For questions about this Privacy Policy:

• Visit: https://bill.pro/privacy-policy
• Email: privacy@bill.pro

BillPro Ltd.
BillPro Ltd., Suite 1 Burns House, 19 Town Range, GX11 1AA Gibraltar.