biller.ca
Legal

Data Processing Agreement

Last updated: June 14, 2026

This Data Processing Agreement ("DPA") forms part of, and is subject to, the Terms of Service between Biller.ca ("Biller", "we", "us", or "our") and the business that uses the Service ("Customer", "you", or "your"). It applies whenever Biller processes Personal Information about your clients, your staff, or other individuals on your behalf in the course of providing the Service. Our handling of your own account information as a Biller user is described in our Privacy Policy.

For the personal information you collect and manage through Biller — principally information about your clients — you are the organization accountable for that information and Biller acts as your service provider, processing it only to provide the Service. This DPA records the commitments each of us makes so that both parties can meet their obligations under the Personal Information Protection and Electronic Documents Act (PIPEDA), substantially similar provincial privacy laws, and, where applicable, other data-protection laws.

1. Definitions

  • Personal Information means information about an identifiable individual that Biller processes on your behalf through the Service.
  • Data Subject means the individual to whom Personal Information relates — for example, one of your clients, a payer, or one of your authorized users.
  • Processing means any operation performed on Personal Information, such as collection, storage, use, disclosure, retention, or deletion.
  • Sub-processor means a third party engaged by Biller to process Personal Information in connection with the Service.
  • Applicable Privacy Laws means PIPEDA and any other privacy or data-protection laws that apply to your use of the Service.

Where this DPA refers to a "controller" and a "processor", those terms are used for clarity: you are the controller (the accountable organization) and Biller is the processor (your service provider).

2. Roles and Scope of Processing

Biller will process Personal Information only on your documented instructions, which are given by your configuration and use of the Service and by this DPA, unless we are required to process it by law (in which case we will inform you of that requirement unless the law prohibits it). The subject matter, duration, nature and purpose of the processing, the types of Personal Information, and the categories of Data Subjects are described in Schedule 1. You are responsible for ensuring that your instructions, and your collection and use of Personal Information through the Service, comply with Applicable Privacy Laws.

3. Biller's Obligations as Processor

Biller will:

  • process Personal Information only to provide and support the Service and only on your instructions and as described in this DPA;
  • not sell Personal Information, and not use it for our own independent purposes, for advertising, or to build profiles unrelated to the Service;
  • ensure that personnel authorized to access Personal Information are bound by appropriate confidentiality obligations and access it only on a need-to-know basis;
  • implement and maintain the technical and organizational security measures described in Schedule 2;
  • engage Sub-processors only in accordance with Section 5;
  • assist you, taking into account the nature of the processing, in responding to Data Subject requests (Section 8) and in meeting your security, breach-notification, and similar obligations under Applicable Privacy Laws; and
  • on termination, return or delete Personal Information in accordance with Section 11.

4. Your Obligations

As the accountable organization, you agree to:

  • have a valid legal basis and any required consents to collect Personal Information and to have Biller process it through the Service;
  • provide your clients and other Data Subjects with any notices required by Applicable Privacy Laws about how their information is handled;
  • ensure your instructions to Biller are lawful; and
  • keep the Personal Information in your account accurate and configure the Service appropriately for your business.

5. Sub-processors

You authorize Biller to engage the Sub-processors listed in Schedule 3 to process Personal Information in connection with the Service. We impose data-protection and confidentiality obligations on each Sub-processor that are appropriate to its role, and we remain responsible to you for their performance of those obligations. If we add or replace a Sub-processor, we will update Schedule 3 and, where required, give you a reasonable opportunity to object on reasonable data-protection grounds before the change takes effect.

6. Security Measures

Biller maintains technical and organizational measures designed to protect Personal Information against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures are described in Schedule 2. We may update them from time to time provided the overall level of protection is not materially reduced.

7. Personal Information Breaches

If Biller becomes aware of a breach of security safeguards that affects Personal Information processed on your behalf, we will notify you without undue delay and provide the information reasonably available to us to help you assess the breach and meet your obligations, including any obligation to report to the Office of the Privacy Commissioner of Canada or to notify affected individuals. As the accountable organization, you are responsible for determining whether the breach creates a real risk of significant harm and for making any legally required notifications, unless we agree otherwise in writing.

8. Assisting with Data Subject Requests

Data Subjects may have rights under Applicable Privacy Laws to access, correct, or request deletion of their Personal Information, or to withdraw consent. The Service provides tools that let you access, edit, export, and delete the Personal Information in your account so that you can respond to these requests directly. If a Data Subject contacts Biller about Personal Information we process on your behalf, we will, where permitted, direct them to you. Taking into account the nature of the processing, we will provide reasonable assistance to help you respond to valid requests.

9. Storage and International Transfers

Personal Information processed through the Service is stored and processed on infrastructure operated by our hosting and service providers, including Hetzner Online GmbH and Cloudflare, Inc. These and other Sub-processors — including any we engage in accordance with Section 5 but do not specifically name — may store or process Personal Information in any country where they maintain facilities, which may be inside or outside Canada. The locations indicated in Schedule 3 reflect our current understanding and may change as providers operate from different facilities. Where Personal Information is transferred to or processed in another jurisdiction, it may be subject to the laws of that jurisdiction, including lawful access by courts, law enforcement, or government authorities, and we take reasonable steps intended to protect it wherever it is processed.

10. Audits and Information

On reasonable written request, and no more than once per year unless required by a regulator or following a breach, Biller will make available information reasonably necessary to demonstrate our compliance with this DPA. Any audit will be conducted on reasonable advance notice, during business hours, in a manner that does not disrupt our operations or compromise the confidentiality or security of other customers' data.

11. Return and Deletion of Personal Information

You may export Personal Information from your account at any time while the Service is active. On termination of your account, Biller will delete the Personal Information associated with your account and businesses, except where retention is required by law or permitted under our Privacy Policy and the Terms of Service (for example, transaction records kept to meet tax record-keeping requirements). When you schedule account deletion, deletion takes effect after a grace period described in the Privacy Policy, after which associated records are permanently removed.

12. Liability

Each party's liability under or in connection with this DPA is subject to the limitations and exclusions of liability set out in the Terms of Service.

13. Term, Conflict, and Governing Law

This DPA takes effect when you accept the Terms of Service and continues for as long as Biller processes Personal Information on your behalf. If there is a conflict between this DPA and the Terms of Service regarding the processing of Personal Information, this DPA governs. This DPA is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein, consistent with the Terms of Service.

14. Contact

Questions about this DPA or our data-processing practices can be sent to:

  • Email: privacy@biller.ca
  • Website: https://biller.ca

Schedule 1 — Details of Processing

Subject matter and duration. Processing of Personal Information to provide the Service — accepting bookings, scheduling jobs, creating and sending invoices, and recording and reconciling payments — for as long as your account is active and during any retention period described in the Privacy Policy.

Nature and purpose. Collection, storage, organization, use, disclosure to the Sub-processors in Schedule 3, retention, and deletion, all for the purpose of operating your business on the Service.

Categories of Data Subjects:

  • Your clients and prospective clients (including people who submit booking requests or receive invoices)
  • Payers who send you payments (including Interac e-Transfer senders)
  • Your authorized users and staff who access your business in Biller

Types of Personal Information:

  • Contact and identity details — names, email addresses, phone numbers, company names, and billing or service addresses
  • Booking and job information — service requests, scheduling details, job notes, and any custom fields you define
  • Invoice and financial information — invoice contents, amounts, tax details, and payment records (amount, date, payer name, provider, and reference number)
  • Payment notification data — for Interac e-Transfers, the content and metadata of notification emails you or your bank forward to your unique Biller address
  • Account and access data — for authorized users, login identifiers, IP address, and browser user-agent recorded for security and audit purposes

Schedule 2 — Technical and Organizational Security Measures

Biller maintains measures including:

  • Encryption in transit: all connections to the Service are served over HTTPS with TLS, with HTTPS strictly enforced.
  • Credential protection: account passwords are stored using strong one-way hashing and are never stored in plaintext; two-factor authentication secrets and recovery codes are stored in hashed form.
  • Two-factor authentication: users may enable time-based one-time-password (TOTP) two-factor authentication on their account.
  • Session management: sessions use secure tokens, expire automatically after a fixed period, and can be reviewed and revoked by the user.
  • Tenant isolation: each business's data is logically separated and scoped so that users of one business cannot access another's data.
  • Access controls: access to production systems and Personal Information is limited to authorized personnel on a need-to-know basis.
  • Audit logging: significant actions on records are logged with the acting user, IP address, and user-agent to support investigation and accountability.
  • Log hygiene: sensitive parameters (such as passwords, tokens, and one-time-password secrets) are filtered out of application logs.
  • Inbound email authentication: Interac e-Transfer notification emails are checked for sender authenticity (including DKIM verification) and deduplicated before any payment record is created.
  • Abuse protection: public-facing forms are protected against automated abuse using a bot-protection challenge.
  • Hosting: data is hosted in access-controlled, professionally operated data-centre facilities.

Schedule 3 — Approved Sub-processors

Biller engages the following Sub-processors to process Personal Information in connection with the Service:

Sub-processor Purpose Personal Information processed Location
Hetzner Online GmbH Cloud hosting and database infrastructure All Service data at rest European Union
Stripe, Inc. / Stripe Payments Canada, Ltd. Card payment processing for invoices Payer name and email, payment amount and metadata, transaction identifiers Canada / United States
Broadcast (sendbroadcast.com) Outbound transactional email delivery Recipient name and email address, message content (e.g. invoices and notifications) United States
RenderScreenshot Rendering invoice PDFs and preview images Invoice content, including seller and purchaser names, addresses, and amounts United States
Cloudflare, Inc. Bot-protection challenge on public forms IP address, browser user-agent, challenge token Global
Apple Inc. "Sign in with Apple" authentication (optional) Apple user identifier and, if shared, email address United States
Inbound email relay Receiving Interac e-Transfer notification emails sent to your Biller address (may be operated on our own hosting infrastructure) Notification email content and metadata (sender name, amount, reference) Varies by provider

We also use Plausible Analytics for aggregate, privacy-focused usage measurement. Plausible is self-hosted on our own infrastructure, uses no cookies, and does not receive Personal Information about your clients, so it is not listed as a Sub-processor.