biller.ca
Legal

Privacy Policy

Last updated: June 14, 2026

Biller.ca ("Biller", "we", "us", or "our") is committed to protecting the privacy of our users ("you" or "your"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business operations and invoicing service at biller.ca (the "Service"). The Service helps Canadian service businesses accept booking requests, schedule jobs, send invoices, and track payments. Biller operates in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian privacy legislation.

By using the Service, you consent to the collection and use of your information as described in this policy. If you do not agree with this policy, please do not use the Service.

1. Information We Collect

Account Information

When you create a Biller account and set up a business, we collect:

  • Your name and email address
  • Password (stored in hashed form; we never store plaintext passwords)
  • Business details you choose to provide, such as business name, contact information, logo, services, and pricing
  • If you enable two-factor authentication, a secret used to verify your login codes

A single account can own or belong to more than one business. Information is kept separate per business so that members of one business cannot see another's data.

Information About Your Clients

To run your business operations, you store information about the people you serve — your clients. This may include their names, email addresses, phone numbers, service addresses, booking requests, job notes, and invoice and payment history. Some of this is entered by you, and some is provided directly by your clients when they book through your public booking page or fill out an invoice.

With respect to your clients' personal information, you are the organization responsible for that data and Biller acts as your service provider, processing it on your behalf to provide the Service. You are responsible for collecting and handling your clients' information in compliance with applicable privacy laws, including obtaining any consents required.

Payment and Financial Data

Biller records payments your business receives across several methods — card payments, Interac e-Transfer, PayPal, and manual entries (such as cash or cheque) — and matches them to your invoices. Depending on the method, we store details such as the payment amount, date, payer name, provider, and a reference number.

If you connect a Stripe account, card payments are processed by Stripe and we receive transaction records (such as amounts, dates, and charge identifiers) to reconcile against your invoices. We never receive or store full card numbers.

If you forward Interac e-Transfer notification emails to your unique Biller address, we parse them to record incoming payments. From these emails we extract and store the payment amount, sender name, date and time, financial institution name, and Interac reference number. We retain the raw email content temporarily for processing accuracy and dispute resolution (see Data Retention below).

We do not have access to your bank account, banking credentials, or the ability to initiate or intercept any financial transactions. Interac e-Transfer notification emails are informational only and cannot be used to transfer money.

Automatically Collected Information

When you access the Service, we may automatically collect certain technical information, including your IP address, browser type, operating system, referring URLs, and pages viewed. This information is used to maintain security, improve the Service, and diagnose technical issues.

2. How We Use Your Information

We use the information we collect to:

  • Operate your booking page, schedule, invoices, and payment records
  • Record payments and match them to the right invoices
  • Generate and send invoices and receipts to your clients
  • Provide reports, GST/HST summaries, and tax-time export data
  • Send service-related notifications to you and, at your direction, to your clients
  • Maintain and improve the Service
  • Respond to your support requests

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

3. How We Share Your Information

We may share your information only in the following limited circumstances:

  • Service providers: We use third-party services to operate Biller, including transactional email delivery (Broadcast), card payment processing (Stripe), invoice PDF rendering (RenderScreenshot), bot protection on public forms (Cloudflare Turnstile), and hosting (Hetzner). When your clients pay you through Stripe, that provider handles the payment under its own terms and privacy policy. These providers only access the data needed to perform their services. A current list of our sub-processors is maintained in our Data Processing Agreement.
  • Legal requirements: We may disclose your information if required to do so by law, regulation, or legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4. Data Storage, Location, and Security

Your data is stored and processed on infrastructure provided by our hosting and service providers, which currently include Hetzner and Cloudflare. These and other service providers we use — including providers not specifically named in this policy — may store or process data in any country where they maintain facilities. As a result, your information may be stored or processed outside your province or outside Canada, and may be subject to the laws of those jurisdictions, including lawful access requests by courts, law enforcement, or government authorities. We select providers we consider reputable and take reasonable steps to protect your information wherever it is handled.

We take reasonable technical and organizational measures intended to protect your personal information, which generally include:

  • Encryption of data in transit using TLS
  • Strong one-way hashing of passwords and two-factor authentication secrets
  • Logical separation of each business's data
  • Access controls limiting who can access your data, on a need-to-know basis
  • Audit logging of significant actions taken on your records

The Service is provided on a reasonable-effort basis. While we take reasonable measures to protect your information, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security. Our liability in connection with the Service is limited as described in our Terms of Service.

5. Data Retention and Deletion

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account and business data: Retained until you delete your account or business.
  • Invoice, payment, and transaction records: Retained for a minimum of 7 years to support Canadian tax record-keeping requirements, unless you request earlier deletion.
  • Raw email content: Retained for 90 days after processing, then permanently deleted. Parsed data (amounts, dates, sender names) is retained separately.

You may request deletion of your account and associated data at any time by contacting us at privacy@biller.ca. We will process your request within 30 days, subject to any legal obligations requiring us to retain certain records.

6. Your Rights Under PIPEDA

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct any inaccurate or incomplete personal information.
  • Withdrawal of consent: Withdraw your consent to our collection and use of your information, subject to legal or contractual restrictions.
  • Complaint: File a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.

To exercise any of these rights, contact us at privacy@biller.ca. We will respond to your request within 30 days.

7. Cookies and Tracking

Biller uses essential cookies required for the Service to function (such as session cookies for authentication). For analytics, we use Plausible, which we self-host on our own infrastructure. Plausible measures aggregate usage without cookies and without collecting personally identifiable information, and your data is never shared with or sold to third parties. We do not use third-party advertising cookies or cross-site tracking. For more detail, see our Cookie Policy.

8. Children's Privacy

Biller is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete that information promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time at our discretion. When we do, we will post the updated policy on this page and revise the "Last updated" date. We may, but are not obligated to, notify you of significant changes by email. You are responsible for reviewing this Privacy Policy, our Terms of Service, and our other legal pages periodically for updates. Your continued use of the Service after any change constitutes your acceptance of the updated policy.

10. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

  • Email: privacy@biller.ca
  • Website: https://biller.ca

You may also contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca if you have concerns about how your personal information is being handled.