YourBillBox LogoYourBillBox
Legal // App Verification Protocol

App Privacy
Policy

Last Updated: July 2nd, 2026

Google API Services User Data Policy Compliance:

DATA ACCESSED: When logging in via Google Sign-In, YourBillBox accesses your Google account email address, display name, and profile photo URL. We do not request or access any other scopes or Google user data (such as Google Drive, Calendar, or Gmail).

DATA USAGE: We use your Google email address for secure authentication, session management, and to uniquely identify your financial data vault. Display names and profile photos are used exclusively for personalizing the in-app user interface.

DATA SHARING: Google user data is strictly private and is never sold, leased, or shared with third parties for marketing or advertising. We only store this data on secure Google Cloud Firebase database systems.

DATA STORAGE & PROTECTION: Your data is safeguarded using Google Cloud's enterprise-grade encryption standard. Data is encrypted in transit (TLS/SSL) and at rest.

DATA RETENTION & DELETION: Your profile data is stored only as long as your account is active. To permanently delete your data and revoke access, you can use the in-app "Delete Account" function.

01 Introduction

At Omnity Labs Inc. ("Company," "we," "us," or "our"), your privacy is our priority. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the YourBillBox application (available on iOS, Android, and Web) and its associated services.

02 Information We Collect

We collect information that identifies, relates to, describes, or could reasonably be linked to you ("Personal Data") in the following categories:

  • // Account Data:

    Your email address, display name, secure hashed password, and optional profile picture.

  • // Customer Support Data:

    Information provided when submitting support tickets.

  • // User-Generated Financial Data:

    When you upload bills, receipts, or invoices, our systems use AI to extract data (merchant details, transaction dates, totals, taxes). You remain the sole owner and data controller of this information.

  • // Optional Email Inbox Service:

    If opted-in to the @billboxmail.com alias, we collect and process incoming emails routed to your designated alias.

  • // Automatically Collected Data:

    System metadata (account status, storage quotas) and device info necessary for push notifications.

  • // Financial & Subscription Data:

    In-app purchases are processed securely through Apple and Google. We do not collect or store credit card details; we only receive a secure token and subscription status.

03 How We Use Your Information

We use your data to:

  • //Provide, maintain, and secure the YourBillBox application.
  • //Process and parse uploaded documents via AI.
  • //Communicate essential updates, security notices, and password resets.
  • //Authenticate users, prevent fraudulent actions, and ensure platform safety.
  • //Monitor system health and improve extraction parsing accuracy. (Your data is never sold or used for external advertising).

04 Automated Processing and Content Moderation

  • AI Data Extraction: We utilize secure, isolated AI processing environments to read and extract structured fields from uploaded documents and emails.
  • Content Moderation: Files are automatically screened for prohibited or explicit materials. Flagged files are quarantined. Accumulating three (3) moderation violations results in automated, permanent account disablement.

05 How We Share Your Information

We share information only under strict control in these circumstances:

  • //Service Providers: Cloud hosting, database, email, and AI partners bound by strict Data Processing Addendums (DPAs).
  • //Legal Mandates: Where required by law, court order, or official governmental requests.
  • //Business Transfers: Standard data asset transfer in the event of an acquisition or merger.

06 Data Erasure and Deletion Procedures

In accordance with global privacy standards, including the Right to Erasure, we provide a secure, user-initiated account deletion process. Your data is kept only as long as necessary to provide our Services, and we employ a strict data minimization protocol upon account termination.

The Deletion Timeline and Right to Erasure

  • // Initiation & Grace Period: Upon requesting account deletion, your profile is immediately suspended. A strict 7-day grace period begins, during which your data remains frozen but intact.
  • // Irreversible Execution: After exactly 7 days, the recovery window permanently closes. Following a 24-hour system buffer to ensure data integrity, the hard-deletion execution occurs on the 8th day, permanently erasing your personal information across all systems.

Comprehensive Data Erasure Inventory

When the hard-deletion execution occurs, our cascading deletion protocol irreversibly purges your data from our primary document stores, relational databases, object storage, and linked communications networks. This includes:

  • // Core Account Profile: All root profile information, authentication records, usage history, and secure credentials.
  • // Financial & Bill Records: All uploaded document scans, receipts, invoices, metadata, and extracted data points.
  • // Extracted Items & Reminders: Individual line items parsed from bills, push notifications, and system alerts.
  • // Relational & Analytical Data: Synced transaction histories, structured tables, search embeddings, and vector data stored in external processing databases.
  • // File Storage Objects: All physical files, imagery, PDFs, and profile pictures held in object storage.
  • // Communications Data: Incoming email archives, raw message logs, attachments, and the complete de-provisioning of your custom email routing CDN alias.

Shared Resources and Collaborative Data

  • // Personal Storage: Folders and storage buckets where you are the sole owner are permanently deleted in their entirety.
  • // Shared Storage: If you are a member of a shared folder with other active users, the folder and its contents will remain active to prevent disruption to surviving members. However, your membership rights will be permanently terminated, and your identity will be completely unlinked from the shared resource.

Data Minimization and Audit Logs

Following the erasure process, we retain a static, permanent record of the deletion request strictly for security tracking, system audit trails, and compliance analytics. This log is completely anonymized and stripped of all personal identification information, ensuring you can no longer be identified.

07 International Data Transfers

We utilize cloud servers located primarily in the United States (US Central region). For EEA/UK users, we protect all transfers through Standard Contractual Clauses (SCCs).

08 Your Global Privacy Rights (GDPR, CCPA)

Depending on your location, you have the right to Access, Correct, Delete, or Port your data. To exercise these rights, please contact us at [email protected].

09 Children's Privacy

Our application is intended for adult financial management and is not directed at children under the age of 13.

10 Data Security

We secure data with access control tokens, OAuth verification, encrypted network connections, and database rules ensuring distinct user data isolation.

11 Contact Us

For any inquiries regarding our practices, please contact our Compliance Officer at:

Omnity Labs Inc.

Email: [email protected] / [email protected]