1. Information We Collect
WHAT WE COLLECT
- Account Information — your name and email from Google Sign-In, or your phone number if you sign in with phone instead, or if you link a phone number as a backup sign-in method for account recovery.
Why: To identify you, let you sign in by an alternate method if you lose access to your primary one, and link your bills to your account on our server.
- Push Notification Token — a Firebase Cloud Messaging (FCM) device token, stored on the backend server against your account.
Why: To deliver alerts about share access requests, approvals, denials, and expiry directly to your device.
- Bill Data — text extracted from scanned bills by AI: vendor/shop name, bill number, date, amounts (subtotal, taxes, total), GST, category, currency, store location/address, and seller contact details (phone, email).
Why: This data powers bill summaries, category breakdowns, spending analysis, and charts across members.
- Member Names — display names you create for each member in your group.
Why: To let you categorize and view bills per member.
- Manual / Unbilled Spending Entries — for cash purchases or any spend with no receipt, you can manually enter the vendor/place name, date, category, item names with quantity and rate, total amount, an optional transaction reference (UPI/UTR), and an "Exclude from Price Trends" flag you set.
Why: To let you track all your spending — not just scanned bills — in one place, with the same duplicate-detection, category, and analytics features.
- Location (optional) — when you tap "Use current location" while adding a manual entry, the app requests your device's location (with your permission) and converts it into a nearby place/locality name. Your raw GPS coordinates are not stored — only the resulting place name is saved.
Why: To make recording where a cash spend happened quick and accurate without typing it manually.
- Shopping List Items — items you add to your shopping list: the item name, quantity, category, and (if added from a bill) the source bill's vendor name.
Why: To help you keep a running shopping list shared across all member tabs in your account.
- Monthly Usage Counts — the number of bill scans and manual entries submitted in the current calendar month (UTC) is tracked on the backend server.
Why: To enforce fair-use monthly limits (30 scans and 30 manual entries per account per month) and display the remaining count in the app. Counts reset automatically on the 1st of each month.
- QR Share Codes & Access Requests — when you generate a QR code for a member, the member's display name and an internal account identifier are encoded and registered on the backend. When someone scans it, an access request is sent to your device for you to approve or deny, along with your chosen duration and Strict setting.
Why: To allow controlled, revocable, time-limited read-only access without sharing your account credentials.
- Invite Codes — when you generate a short invite code, the code, your owner key, display name, and expiry timestamp are stored on the backend. The same request/approval flow as QR sharing is used.
Why: To allow remote sharing without physical proximity for QR scanning.
- Blocked Requesters — if you block someone, their account identifier and display name are kept in a blocklist tied to your account until you unblock them.
Why: To prevent a specific person from sending further access requests after you've revoked their access.
- Cross-Account Duplicate Flags — if you have an active sharing relationship with another account, the app compares key bill details (vendor, date, amounts, bill number, reference number, GSTIN) to detect likely duplicates. If a match is found, a "possible duplicate" flag is stored on the relevant bill record.
Why: To help avoid double-counting the same purchase when it's recorded on both sides.
- Authentication Token — a Firebase ID token stored locally on your device.
Why: To keep you securely signed in. Never shared with third parties.
- Crash Reports — anonymous crash logs (stack trace, device model, Android version) via Firebase Crashlytics.
Why: To detect and fix bugs.
- Scan Quality Events — anonymous outcome counts only: success, duplicate, re-scan, or failure (with reason). No bill content is included.
- App Usage Events — anonymous records of which screens you visit and which features you use, via Firebase Analytics. No bill content, amounts, vendor names, or personal data are included.
WHAT WE DO NOT COLLECT
- Bill images or files — images are used solely for extraction and are not intentionally retained after processing.
- Your personal details from bill content — customer name, delivery address, account number, or any buyer-side information printed on a bill is not extracted or stored.
- General device telemetry — no contact list, browsing history, or device identifiers beyond what Firebase Analytics, Crashlytics, and Google Sign-In collect as described in this policy (see Section 4).
2. How We Use Your Information
- Authenticate you securely using Google Sign-In or phone sign-in via Firebase Authentication
- Transmit bill images to the backend server solely for AI-assisted text extraction — images are not intentionally retained after processing
- Store and organize extracted bill data on the app's backend server
- Cache extracted bill data locally on your device for offline access
- Provide spending summaries, category breakdowns, chart insights, and price trend analysis
- Record manual/unbilled cash spending entries alongside your scanned bills
- Convert your device's location into a place name, only with your permission, to pre-fill the Place field for manual entries
- Maintain a shopping list for your account — shared across all your member tabs
- Track your monthly scan and manual entry counts to enforce fair-use limits and display the remaining count in the app
- Manage member profiles and allocate bills to members
- Send the access request to your device when someone scans your QR code or enters your invite code, and let you approve, deny, revoke, or block that request
- Enable read-only bill access for people whose request you've approved — no scan, edit, or delete access is granted to them
- Send push notifications (via Firebase Cloud Messaging) about access requests, approvals, denials, and expiry
- Compare bill details with bills from accounts you have an active sharing relationship with, to flag possible duplicate entries
3. Data Storage & Location
- App backend server: Extracted bill data (text only, no images) is stored on the app's backend server hosted on Railway (US West — San Francisco region)
- Manual/unbilled entries: Stored the same way as scanned bill data — text only, on the backend server and in your offline cache
- Shopping list items: Stored on the backend server, scoped to your account — shared across your member tabs but not visible to anyone you've granted read-only access to
- Monthly usage counts: Stored on the backend server against your account identifier for the current calendar month. Counts reset automatically on the 1st of each month.
- Cross-account duplicate flags: Stored alongside the relevant bill record; cleared automatically when sharing access is revoked or a shared member is removed
- Share access requests, approvals, and blocklist: Stored on the backend server against your account
- Invite codes: Stored on the backend server with your owner key, display name, and expiry. Codes expire after 7 days.
- Push notification token: Your device's FCM token is stored on the backend server so it can deliver share-related alerts
- On-device offline cache: Bill data is cached locally so the app works without internet. This cache is cleared when you sign out or manually clear it from Settings. Note: this local cache is not encrypted at rest.
- On-device settings & preferences: Your sign-in state, app settings, bill notes, and favourites are saved in encrypted storage on your device
- AI processing: Bill images are transmitted to Google Gemini AI solely for text extraction. Google's handling of data is governed by Google's Privacy Policy.
- Gallery: Scanned images are saved to your phone gallery by default. You can disable this in Settings under "Save to Gallery".
- We do not sell your personal data. Data is only shared with service providers to operate and improve the app.
4. Third-Party Services
- Google Sign-In & Firebase Authentication: For secure sign-in, including optional phone number sign-in or phone-based account recovery
- Firebase Cloud Messaging: For delivering push notifications about share access requests, approvals, denials, and expiry
- Firebase Crashlytics: Anonymous crash reporting — stack trace, device model, Android version only. No personal data or bill content.
- Firebase Analytics: For anonymous app usage measurement and improvement. No bill content or personal data is included.
- Google ML Kit (Barcode Scanning): For on-device QR code scanning. The model runs entirely on your device — scan data is not sent to Google.
- Google Gemini AI: For extracting bill details from images (processed via the app's backend server in Google Cloud — US region)
- CameraX & UCrop: Android libraries for camera capture and image cropping — all processing is on-device
These services are governed by their own privacy policies. We use them in compliance with Indian data protection laws.
5. Your Rights
Compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable Digital Personal Data Protection Rules, 2025.
You have the right to:
- Access your data: View all your bills and account information directly in the app
- Delete your data: Delete any bill at any time; deleted bills are immediately removed from the active database
- Correct your data: Re-scan the original bill to re-extract accurate data. For manual/unbilled entries, delete and re-add with corrected details.
- Control image storage: Disable "Save to Gallery" in Settings to stop scanned images from being saved to your phone gallery
- Data portability: Export your data directly from the Trends screen (PDF or Excel) or from Settings → Account (CSV or PDF)
- Revoke or block shared access: From the Share screen for a member, you can Revoke a person's access or Block them. Both take effect immediately on the server.
- Withdraw consent: Sign out to remove your local session. To delete your account and all associated data, use "Delete Account" in Settings. All your bills, members, and account data are removed from our active database immediately; residual copies in automatic backup snapshots are purged within 30 days. A pseudonymised audit record (hashed identifiers only — no personal data) is retained for legal compliance purposes.
- Grievance redressal: Contact us at hello@usebills.com. We will acknowledge your grievance within 48 hours and resolve it within 15 working days as per the DPDP Act, 2023 and applicable DPDP Rules, 2025.
6. Data Retention
- Bills are stored on the backend server until you delete them
- Soft-deleted members and their bills can be restored within 48 hours; permanently deleted members and bills are removed immediately
- Your local authentication token and offline cache are cleared when you sign out
- Monthly usage counts are retained for the current calendar month only and reset automatically on the 1st of each month
- Unapproved access requests expire automatically if the owner doesn't respond within a short window (about 10 minutes)
- Invite codes expire 7 days after creation and are no longer resolvable; expired codes are purged from the backend server
- Approved share access expires at the duration the owner chose (1 day, 3 days, 1 week, 1 month, 3 months, 1 year, or no expiry), or immediately if revoked or blocked
- Blocked requesters remain on the blocklist until the owner unblocks them
- Shopping list items are retained until you remove them or delete your account
- Cross-account duplicate flags are cleared automatically when access is revoked or blocked, or when a shared member is removed
7. Security
- All data is transmitted over HTTPS
- Your sign-in token and app preferences are stored in encrypted storage on your device
- The app supports biometric, PIN, or pattern lock to prevent unauthorized access
- The app screen is hidden in the recent apps switcher; screenshots are blocked on the lock screen and QR share screen
- Privacy Shield blurs your bill data within the app when enabled in Settings
- Only you can access your bills by default — read-only access may be granted to others only through explicit QR code or invite code sharing initiated by you, and can be revoked at any time
8. Children's Privacy
This app is not intended for users under 18 years of age. We do not knowingly collect data from minors.
9. Changes to This Policy
We may update this policy periodically. When we do, a notification will appear in the app so you can review the changes. The effective date at the top of this page will be updated to reflect the revision date. Continued use after changes constitutes acceptance of the updated policy.
10. Contact Us
For privacy concerns, data requests, or grievances:
Email: hello@usebills.com
Response time: Acknowledged within 48 hours, resolved within 15 working days as per the DPDP Act, 2023 and applicable DPDP Rules, 2025
This app is designed for use in India and complies with the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable Digital Personal Data Protection Rules, 2025.