Privacy Policy

Last Updated: April 15, 2026

1. Introduction

Welcome to Laravel ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoice management service.

By using Laravel, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Account Information: Name, email address, password (encrypted)
  • Profile Information: Business details, preferences, and settings
  • Contact Information: Email addresses for notifications and communications

2.2 Google Account Information

When you connect your Google account, we access:

  • Gmail Data: Email messages with invoice attachments (subject, sender, date, attachments)
  • Google Drive: Access to create and manage invoice files in your Google Drive
  • Profile Information: Your Google account email, name, and profile picture
  • OAuth Tokens: Encrypted access and refresh tokens for API authentication

2.3 Invoice Data

  • Invoice documents (PDFs, images) uploaded or scanned from email
  • Extracted invoice information (vendor names, amounts, dates, line items)
  • Payment status and categorization data

2.4 Usage Information

  • Log data (IP address, browser type, access times)
  • Device information (device type, operating system)
  • Usage patterns and feature interactions

3. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: Process and manage your invoices, extract data using AI/OCR technology
  • Email Scanning: Automatically scan your Gmail for invoice attachments based on your settings
  • Google Drive Integration: Save processed invoices to your Google Drive for backup and access
  • Account Management: Create and manage your account, authenticate users
  • Notifications: Send you alerts about new invoices, payment reminders, and system updates
  • Service Improvement: Analyze usage patterns to improve our features and user experience
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: Comply with legal obligations and enforce our terms

4. Google API Services Usage

Laravel's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4.1 Gmail API Scope

We request the following Gmail permissions:

  • gmail.readonly: Read email messages to detect invoice attachments
  • gmail.modify: Mark emails as read/processed (optional)

We ONLY access emails that match invoice-related keywords (invoice, receipt, payment, bill, etc.). We DO NOT read your personal emails, conversations, or non-invoice related messages.

4.2 Google Drive API Scope

We request the following Google Drive permissions:

  • drive.file: Create and manage files created by our application only

We ONLY access files created by Laravel. We DO NOT access your existing Google Drive files or folders.

4.3 Limited Use Disclosure

Laravel's use of information received from Google APIs will be limited to the practices disclosed in this Privacy Policy. We DO NOT:

  • Transfer Google user data to third parties (except as necessary to provide our service)
  • Use Google user data for serving advertisements
  • Allow humans to read your Gmail data (automated processing only)
  • Use or transfer data for purposes unrelated to invoice processing

5. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • Encryption: All OAuth tokens and sensitive data are encrypted at rest using AES-256 encryption
  • Secure Transmission: All data transfers use HTTPS/TLS encryption
  • Access Controls: Strict access controls limit who can access your data
  • Regular Backups: Automated backups to prevent data loss
  • Token Management: OAuth tokens are securely stored and automatically refreshed

Your invoice files are stored securely on our servers. If you use Google Drive integration, copies are also stored in your personal Google Drive account.

6. Data Sharing and Disclosure

We DO NOT sell, rent, or trade your personal information. We may share your data only in the following circumstances:

  • Service Providers: Google Cloud Vision API for OCR processing of invoice images
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfer: In the event of a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize data sharing

7. Your Rights and Choices

You have the following rights regarding your data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Disconnect Integrations: Revoke Google account access at any time from the Integrations page
  • Export Data: Download your invoices and data in standard formats
  • Opt-out: Disable email scanning or notifications in settings

To exercise any of these rights, please contact us at support@billifly.com

8. Data Retention

We retain your data for as long as your account is active or as needed to provide services. When you delete your account:

  • Your personal information and invoices are permanently deleted within 30 days
  • OAuth tokens are immediately revoked and deleted
  • Backup copies are removed within 90 days
  • Some data may be retained for legal compliance purposes

9. Third-Party Services

Our service integrates with the following third-party services:

  • Google APIs: Gmail, Google Drive, Google Cloud Vision (subject to Google's Privacy Policy)
  • WhatsApp Business API: Optional integration for invoice notifications

These services have their own privacy policies. We recommend reviewing them.

10. Children's Privacy

Laravel is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Users

Your data may be transferred to and processed in countries other than your country of residence. By using our service, you consent to the transfer of your information to our facilities and service providers globally.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the service. Your continued use of Laravel after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Laravel

Email: support@billifly.com

Website: https://billifly.com

14. Google OAuth Verification

This application has been verified by Google and complies with Google's API Services User Data Policy. Our access to your Google account is limited to the specific permissions you grant, and you can revoke access at any time from your Google Account Permissions page.