1. Data Controller

The controller of your personal data is García y Morfín S.C., operator of Billcraft, with its registered address in Mexico City, Mexico. You can contact us at hello@billcraft.ai.

2. Data We Collect

Account data: name, email address, password (encrypted), and your agency name at the time of registration.

Operational data: information you voluntarily enter into the platform, including employee names, clients, projects, rates, salaries, and financial figures for your agency.

Usage data: technical information about how you interact with the platform, including pages visited, features used, date and time of access, and device type.

Payment data: payment information is processed directly by our payment provider (Stripe). Billcraft does not store credit card numbers or personal banking details.

3. How We Use Your Data

We use your information exclusively to:

• Operate and maintain your Billcraft account
• Generate the calculations, projections, and simulations you request within the platform
• Process your subscription payments
• Send you account-related notifications (plan changes, system alerts, terms updates)
• Improve the platform based on aggregated and anonymous usage patterns
• Respond to your support requests

4. What We Never Do With Your Data

• We never sell your information to third parties under any circumstances
• We do not share your operational data (clients, employees, figures) with other companies
• We do not use your financial data to create advertising profiles
• We do not access your operational data except when you explicitly request it (technical support) or when required by law

5. Storage and Security

Your data is stored on Supabase servers with multiple layers of protection:

• Encryption in transit: all communication between your browser and our servers is protected with TLS/SSL
• Encryption at rest: your financial data is encrypted before being stored in the database. Not even the Billcraft team can access your data in plain text
• Row Level Security (RLS): each user can only access the data corresponding to their role and permissions configured by the account administrator
• Organization isolation: each agency’s data is completely separate and inaccessible to other organizations

Billcraft does not require or request access to your bank accounts, accounting systems, or any other external financial platform.

6. Industry Benchmarks (Anonymous Data)

Billcraft offers an optional Industry Benchmarks feature that allows users to compare their metrics against anonymous sector averages (salaries by level, average retainer fees by industry, margins by project type, among others).

Voluntary participation: this feature is completely optional. You decide whether to participate and which categories of information you share. You can enable or disable your participation at any time from your account settings.

Anonymization: if you choose to participate, your data is anonymized and statistically aggregated before becoming part of the benchmarks. The anonymization process removes any information that could identify your agency, your clients, or your employees. Only averages, medians, and statistical ranges are generated.

What never happens:

• No user can see another agency’s individual data
• Billcraft cannot reconstruct or identify the source of anonymized data
• Benchmarks are only generated when there is a minimum number of participants sufficient to guarantee anonymity
• Your decision not to participate does not affect your account or access to any other Billcraft features in any way

7. Third-Party Sharing

We only share information with the following providers, which are strictly necessary to operate the service:

• Supabase: database and authentication infrastructure
• Vercel: application hosting
• Stripe: payment processing

These providers are subject to their own privacy policies and comply with industry security standards. We do not share your operational data (clients, employees, financial figures) with any of these providers.

8. Data Retention

We retain your data while you maintain an active Billcraft account. If you cancel your subscription, your data is retained for 30 days to allow for export or reactivation. After that period, it is permanently deleted from our servers. Any automated backups that may contain your data are deleted within 90 days after cancellation.

9. Your Rights

In accordance with the Mexican Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP), you have the right to:

• Access: request what personal data we hold about you
• Rectification: correct inaccurate or incomplete data
• Cancellation: request deletion of your data
• Objection: object to the processing of your data for specific purposes

To exercise any of these rights (known as ARCO rights), send an email to hello@billcraft.ai with your request. We will respond within a maximum of 20 business days.

10. Cookies and Tracking Technologies

Billcraft uses essential cookies necessary for the operation of the platform (authentication, session preferences). We do not use third-party cookies for advertising or cross-site tracking purposes.

11. Minors

Billcraft is not intended for children under 18. We do not intentionally collect information from minors. If we discover that we have collected data from a minor, we will delete it immediately.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email at least 15 days in advance. The current version will always be available on this page.

13. Contact

For any questions about privacy or the processing of your data, write to us at hello@billcraft.ai.