Security

Security at Billendar

Your financial data deserves serious protection. Here is exactly how we keep it safe.

Last updated: March 2026

Infrastructure

Billendar runs on enterprise-grade infrastructure with industry-leading security certifications.

  • Hosted on Vercel (SOC 2 Type II compliant)
  • Database on Supabase (SOC 2 Type II compliant)
  • Automatic scaling and DDoS protection
  • 99.9% uptime SLA from our providers

Encryption

Your data is encrypted at every stage — in transit and at rest.

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for data at rest
  • HTTPS enforced on all connections
  • Secure, httpOnly authentication cookies

Gmail Access

Our Gmail integration is designed with the strictest possible access controls.

  • Read-only — we never send, delete, or modify emails
  • OAuth 2.0 — we never see your Google password
  • Only scans for bill-related and receipt emails
  • Revoke access instantly from your Google account
  • Compliant with Google API Services User Data Policy

Data Storage

Your bill data is stored in a PostgreSQL database with strict access controls at every level.

  • PostgreSQL with Row Level Security (RLS) enabled
  • Each user can only query and see their own data
  • Automated daily backups with 90-day retention
  • No shared database access between users

Authentication

Sign-in via Google OAuth through Supabase Auth — we benefit from Google's security without managing passwords.

  • Google OAuth 2.0 via Supabase Auth
  • No passwords stored — ever
  • Secure session management with JWT tokens
  • Automatic session expiration

Payment Processing

All Pro subscription payments are handled entirely by Stripe — the industry standard for secure payments.

  • Stripe is PCI DSS Level 1 compliant
  • We never see or store your card number
  • Card details go directly to Stripe's servers
  • Billing managed through Stripe's secure portal

What We Don't Store

Minimizing stored data minimizes risk. We deliberately avoid keeping anything beyond what is essential to provide the service.

  • Raw email content is never stored — only extracted bill details (payee, amount, due date)
  • Your Google password is never transmitted to or stored by Billendar
  • Credit card numbers never touch our servers
  • No third-party advertising or analytics trackers
  • No data is sold to or shared with advertisers

You are always in control

Your data is yours. At any time, take any of these actions from your account settings — no need to contact support.

Revoke Gmail access
Export your data
Delete your account
Get started free