Security

Security at Billendar

Your financial data deserves serious protection. Here is exactly how we keep it safe.

Last updated: March 2026

Infrastructure

Billendar runs on enterprise-grade infrastructure from providers with industry-leading security certifications.

  • Hosted on Vercel (SOC 2 Type II compliant)
  • Database on Supabase (SOC 2 Type II compliant)
  • Automatic scaling and DDoS protection
  • 99.9% uptime SLA from our providers

Encryption

Your data is encrypted at every stage, whether moving between your browser and our servers or sitting in our database.

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for data at rest
  • HTTPS enforced on all connections
  • Secure, httpOnly authentication cookies

Gmail Access

We take your email privacy extremely seriously. Our Gmail integration is designed with the strictest possible access controls.

  • Read-only access only - we never send, delete, or modify emails
  • OAuth 2.0 authentication (we never see your Google password)
  • Only scans for bill-related and receipt emails
  • You can revoke access instantly from your Google account
  • Compliant with Google API Services User Data Policy

Data Storage

Your bill data is stored securely in a PostgreSQL database with strict access controls at every level.

  • PostgreSQL with Row Level Security (RLS) enabled
  • Each user can only query and see their own data
  • Automated daily backups with 90-day retention
  • No shared database access between users

Authentication

We use Google OAuth through Supabase Auth for sign-in. This means we benefit from Google's security infrastructure without the risks of managing passwords ourselves.

  • Google OAuth 2.0 via Supabase Auth
  • No passwords stored - ever
  • Secure session management with JWT tokens
  • Automatic session expiration

Payment Processing

All payment processing for Pro subscriptions is handled entirely by Stripe, the industry standard for secure online payments.

  • Stripe is PCI DSS Level 1 compliant
  • We never see or store your card number
  • Card details go directly to Stripe's servers
  • Billing managed through Stripe's secure portal

What We Don't Store

Minimizing stored data minimizes risk. We deliberately avoid keeping anything beyond what is essential to provide the service.

  • Raw email content is never stored - only extracted bill details (payee, amount, due date)
  • Your Google password is never transmitted to or stored by Billendar
  • Credit card numbers never touch our servers
  • We do not use third-party advertising or analytics trackers
  • No data is sold to or shared with advertisers

You are always in control

Your data is yours. At any time, you can take any of these actions from your account settings - no need to contact support.

Revoke Gmail access
Export your data
Delete your account
Get started for free