Last updated: October 27, 2025
This Data Processing Agreement (“DPA”) is part of the Terms of Service between you (“Customer”) and Billo (“Processor”), operated by Billo.
1. Definitions Controller
You — the Billo customer who determines what data is stored and processed. Processor: Billo — we process data only as necessary to provide our invoicing services. Subprocessors: Third-party vendors that assist us (e.g., Supabase, Vercel, Stripe, Sentry, Datafast, Insighto).
2. Scope of Processing
Billo processes personal data that you upload, such as client names, addresses, tax IDs, and payment information, solely to generate invoices and manage your business operations within the platform. We never use this data for our own purposes, advertising, or profiling.
3. Data Retention
Your data is retained for as long as your Billo account is active. Upon deletion, all data (including client information and draft invoices) will be permanently removed within 30 days.
4. Subprocessors
We rely on trusted vendors to process data securely: Supabase (database & authentication) Vercel (hosting) Stripe (payments) Resend (emails) Datafast (tracking) Sentry (error tracking) Insighto (feature request) We ensure all subprocessors comply with GDPR and maintain appropriate data protection agreements.
5. Security Measures
Billo implements the following technical and organizational measures: Encryption in transit via HTTPS Role-based access controls Regular backups and server monitoring Secure hosting in the EU (or equivalent safeguards)
6. International Data Transfers
If data is transferred outside the EU, Billo relies on Standard Contractual Clauses (SCCs) or equivalent legal mechanisms to ensure compliance.
7. Roles & Responsibilities
You (Controller) Obtain consent from your customers where required Manage deletion or correction requests Ensure your use of Billo complies with applicable privacy laws Billo (Processor) Process data only on your instructions Maintain confidentiality and security Assist you with compliance requests when possible.
8. Governing Law
This DPA is governed by the laws of Germany. By using Billo, you agree to this DPA.