Privacy & Security

Privacy Policy

Effective: April 19, 2026 Last updated: April 19, 2026
1. Overview

WhereBill ("we", "our", or "the app") is a personal finance tool that helps you track bills, scan receipts with AI, and collaborate on shared expenses. This Privacy Policy explains what information we collect, why we collect it, and how we protect it.

By using WhereBill, you agree to the practices described in this policy. If you do not agree, please discontinue use of the app.

2. Information We Collect

Account information — When you sign in with Google, we receive your name and email address from Google. We do not receive your Google password.

Bill and expense data — Bills, amounts, categories, due dates, notes, and line items you enter manually or that are extracted from uploaded receipts.

Receipt images — Images or PDFs you upload for AI scanning. These are stored on our server and sent to an AI service for text extraction.

Group and collaboration data — Group memberships, shared bills, and related activity when you use bill-splitting features.

Chat messages — Messages sent through the in-app chat are end-to-end encrypted. The server stores only ciphertext — we cannot read your messages.

Encryption keys — Your public ECDH key is stored on our server. Your private key never leaves your browser (stored in IndexedDB only).

Usage data — Basic server logs including IP address, browser type, and pages accessed, retained for up to 30 days for security and debugging purposes.

3. How We Use Your Information
  • To authenticate you and provide access to your account
  • To store and display your bills, expenses, and budgets
  • To extract bill details from receipt images using AI
  • To enable group bill-splitting and collaboration features
  • To deliver in-app encrypted messaging between users
  • To calculate spending summaries, trends, and dashboard analytics
  • To send system notifications relevant to your account (no marketing emails)
  • To detect and prevent fraud or abuse
4. AI Receipt Scanning

When you upload a receipt image, it is pre-processed on our server (resized, contrast-adjusted) and then sent to an AI service for text extraction. The AI provider may process your image data in accordance with their own privacy policy.

Receipt images are used solely to extract bill details (merchant name, amounts, line items). We do not use your receipt images to train AI models. Images are stored in media/bills/ on our server and are accessible only to you.

You can delete a bill (and its attached image) at any time from the bill detail page.

5. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. Data is shared only in the following limited circumstances:

  • Google OAuth — Used for authentication only. We receive your name and email; your Google data is not shared further.
  • AI Receipt Scanning — Receipt images are sent to an AI service for extraction. The AI provider's data handling is governed by their own privacy policy.
  • Group members — Bills and expenses you add to a shared group are visible to other members of that group.
  • Legal obligations — We may disclose information if required by law or to protect our legal rights.

No other third-party services (analytics, advertising, tracking) are used in this application.

6. End-to-End Encrypted Chat

All in-app chat messages are end-to-end encrypted using ECDH P-256 key exchange and AES-GCM 256-bit encryption. This means:

  • Messages are encrypted in your browser before being sent to the server
  • The server stores only ciphertext — we cannot read your conversations
  • Your private encryption key is stored only in your browser's IndexedDB and is never transmitted to our servers
  • If you clear your browser data or switch devices, your private key is lost and older messages cannot be decrypted
7. Data Retention

Your account data (bills, groups, messages) is retained for as long as your account is active. Server logs are retained for up to 30 days. Receipt images are retained until you delete the associated bill.

You may request deletion of your account and all associated data at any time by contacting us. We will fulfill the request within 30 days.

8. Security

We take reasonable technical measures to protect your data, including:

  • HTTPS encryption for all data in transit
  • End-to-end encryption for all chat messages
  • Scoped database access — you can only access your own bills and groups
  • CSRF protection on all state-changing requests
  • Google OAuth for authentication — we never store passwords

No system is completely secure. If you discover a security issue, please report it to us promptly.

9. Your Rights

You have the right to:

  • Access — View all data associated with your account at any time within the app
  • Correction — Edit or update your bills, profile, and account information
  • Deletion — Delete individual bills, groups, or your entire account
  • Portability — Request an export of your data by contacting us
  • Withdraw consent — Revoke Google OAuth access at any time via your Google account settings
10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects when the most recent changes were made. Continued use of WhereBill after any changes constitutes your acceptance of the revised policy.

Questions about this policy?
If you have any questions, concerns, or requests regarding your privacy or data, please contact the app administrator. We are committed to addressing your concerns promptly and transparently.
© 2026 WhereBill  ·  Privacy Policy