Your financial data is sensitive. We treat it that way. Here's exactly how we protect it.
All data is transmitted over HTTPS with TLS 1.3. Your receipt images, bank statements, and personal data are encrypted during every transfer.
Data is stored on encrypted servers. Database access is restricted to the application layer only โ no direct database access from the internet.
We never sell, share, or monetize your financial data. No third-party analytics runs on your receipt data. No advertisers ever see your expenses.
Receipt images are processed via OpenAI's API (GPT-4o). OpenAI does not use API data for training. Images are processed and not stored by OpenAI.
Payments are handled by Razorpay (PCI DSS Level 1 compliant). We never see or store your card details โ all payment data stays with Razorpay.
Export all your data anytime as JSON, CSV, or PDF. Delete your account and all data is permanently removed โ no hidden backups.
Passwords are hashed using bcrypt with 12 rounds of salting. We use JWT tokens with 30-day expiry for session management. Phone number verification prevents duplicate accounts.
Bill's Daddy runs on dedicated VPS infrastructure with Docker containerization. The application is isolated from other services. Automated SSL certificates are managed by Traefik reverse proxy.
Admin access is restricted to designated email addresses. Team members have view-only access โ they cannot modify or delete data belonging to other team members.
If you discover a security vulnerability, please email us at support@billsdaddy.com. We take all reports seriously and will respond within 48 hours.