Privacy Policy

We collect information in the following ways:

• —Provide, operate, and maintain the Service
• —Detect failed payments and execute recovery email sequences
• —Send transactional communications related to your account
• —Monitor, analyze, and improve the Service and user experience
• —Ensure the security and integrity of the platform

Rebill.it connects to your Stripe account via a restricted API key with limited permissions. We access only the data strictly necessary to identify failed payment events and initiate recovery workflows. All payment processing is handled entirely by Stripe in accordance with PCI DSS Level 1 standards. We never store, process, or transmit cardholder data.

We do not sell, rent, or trade your personal information. We may share data only with the following categories of recipients:

We implement industry-standard security measures to protect your data, including encryption in transit (TLS 1.2+), encryption at rest, secure authentication via Supabase Auth with row-level security policies, and restricted access controls for production systems. While no method of transmission or storage is 100% secure, we are committed to safeguarding your information using commercially reasonable practices.

We retain your account and usage data for as long as your account remains active and as necessary to provide the Service. Upon account deletion, we will remove or anonymize your personal data within 30 days, except where longer retention is required by applicable law or legitimate business purposes (e.g., fraud prevention, legal compliance).

Depending on your jurisdiction, you may have the following rights:

• —Access — request a copy of the personal data we hold about you
• —Rectification — correct inaccurate or incomplete data
• —Erasure — request deletion of your personal data
• —Portability — receive your data in a structured, machine-readable format
• —Withdrawal of consent — revoke consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@rebill.it.

We use strictly essential cookies for authentication and session management. We do not use third-party advertising cookies or cross-site tracking technologies. Analytics data is collected using privacy-respecting methods that do not rely on persistent tracking cookies.

Your data may be processed and stored in countries outside your country of residence. Where such transfers occur, we ensure appropriate safeguards are in place in accordance with applicable data protection laws to protect your information.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it promptly.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through an in-app notification prior to the changes taking effect. Your continued use of the Service after such notification constitutes acceptance of the updated policy.

For privacy-related inquiries, data requests, or concerns, contact us at privacy@rebill.it.