Privacy Policy for BillSift
Last Updated: 13th October 2025
This Privacy Policy describes the policies and procedures of Finkalp Technologies Private Limited ("we," "our," or "us"), registered in India, on the collection, use, storage, and disclosure of your information when you use our website www.billsift.com and the BillSift expense management service (collectively, the "Services"). We are committed to protecting your privacy and handling your data in an open and transparent manner.
By using our Services, you consent to the practices described in this Privacy Policy.
1. Data Controller and Contact Information
For the purposes of the EU General Data Protection Regulation ("GDPR") and other applicable data protection laws, the data controller is:
Finkalp Technologies Private Limited
B105, Jain Heights, Hennur Main Road, Dooravani Nagar, Bengaluru 560043
Email for General Inquiries: info@billsift.com
Email for Privacy-Specific Requests: privacy@billsift.com
2. Information We Collect
We collect several types of information to provide and improve our Services to you, as detailed in the table below.
| Category of Data | Specific Data Collected | Legal Basis for Processing (GDPR) |
|---|---|---|
| A. Personal & Account Data | Full name, email address, contact details, profile picture (via Google Sign-In). | Performance of a Contract; Consent (for Google Sign-In). |
| B. Google Sign-In Data | When you use "Sign in with Google," we receive and store your basic Google profile information (name, email address, profile picture) to create your account. We do not have access to your Google password. | Consent. |
| C. User-Uploaded Content & OCR-Processed Data |
This is the core data you entrust to us:
|
Performance of a Contract (to provide the core service); Legitimate Interest (for service improvement and accuracy). |
| D. Financial & Report Data | Data generated from your use, such as categorized expenses, aggregated reports, trends, and insights derived from your OCR-processed data. | Performance of a Contract. |
| E. Technical & Usage Data | IP address, browser type, device information, operating system, pages visited, features used, and other diagnostic data. | Legitimate Interest (for security, analytics, and improvement). |
| F. Communication Data | Records of your communications with us, including support requests, feedback, and survey responses. | Legitimate Interest (to respond to and manage our relationship with you). |
3. How We Use Your Information (Purposes of Processing)
We use the information we collect for the following purposes:
- To Provide and Maintain Our Services: This includes creating your account, processing your Google Sign-In, performing OCR on your uploaded bills, storing the extracted data, and generating aggregated expense reports for you.
- To Improve OCR Accuracy and Service Functionality: We may use anonymized and aggregated data from uploaded bills to train and improve our OCR algorithms. This is done in a way that no individual user can be identified from this data. We do not use the personal content of your bills for any other internal purpose like marketing or selling to third parties.
- To Communicate with You: To send you service-related announcements, respond to your support requests, and (with your separate consent) send you marketing and promotional communications.
- For Security and Compliance: To monitor and analyze usage to protect the security and integrity of our Services, detect and prevent fraud, and comply with legal obligations.
4. Legal Basis for Processing (For EEA and UK Users)
Our legal bases for processing your personal data under the GDPR are as follows:
- Performance of a Contract: The processing is necessary for the performance of our Terms of Service with you, which includes providing the OCR, data extraction, and reporting features.
- Consent: We rely on your consent for specific purposes, such as using Google Sign-In and for sending direct marketing communications. You may withdraw your consent at any time.
- Legitimate Interests: We process data for our legitimate interests in improving our Services, ensuring network and information security, and for administrative purposes.
5. Data Sharing and Disclosures
We do not and will not sell your personal data or the detailed contents of your bills and extracted data to any third party. We may share your information in the following limited circumstances:
- With Service Providers (Data Processors): We employ trusted third-party companies to facilitate our Services ("Processors"). These providers include:
- Cloud Hosting Providers (e.g., AWS, Google Cloud) to store your data.
- OCR Service Providers who help us extract data from your bills (under strict confidentiality obligations).
- Analytics Providers to understand service usage.
- Customer Support Platforms to manage your queries.
All Processors are bound by contractual obligations to keep your information confidential and use it only for the purposes we specify.
- For Legal Reasons: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
- Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred. We will notify you of such a change and any choices you may have.
6. Data Retention
We will retain your personal data only for as long as is necessary for the purposes set out in this policy.
- Account Data: We retain for the duration your account is active and for a reasonable period thereafter to comply with legal obligations or resolve disputes.
- User-Uploaded and OCR-Processed Data: This data is stored as long as your account is active. You can delete individual bills or your entire dataset at any time through the Service. Upon account deletion, we will initiate a process to delete this data from our active databases and backup systems, subject to any legal retention requirements.
7. Your Data Protection Rights
You have the following rights regarding your personal data:
- Right of Access: You can request a copy of the personal data we hold about you.
- Right to Rectification: You can correct any inaccurate or incomplete data we hold about you.
- Right to Erasure (Right to be Forgotten): You can request the deletion of your personal data, including your uploaded bills and extracted data.
- Right to Restrict Processing: You can request that we temporarily or permanently stop processing all or some of your personal data.
- Right to Data Portability: You can request a structured, commonly used, and machine-readable copy of your personal data, including the data we have extracted from your bills (e.g., in JSON or Excel format).
- Right to Object: You can object to the processing of your personal data in certain circumstances, including for direct marketing.
To exercise any of these rights, please contact us at privacy@billsift.com. We will respond to your request within one month. We may need to verify your identity before processing your request.
8. International Data Transfers
Your personal data may be transferred to and processed in countries other than India, including countries outside the European Economic Area (EEA) and the United Kingdom (UK). When we transfer your data, we use appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, to ensure that your data remains protected in accordance with this Privacy Policy and applicable data protection laws.
9. Data Security
We implement robust security measures designed to protect your data from unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (using HTTPS/TLS) and at rest.
- Strict access controls and authentication protocols.
- Regular security assessments and monitoring of our systems.
10. Google Sign-In
Your use of Google Sign-In is subject to Google's Privacy Policy and Terms of Service. You can manage the third-party applications that have access to your Google Account at any time via your Google Account Security settings. Revoking our access via Google will prevent you from logging in but will not automatically delete the data we hold. Please contact us separately to request data deletion.
11. Cookies
We use cookies and similar tracking technologies to track activity on our Service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. For more information, please see our Cookie Policy.
12. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We will also provide a more prominent notice, such as an email notification, for material changes.
13. Contact Us
If you have any questions about this Privacy Policy, please contact us:
For Data Privacy Requests: privacy@billsift.com
For General Inquiries: info@billsift.com
Registered Office: Finkalp Technologies Private Limited, B105, Jain Heights, Hennur Main Road, Dooravani Nagar, Bengaluru 560043.