Privacy Policy
Bill Guard (billguard.email) watches your email platform's billable contact count and helps you avoid surprise tier upgrades. This policy explains what data we handle to do that, and what we never do with it. Questions any time: support@billguard.email.
What we collect
- Your account. Your email address and a password (stored hashed by our auth provider, Supabase), or your name, email, and profile picture if you sign in with Google.
- Billing. Payments are processed by Lemon Squeezy as merchant of record. We never see or store your card number — we only store your subscription status (trial, active, cancelled) so the app knows what you can access.
- Product configuration you give us. Your platform API credential (encrypted — see Security), your plan's contact tier, billing cycle, renewal date, and an optional flip-workflow ID.
- Data read from your email platform. Your billable contact counts over time, and — only when you open a cleanup review — the contact fields needed to identify un-emailable contacts: email address, subscription/bounce status, last activity, and recent purchase signals (used to protect buyers from ever being suggested).
- Usage data. Privacy-friendly, cookieless web analytics (Cloudflare) and standard server logs. No advertising trackers, no cross-site tracking.
How we use it
- To run the service: read your counts daily, forecast tier crossings, email you alerts, and — only after you explicitly confirm — flip the contacts you selected to non-marketing.
- To bill your subscription and to answer support requests.
- We do not sell your data, we do not use it for advertising, and we never email your contacts. Alert emails go to you, not to anyone in your CRM.
Your customers' data
The contacts in your HubSpot or Mailchimp account are your data — you are the controller; we act as a processor on your instructions. We read only the fields needed to compute counts and cleanup candidates, we keep a record of contacts you confirmed for cleanup (so your history is auditable), and we never delete a contact — every change we make is a reversible marketing-status change that you approved first.
Where your data lives (subprocessors)
- Supabase — database and authentication.
- Cloudflare — website hosting, CDN, and cookieless analytics.
- Zeabur — hosting for our API and sync worker.
- Resend — sends your alert emails (from alerts@billguard.email).
- Lemon Squeezy — payments, invoices, and sales tax, as merchant of record.
- Google — only if you choose "Sign in with Google".
Security
- Your platform credential is encrypted at the application level before it ever reaches the database, with the encryption key held separately from the database. A database leak alone cannot expose usable tokens.
- Every customer-facing table is protected by row-level security — your session can only ever read your own rows. Credentials are excluded from customer-facing access entirely.
- All traffic is encrypted in transit (TLS).
Retention and deletion
- Removing a product from your dashboard immediately deletes its stored data — the encrypted credential, count history, alerts, and cleanup records.
- Deleting your account (or emailing us to request it) removes everything above plus your account itself.
- Invoices and tax records are retained by Lemon Squeezy as required by law.
Your rights
You can access, export, correct, or delete your data at any time — most of it directly in the app, or by emailing support@billguard.email. We answer within a few business days.
Cookies
We use browser storage only to keep you signed in. No advertising or cross-site tracking cookies. Our analytics (Cloudflare Web Analytics) doesn't use cookies at all.
Changes
If this policy changes materially, we'll note it here with a new effective date and, for significant changes, email you.