Skip to content
SpeakBill
SpeakBillBack

Privacy Policy.

Last Updated: May 2026

1. Controller Identity

The data controller responsible for your personal data is the operator of SpeakBill. For any privacy-related inquiries or to exercise your rights, contact us at build@vantlaunch.com.

2. Data We Collect

  • Account Information: Name, email, and password (hashed).
  • Business Information: Company name, address, VAT number, country, currency.
  • Client Information: Names, email addresses, phone numbers, and addresses of your clients.
  • Invoice Data: Work descriptions, line items, pricing, and AI-generated invoice structures.
  • Usage Data: Browser type, device information, and app interactions (via PostHog).
  • Error Data: Crash reports and error diagnostics (via Sentry).

3. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR:

  • Performance of a contract (Art. 6(1)(b)): Providing the invoicing service, processing payments, generating invoices.
  • Legitimate interests (Art. 6(1)(f)): Security monitoring, error tracking, service improvement, analytics.
  • Consent (Art. 6(1)(a)): Analytics cookies (PostHog) — you may withdraw consent at any time via the cookie banner.
  • Legal obligation (Art. 6(1)(c)): Tax and accounting record retention where required by applicable law.

4. Automated Decision-Making

Our AI-powered invoice parsing uses OpenAI to structure invoice data from your voice or text input. This constitutes automated processing under GDPR Art. 22. The AI output is presented to you for review and editing before any invoice is created. You have full control over the final content.

5. Third-Party Data Processors

We use the following third-party services to provide our Service. Each is a data processor under GDPR Art. 28:

  • MongoDB Atlas — Database hosting (EU region). Processes all account, invoice, and client data.
  • Vercel — Application hosting and serverless functions. Processes all application traffic.
  • Vercel Blob Storage — Invoice PDF and file storage (EU region).
  • OpenAI — AI invoice parsing (GPT-4o-mini). Invoice descriptions are sent to OpenAI servers (US). Data is not used for model training.
  • Polar.sh — Payment processing and subscription management. Processes customer email and subscription data.
  • Resend — Transactional email delivery (password reset, invoice sending, verification). Processes email addresses and email content.
  • Sentry — Error monitoring. Processes error data, IP addresses, and browser information.
  • PostHog — Product analytics (EU-hosted). Processes usage analytics, page views, and device information. Only active if you accept analytics cookies.

Data Processing Agreements (DPAs) are in place with all sub-processors. Contact us to request copies.

6. International Data Transfers

Some of our sub-processors (OpenAI, Sentry) are based in the United States. Data transfers to these providers are governed by applicable transfer safeguards, including Standard Contractual Clauses (SCCs) where applicable. Our database and file storage are hosted within the European Union.

7. Data Retention

  • Account data: Retained for the duration of your account plus 30 days after deletion.
  • Invoice data: Retained while your account is active. You may delete individual invoices at any time.
  • Analytics data: Retained for up to 2 years.
  • Error data: Retained for up to 90 days.

8. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access (Art. 15): Request a copy of your personal data.
  • Right to rectification (Art. 16): Correct inaccurate data.
  • Right to erasure (Art. 17): Delete your account and all associated data. You can do this in Settings or by contacting us.
  • Right to data portability (Art. 20): Download all your data in a machine-readable JSON format. Available in Settings.
  • Right to object (Art. 21): Object to processing based on legitimate interests.
  • Right to restrict processing (Art. 18): Request temporary restriction of processing.
  • Right to withdraw consent (Art. 7(3)): Withdraw cookie consent at any time.

9. Cookies

We use essential cookies for session management, security, and language preference. With your consent, we also use PostHog for product analytics. You may accept or decline analytics cookies via the banner shown on your first visit. You can change your preference at any time by clearing your browser cookies and refreshing the page.

10. Contact & Complaints

For privacy inquiries or to exercise your rights, contact us at build@vantlaunch.com.

You have the right to lodge a complaint with your local data protection supervisory authority. For a list of EU data protection authorities, visit edpb.europa.eu.

© 2026 SpeakBill. Built for tradespeople.