Privacy Policy

BillHour is a consulting-firm time tracking and invoicing app. You use BillHour either as:

• A firm owner — you create an organization, invite employees, set rates, and send invoices.
• An employee — you join a firm by code and log time entries against projects.

This policy applies to both roles and to anyone who uses the BillHour app, website (billhour.ai), or contacts us.

Account data

• Email address and full name (collected at sign-up via Supabase Auth)
• Authentication credentials (managed by Supabase Auth; we never see your password in plaintext)
• Organization name and role within the organization

Time-tracking data

• Time entries: project, date, hours worked, optional notes
• Bill rate and cost rate (set by the firm owner)
• Job role title

Invoice data

• Generated invoices, line items, and totals
• Client name and email address (entered by the firm owner when sending invoices)
• AI-formatted invoice descriptions (only if you have enabled AI formatting — see Section 4)

Device data

• Expo push notification token (used to send reminders and notifications you've opted into)
• App version and build number (sent with crash reports for debugging)

Subscription data

• Subscription status (active / trial / canceled) — provided by Apple and RevenueCat
• We do not see your full Apple ID, payment method, or billing address

Diagnostics

• Crash reports and error logs (sent to Sentry — see Section 5)
• These reports include stack traces and the screen you were on; they do not include time entry notes, invoice content, rates, or client information

Product analytics

• Screen-view events (e.g., “user opened the Timesheet screen”) so we can measure feature usage, onboarding completion, and weekly retention
• Anonymous device identifier (assigned by the analytics SDK on first launch)
• Your opaque BillHour user ID (the same UUID we already store internally — not your email or name) so that screen-view events can be grouped per user for cohort and retention analysis
• App version, device model, operating system version
• Your IP address (used by the analytics provider to derive country-level location only — no precise geolocation, no IP retention beyond geo lookup)
• Screen-view events do not include time entry notes, invoice content, rates, client information, or any other content you create in the app

We do not collect: precise location, contacts, photos, microphone audio, advertising identifiers (no IDFA / IDFG), or web browsing history. BillHour has no advertising integrations and does not engage in cross-app tracking.

• To provide the app: authenticate you, store your time entries, generate invoices
• To send the notifications you've opted into: timesheet reminders, invoice-ready alerts
• To process subscriptions through Apple In-App Purchase via RevenueCat
• To improve reliability: diagnose crashes and errors via Sentry
• To improve the product: measure feature usage, onboarding completion, and weekly retention via PostHog (anonymous + aggregated; no time-entry content is sent)
• To respond to your support requests when you email us

We do not sell your data. We do not use your data to train AI models. We do not show ads.

BillHour offers an optional AI feature that cleans up and formats time-entry descriptions into client-ready invoice line items. This feature uses Anthropic Claude (operated by Anthropic, PBC).

The AI feature is OFF by default. You must explicitly grant consent the first time you use it. You can grant or revoke consent at any time in Workspace → Legal → AI Invoice Formatting.

When the AI feature runs:

• Sent to Anthropic: the text of each time-entry note, the date and hours of each entry, the consultant's name (their full name from their profile, or their email address as a fallback if the profile name is unavailable), the project name, the client name, the job role title, and any project-specific style preferences (preferred terms, forbidden terms, reference description samples) the firm owner has configured.
• Not sent to Anthropic: bill rates, cost rates, dollar amounts, client email addresses, payment information, or any data belonging to other organizations.

Anthropic's processing terms apply to data we send them. Per Anthropic's commercial terms, your data is not used to train their models. Their privacy practices: anthropic.com/legal/privacy

If you revoke consent, no further data is sent to Anthropic. AI-formatted descriptions already saved to your time entries remain as they are until you edit them.

We use the following third parties to operate BillHour. Each receives only the data necessary for its specific function:

• Supabase Inc. — Database, authentication, file storage, push notification relay.
  Data they receive: all account, time entry, invoice, and organization data.
• Anthropic, PBC — AI invoice formatting (only with your consent — see Section 4).
  Data they receive: see Section 4 for the full list.
• Twilio SendGrid — Transactional email delivery (account confirmation, password reset).
  Data they receive: recipient email address, name, and the confirmation or reset link.
• RevenueCat, Inc. — Subscription state management.
  Data they receive: anonymous app user ID, subscription status.
• Apple Inc. — In-App Purchase processing, push notification delivery (APNs).
  Data they receive: transaction data, push token.
• Expo / EAS — App builds and push notification routing.
  Data they receive: push token, build diagnostics.
• Sentry (Functional Software, Inc.) — Crash and error reporting.
  Data they receive: stack traces, app version, anonymized user ID; no time entry content, rates, or client data.
• PostHog, Inc. — Product analytics — feature usage, onboarding funnel, weekly retention.
  Data they receive: screen-view events, anonymous device ID, opaque BillHour user ID, app version, device model, OS version, IP address (used for country-level geolocation only); no time entry content, rates, or client data.
• Vercel Inc. — Hosting for the billhour.ai marketing site.
  Data they receive: web request logs from visits to billhour.ai only; the app itself does not route requests through Vercel.

We do not use any analytics or advertising provider in the app. The sub-processors listed above are the only third parties that receive your data.

Your data is stored on Supabase infrastructure in the United States. Crash reports are stored on Sentry infrastructure in the United States. Subscription state is stored on RevenueCat infrastructure in the United States. Product analytics events are stored on PostHog infrastructure in the United States.

• Active accounts: for as long as your account is active
• Time entries belonging to a firm: the firm retains them as business records (see Section 9)
• Crash reports: 90 days, then automatically deleted
• Product analytics events: retained for up to 12 months for retention and cohort analysis, then deleted
• Backups: Supabase retains automated backups for 7 days

You can:

• Access your data — most of it is visible in the app; email us for an export
• Correct your data — edit profile, time entries, and invoices in the app
• Delete your account — see Section 9
• Revoke AI consent — Workspace → Legal → AI Invoice Formatting (firm owner)
• Opt out of notifications — iOS Settings → Notifications → BillHour
• Request portability — email us for a machine-readable export
• Complain to your data protection authority if you believe we've mishandled your data

To exercise any right, email support@billhour.ai. We will respond within 30 days.

You can delete your BillHour account at any time from Workspace → Delete Account.

When you delete your account:

• Your personal account data — authentication credentials, profile, device push tokens, active session data — is permanently removed.
• Time entries you submitted to a firm remain in that firm's business records as historical attribution: your name, the bill rate and cost rate effective when each entry was worked, your job role at the time, and the project worked. This retention is required for the firm's tax, audit, and billing compliance obligations and falls under the “legally required to maintain” carve-out of Apple's account deletion guidance.
• If you are a firm owner, deleting your account also deletes the entire firm, including all employees' memberships, time entries, and invoice history.
• Subscriptions do not cancel automatically. Manage your subscription in iOS Settings → Apple Account → Subscriptions.

Account deletion is immediate and irreversible.

BillHour is for business use and not directed at children under 13 (or under 16 in the EU). We do not knowingly collect data from children. If you believe a child has provided data, email us and we will delete it.

• All data in transit is encrypted with TLS 1.2+.
• Data at rest in Supabase is encrypted.
• Row-level security policies enforce that you can only access data belonging to your organization.
• We never store payment card numbers — Apple handles all payment processing.
• We follow the principle of least privilege for all employee access to production systems.

No system is perfectly secure. If you discover a vulnerability, please email security@billhour.ai.

By using BillHour, you consent to your data being processed in the United States and other countries where our sub-processors operate. We rely on Standard Contractual Clauses where required for EU/UK transfers.

You have the right to know, delete, correct, and opt out of the sale of your data. We do not sell or share personal data for cross-context behavioral advertising. To exercise any right, email support@billhour.ai.

Our legal bases for processing:

• Contract— to provide the BillHour service you've signed up for
• Consent — for AI invoice formatting (Section 4) and push notifications
• Legitimate interests — fraud prevention, crash diagnostics, service improvement
• Legal obligation — tax and audit record retention by firms

Our EU representative: contact support@billhour.ai and we will provide the relevant address.

We may update this policy from time to time. The “Last updated” date at the top of this policy reflects the latest revision. Material changes will be announced in the app and via email to firm owners.

Omugen Engineering LLC
Email: support@billhour.ai
Website: billhour.ai