Bill RivetSign in
A few organisation-specific details (legal entity, ABN, address) are still marked [like this] and should be filled in and legally reviewed before publishing.

Privacy Policy

Last updated: 1 June 2026 · Effective: 1 June 2026

1. About this policy

This Privacy Policy explains how [LEGAL ENTITY NAME] [ABN [ABN]] (“Bill Rivet”, “we”, “us”) collects, uses, discloses and protects personal information when you use the Bill Rivet application and website at billrivet.com (the “Service”). We handle personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). By creating an account or using the Service, you consent to the handling of your personal information as described here.

2. How and when we collect information

We collect personal information:

  • Directly from you — when you create an account, upload documents, forward invoices to your Bill Rivet intake email address, connect an accounting platform (such as Xero, MYOB or QuickBooks), subscribe, or contact us for support.
  • Automatically — basic usage and technical data (such as log data and IP address) when you use the Service.

Where we collect information from someone other than you, we will take reasonable steps to make you aware of it. Some information is required to provide the Service; if you do not provide it, we may be unable to provide the Service to you.

3. Information we collect

  • Account information— your name, email address, a hashed password (managed by our authentication provider), and your organisation’s details.
  • Invoice documents and data — the supplier invoices, bills, statements and related files you upload or forward, and the data extracted from them (supplier, amounts, GST, line items, dates and references).
  • Accounting platform data — when you connect Xero, MYOB or QuickBooks, the data we need to code bills: your chart of accounts, contacts (suppliers), tracking categories and tax rates, your organisation name, and the OAuth connection tokens.
  • Billing information — handled by our payment processor; we store only a subscription/customer reference, not your card numbers.
  • Usage and technical data — log data, IP address, device/browser information, and actions taken in the Service.

4. Sensitive information

We do not seek to collect sensitive information (such as health, racial or biometric information) and the Service does not require it. Invoices you submit may incidentally contain the personal information of third parties (for example, a supplier contact); we process that information only to provide the Service to you.

5. How we use information

  • To provide the Service — extract, clean, code and validate your bills, and create draft bills in your accounting platform at your direction.
  • To authenticate you and secure your account and organisation.
  • To operate billing and subscriptions.
  • To provide support, improve reliability, and prevent abuse.
  • To comply with our legal obligations.

We do not sell your personal information.

6. Your accounting platform connection

We connect to your accounting platform (such as Xero, MYOB or QuickBooks) using OAuth 2.0 with the minimum scopes required to read your contacts and settings and to create draft bills and attachments. Connection tokens are encrypted at rest. You can disconnect at any time from Settings; on disconnect we revoke the token with the provider and delete the platform data we cached for your organisation.

7. AI processing

To read your invoices we send the document and its contents to our AI provider, OpenAI, via their API. Under OpenAI’s API data-usage policy, content submitted through the API is not used to train their models and is retained only transiently for abuse monitoring before deletion. We use this processing solely to extract and code your bills.

8. Service providers (subprocessors)

We share data with the following providers only to run the Service:

  • Supabase — database, authentication and file storage, hosted in Australia (Sydney).
  • OpenAI — invoice data extraction (see above).
  • Stripe — subscription billing and payments.
  • Resend — transactional and authentication emails.
  • Vercel — application hosting and delivery.
  • Xero, MYOB & QuickBooks — the accounting platform you choose to connect.

9. Overseas disclosure

Your data is stored in Australia. However, some of the providers above (for example, our AI, payments and hosting providers) may process limited data on servers located outside Australia. Where this occurs, we take reasonable steps to ensure your information is handled consistently with this policy and the APPs.

10. Storage and security

We use encryption in transit (HTTPS), encryption at rest, encryption of sensitive credentials such as accounting platform tokens, row-level security to isolate each organisation’s data, and access controls limiting who can view it. No method of transmission or storage is completely secure, but we take reasonable physical, electronic and procedural steps to protect your information from misuse, loss, and unauthorised access, modification or disclosure.

11. Retention and deletion

We retain your data while your account is active and as needed to provide the Service and meet our legal obligations. You can delete invoices at any time. To delete your account and associated data, contact us at privacy@billrivet.com; we will delete or de-identify your data within 30 days, except where we must retain it to comply with the law.

12. Direct marketing

We may occasionally send you service updates or information about features that may be relevant to you. Every such email includes an unsubscribe link, and you can opt out at any time. We do not sell or rent your information to third parties for their marketing, and we do not use sensitive information for marketing.

13. Cookies

We use only essential cookies — to keep you signed in and operate the Service. We do not use third-party advertising or analytics cookies. You can configure your browser to refuse cookies, though some features may not work if you do.

14. Your rights and complaints

You may request access to, or correction of, the personal information we hold about you. If you believe we have breached the APPs, contact us using the details below and we will investigate and respond within a reasonable time. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (oaic.gov.au). If you are located outside Australia, you may have additional rights under your local laws — contact us and we will assist.

15. Changes

We may update this policy from time to time. Material changes will be notified through the Service or by email. The “Last updated” date above shows the latest revision; continued use after a change takes effect constitutes acceptance.

16. Contact

[LEGAL ENTITY NAME]
[POSTAL ADDRESS]
privacy@billrivet.com