Privacy Policy
Last updated: March 2, 2026
1. Introduction
This Privacy Policy explains how Nikola Jevtić ("we", "us", "our"), operating as BillZen, collects, uses, and protects your personal data when you use our invoicing service at billzen.app.
We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and Spanish data protection laws (LOPDGDD).
Data Controller: - Name: Nikola Jevtić (Autónomo) - Address: Carrer de Don Armando Palacio Valdés 10 4, 46010 Valencia, España - Email: contact@billzen.app
2. Data We Collect
2.1 Account Information
- Email address
- Password (hashed and salted, we cannot see it)
- Name (optional)
2.2 Profile Information
- Business name
- Business address
- Tax identification number (NIF/CIF/VAT)
- Phone number (optional)
2.3 Financial Information
- Bank account details (IBAN, account number — encrypted at rest)
- Payment information (processed by Stripe, we do not store card details)
- Subscription history
2.4 Invoice & Business Data
- Client names, addresses, and contact details
- Invoice amounts, items, and descriptions
- Payment status and history
- Expense records and receipt references
- Recurring invoice templates
- XML invoice records generated for audit compliance
2.5 Technical Data
- IP address
- Browser type and version
- Device information
- Usage logs
- Error reports (anonymized, no personally identifiable information)
3. How We Use Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide the invoicing service | Contract performance |
| Process payments | Contract performance |
| Send transactional emails (invoices, reminders) | Contract performance |
| Generate invoice QR codes and XML records | Contract performance |
| Customer support | Legitimate interest |
| Improve our service and fix errors | Legitimate interest |
| Prevent fraud and abuse | Legitimate interest |
| Legal and tax compliance | Legal obligation |
We do NOT use your data for: - Selling to third parties - Targeted advertising - Profiling for marketing - Third-party analytics or tracking
4. Data Sharing
We share your data only with the following service providers, strictly necessary for operating the service:
| Third Party | Purpose | Location | Safeguards |
|---|---|---|---|
| Stripe | Payment processing | USA | EU-US Data Privacy Framework |
| Resend | Transactional email delivery | USA | EU-US Data Privacy Framework |
| Hetzner | Server hosting | Germany | GDPR compliant, EU-based |
| Sentry | Error monitoring (anonymized, no PII) | USA | EU-US Data Privacy Framework |
We may also disclose data if required by law or court order.
5. Data Storage and Security
5.1 Location
Your data is stored on servers in Germany (Hetzner), within the European Union.
5.2 Security Measures
- Encryption in transit (HTTPS/TLS)
- Encryption at rest for sensitive financial data (bank account details)
- Password hashing (PBKDF2 with SHA256)
- Regular security updates
- Access controls and authentication enforcement
- Single-session enforcement per account
5.3 Retention Period
| Data Type | Retention |
|---|---|
| Account data | Until account deletion + 30 days |
| Invoice data | 5 years after creation (legal requirement) |
| Payment history | 7 years (tax compliance) |
| Error logs | 90 days |
| Server logs | Rotating, maximum 5 log files retained |
6. Your Rights (GDPR)
You have the right to:
| Right | Description |
|---|---|
| Access | Request a copy of your data |
| Rectification | Correct inaccurate data |
| Erasure | Delete your account and data ("right to be forgotten") |
| Portability | Export your data in standard formats (PDF, Excel) |
| Restriction | Limit how we process your data |
| Objection | Object to certain processing |
| Withdraw consent | Where processing is based on consent |
To exercise these rights, contact us at: contact@billzen.app
We will respond within 30 days.
Note: Certain data may be retained beyond deletion requests where required by law (e.g., invoice records for tax compliance).
7. Cookies
We use only essential cookies required for the service to function:
| Cookie | Purpose | Duration |
|---|---|---|
| sessionid | User authentication session | Until logout |
| csrftoken | Cross-site request forgery protection | 1 year |
We do NOT use: - Tracking cookies - Advertising cookies - Third-party analytics cookies
8. Children's Privacy
BillZen is not intended for use by individuals under 18 years of age. We do not knowingly collect data from children.
9. International Data Transfers
Some of our service providers are located outside the European Union (USA). Where data is transferred outside the EU, it is protected by: - EU-US Data Privacy Framework certification - Standard contractual clauses where applicable
Sentry receives only anonymized error data with no personally identifiable information (PII is explicitly disabled).
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification at least 30 days in advance.
11. Contact & Complaints
Questions or requests: Email: contact@billzen.app
Data Protection Contact: Nikola Jevtić Email: contact@billzen.app
Complaints: If you believe we have violated your privacy rights, you may file a complaint with the Spanish Data Protection Agency (AEPD): - Website: www.aepd.es - Address: C/ Jorge Juan, 6, 28001 Madrid, España
12. Spanish Law Compliance
This Privacy Policy complies with: - General Data Protection Regulation (GDPR) - EU 2016/679 - Ley Orgánica de Protección de Datos y Garantía de Derechos Digitales (LOPDGDD) - Spain
This document was last reviewed on March 2, 2026.