Privacy Policy

FootBill Inc.
Effective Date: February 22, 2026

FootBill Inc. ("FootBill," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the FootBill platform, including our website, applications, and related services (collectively, the "Service").

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

We reserve the right to modify this Privacy Policy at any time. If we make material changes, we will notify you by updating the date of this Privacy Policy and posting it on our website and/or other Services, or by email if required by law. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, phone number, company name, and billing address when you register for an account.
• Financial Data: Invoice details, expense records, payment information, client and vendor data, and other financial information you input into the Service.
• Payment Information: Credit card or payment method details processed through our third-party payment processors. We do not store full credit card numbers on our servers.
• Communications: Information you provide when you contact us for support, submit feedback, or communicate with us through any channel.
• Third-Party Account Information: If you choose to connect third-party accounts to the Service (such as Google, accounting software, or banking services), we may collect information associated with your third-party account, such as your name, email address, and profile information you provided to the relevant third party.

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on the Service, click patterns, and other interaction data.
• Device Information: Browser type, operating system, device type, screen resolution, unique device identifiers, and language settings.
• Log Data: IP address, access times, referring URLs, and error logs.
• Location Data: General location based on your IP address.
• Cookies and Similar Technologies: We use cookies, local storage, web beacons, and similar technologies to maintain sessions, remember preferences, analyze usage, and facilitate advertising. See Section 7 for details.

1.3 Information from Third Parties

• Payment Processors: Transaction confirmations and payment status from services such as Stripe (see Stripe's Privacy Policy).
• Financial Data Providers: Account and transaction information if you connect banking services through providers such as Plaid. By using Plaid, you grant FootBill and Plaid the right to access and transmit your personal and financial information from the relevant financial institution (see Plaid's Privacy Policy).
• Authentication Providers: Basic profile information if you sign in using a third-party service (e.g., Google).
• Analytics and Advertising Partners: We may receive information about your interactions with our advertisements and emails from third-party analytics and advertising platforms.

1.4 Derived and Inferred Information

We may derive or infer information about you based on data we collect. For example, we may infer your preferences for certain features based on your usage patterns, or we may use AI tools within the Service to generate insights from your financial data. See Section 6 for details on AI-related data practices.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide, operate, and maintain the Service, including processing invoices and payments;
• Process transactions and send related information (invoices, receipts, payment confirmations);
• Create and manage your account;
• Respond to your requests, comments, and support inquiries;
• Send administrative communications (service updates, security alerts, policy changes);
• Analyze usage patterns to improve the Service and develop new features;
• Conduct research and development to enhance our products and services;
• Detect, prevent, and address technical issues, fraud, and security threats;
• Personalize your experience with FootBill;
• Send you marketing communications, subject to your opt-out preferences (see Section 8);
• Display interest-based advertising (see Section 7);
• Comply with legal obligations and enforce our terms.

We will not use your financial data for advertising purposes or sell it to third parties.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

With third-party vendors who assist us in operating the Service. These include, but are not limited to:

• Stripe — Payment processing (Privacy Policy)
• Plaid — Bank account linking and financial data retrieval (Privacy Policy)
• Google Analytics — Usage analytics (Privacy Policy)

These providers are contractually obligated to protect your data and use it only for the purposes we specify. We encourage you to review the privacy policies of each provider linked above.

Advertising Partners

We may share limited usage data with advertising partners (such as Google Ads, Meta/Facebook, and similar platforms) for the purpose of interest-based advertising and measuring advertising performance. These partners may use cookies and similar technologies to track your interactions. See Section 7 for opt-out options.

Legal Requirements

When required by law, regulation, legal process, or governmental request.

Protection of Rights

To protect the rights, property, or safety of FootBill, our users, or the public.

Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change by posting a notice on the Service or by email.

Professional Advisors

We may share information with professional advisors such as lawyers, auditors, bankers, and insurers where necessary in the course of the professional services they render to us.

With Your Consent

When you explicitly authorize us to share information with a third party.

4. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit (TLS/SSL) and at rest;
• Regular security assessments and vulnerability testing;
• Access controls limiting employee access to personal data on a need-to-know basis;
• Secure infrastructure hosted on reputable cloud providers;
• Multi-factor authentication options for user accounts.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. You play a critical role in protecting your information by maintaining strong passwords and keeping your login credentials confidential.

5. Data Breach Notification

In the event of a data breach that compromises your personal information, FootBill will take the following steps:

• Investigate and contain the breach as promptly as possible;
• Assess the risk of harm to affected individuals;
• Notify affected users and applicable regulatory authorities (including the Office of the Privacy Commissioner of Canada, as required under PIPEDA) without unreasonable delay;
• Provide information about the nature of the breach, the types of data affected, and recommended steps you can take to protect yourself;
• Maintain records of all breaches as required by applicable law.

If you believe your account or personal data has been compromised, please contact us immediately at privacy@footbill.ca.

6. Artificial Intelligence and Automated Processing

Certain features of the Service may use artificial intelligence ("AI") tools to provide functionality such as invoice generation assistance, financial insights, smart categorization, and content suggestions.

6.1 What Data AI Features Access

AI features within the Service may access your financial data, invoice content, client information, and usage patterns to generate outputs and recommendations. We process this data in accordance with this Privacy Policy.

6.2 Third-Party AI Providers

Some AI features may be powered by third-party AI providers. When this is the case, your data (including Inputs and Outputs as defined in our Terms of Service) may be transmitted to those providers for processing. We require all third-party AI providers to handle your data in accordance with appropriate data protection standards.

6.3 Your Responsibilities

AI-generated outputs may not be unique, accurate, or reliable. You are solely responsible for reviewing and verifying any AI-generated content before using it. FootBill will not be liable for any errors, inaccuracies, or consequences arising from your reliance on AI-generated outputs.

6.4 No Sensitive Decision-Making

We do not use AI to make automated decisions that have a legal or similarly significant effect on you without human review. Our AI features are designed to assist, not replace, your professional judgment.

7. Cookies, Tracking Technologies, and Interest-Based Advertising

7.1 Types of Cookies We Use

• Essential Cookies: Required for the Service to function (e.g., authentication, session management, security). These cannot be disabled.
• Analytics Cookies: Help us understand how users interact with the Service so we can improve it. These include cookies set by services such as Google Analytics.
• Preference Cookies: Remember your settings and preferences to enhance your experience.
• Advertising/Marketing Cookies: Used by us and our advertising partners to deliver targeted advertisements and measure their performance. These may include cookies from Google Ads, Meta/Facebook Pixel, and similar platforms.

7.2 Specific Third-Party Tracking Services

We use the following third-party tracking and analytics services:

• Google Analytics 4 — Web analytics (Privacy Policy; Opt-out)
• Google Ads Conversion Tracking — Advertising measurement (Privacy Policy)
• Meta/Facebook Pixel — Advertising measurement and retargeting (Privacy Policy; Opt-out)

7.3 How to Opt Out of Interest-Based Advertising

You have several options for limiting interest-based advertising:

• Browser Settings: Most browsers allow you to block or delete cookies. Note that blocking all cookies may affect the functionality of the Service.
• Mobile Device Settings: Your mobile device settings may allow you to limit the use of your advertising ID for interest-based advertising.
• Privacy Plug-ins: Browser extensions like Privacy Badger, Ghostery, or uBlock Origin can block third-party trackers.
• Platform-Specific Opt-Outs: Google, Facebook.
• Industry Opt-Out Tools: Digital Advertising Alliance, Network Advertising Initiative.

Note that opt-out mechanisms are specific to the device and browser on which they are exercised. You will need to opt out on each device and browser you use.

7.4 Do Not Track / Global Privacy Control

Some browsers may transmit "Do Not Track" (DNT) signals. We currently do not respond to DNT signals, as there is no uniform industry standard for interpreting them. However, we do honor Global Privacy Control (GPC) signals where required by applicable law. If your browser sends a GPC signal, we will treat it as a valid opt-out of the sale or sharing of your personal information, as applicable.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Data Portability: Request your data in a structured, machine-readable format.
• Opt-Out of Sale/Sharing: Where applicable, opt out of the sale or sharing of your personal information.
• Opt-Out of Communications: Opt out of non-essential communications at any time by using the unsubscribe link in emails or adjusting your account settings.
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
• Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

8.1 How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@footbill.ca. We will respond within the timeframe required by applicable law (typically 30 days, subject to extensions permitted by law). We may request information necessary to verify your identity before processing your request.

8.2 Authorized Agents

You may designate an authorized agent to make privacy requests on your behalf. To do so, you must provide the authorized agent with signed, written permission or a valid power of attorney. We may follow up directly with you to verify your identity and confirm the agent's authority before processing the request.

9. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. After account termination, we may retain certain data as required by law (including tax and financial record-keeping requirements) or for legitimate business purposes such as resolving disputes, enforcing agreements, and meeting audit obligations.

You may request deletion of your account and associated data by contacting us at privacy@footbill.ca. We will process your request in accordance with applicable laws. Note that certain data may need to be retained for legal or regulatory compliance even after deletion is requested.

10. International Data Transfers

FootBill is based in Canada. If you access the Service from outside Canada, your information may be transferred to and processed in Canada or other jurisdictions where our service providers operate (including the United States).

We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy and applicable law, including:

• Entering into data processing agreements with service providers that include standard contractual clauses or equivalent protections;
• Ensuring that transfers to countries without adequate data protection are subject to appropriate safeguards as required by PIPEDA, GDPR, or other applicable law.

11. Legal Basis for Processing

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data only when we have a valid legal basis to do so. The legal bases we rely on include:

• Consent: Where you have given us explicit consent to process your data for a specific purpose (e.g., marketing communications, non-essential cookies).
• Contractual Necessity: Where processing is necessary to perform our contract with you or to take pre-contractual steps at your request (e.g., providing the Service, processing payments).
• Legal Obligation: Where processing is necessary to comply with a legal obligation (e.g., tax reporting, responding to lawful government requests).
• Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms (e.g., improving the Service, fraud prevention, security).

You have the right to withdraw consent at any time, object to processing based on legitimate interests, and lodge a complaint with your local data protection authority.

12. Google API Services User Data Policy

If you integrate your Google account with the Service (for example, to import contacts, sync calendar events, or connect Google Drive), we may access information from your Google account ("Google Account Information").

Our use of Google Account Information adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we:

• Only use Google Account Information to provide and improve the Service;
• Do not transfer Google Account Information to third parties except as necessary to provide or improve the Service, as required by law, or in connection with a merger, acquisition, or sale of assets (with notice to users);
• Do not use Google Account Information for serving advertisements;
• Do not permit humans to read Google Account Information except: (a) with your affirmative consent; (b) as necessary for security purposes or to comply with applicable law; or (c) where use is limited to internal operations and the data has been aggregated and anonymized.

13. Children's Privacy

The Service is not intended for individuals under the age of 16 (or under the age of 13 in jurisdictions where COPPA applies). We do not knowingly collect personal information from children under these age thresholds. If we learn that we have collected information from a child under the applicable minimum age, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@footbill.ca.

14. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information. These links and integrations do not constitute our endorsement of, or affiliation with, any third party.

15. Notice to California Residents (CCPA/CPRA)

This section applies only to residents of California and supplements the rest of this Privacy Policy. It describes your rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA").

15.1 Categories of Personal Information We Collect

The following summarizes the categories of personal information we collect, as defined by the CCPA/CPRA:

• Identifiers (name, email, phone, IP address) — Used for service delivery, account management, marketing, and compliance. May be shared with service providers, advertising partners, and legal authorities. May constitute sharing for cross-context behavioral advertising.
• Commercial information (invoices, transactions, billing) — Used for service delivery, research and development, and compliance. Shared with service providers, legal authorities, and business transferees. Not sold or shared.
• Financial data (bank account, payment card details) — Used for service delivery, payment processing, and compliance. Shared with service providers (Stripe, Plaid) and legal authorities. Not sold or shared.
• Internet/electronic network activity (usage data, cookies, IP) — Used for service delivery, analytics, advertising, and security. Shared with service providers, analytics providers, and advertising partners. May constitute sharing for cross-context behavioral advertising.
• Geolocation data (approximate, from IP) — Used for service delivery, analytics, and security. Shared with service providers and analytics providers. Not sold or shared.
• Inferences (preferences, behavior patterns) — Used for service improvement and personalization. Shared with service providers. Not sold or shared.

15.2 Your California Privacy Rights

As a California resident, you have the following rights:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, our purposes for collecting it, and the categories of third parties to whom we disclosed it.
• Right to Delete: You may request that we delete your personal information, subject to certain legal exceptions.
• Right to Correct: You may request that we correct inaccurate personal information.
• Right to Opt Out of Sale/Sharing: You may opt out of the sale or sharing of your personal information for cross-context behavioral advertising. To do so, contact us at privacy@footbill.ca or use the Global Privacy Control signal in your browser.
• Right to Limit Sensitive Information Use: You may request that we limit our use of sensitive personal information to purposes necessary to provide the Service.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, contact us at privacy@footbill.ca. You may also designate an authorized agent as described in Section 8.2. We will verify your identity before processing your request.

15.3 Financial Incentive Programs

We do not offer financial incentive programs that require CCPA disclosure at this time. If this changes, we will update this section accordingly.

16. Notice to Users in Other U.S. States

If you reside in a U.S. state with comprehensive privacy legislation (such as Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, or others), you may have additional rights similar to those described in the California section above, including rights to access, correct, delete, and port your data, as well as rights to opt out of targeted advertising and the sale of personal information. To exercise these rights, contact us at privacy@footbill.ca. We will process your request in accordance with the applicable state law.

17. Notice to Users in Canada

FootBill complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. Under these laws, you have the right to access and request correction of your personal information, withdraw consent (subject to legal or contractual restrictions), and file a complaint with the Office of the Privacy Commissioner of Canada.

We collect, use, and disclose your personal information only for the purposes identified in this Privacy Policy or as required by law. We obtain your consent for the collection, use, and disclosure of your personal information, except where consent is not required by law.

18. Publicity

We may use your company name and logo on our website and marketing materials to identify you as a FootBill customer, unless you opt out by notifying us at privacy@footbill.ca. We will not use your personal name, likeness, or endorsement without your explicit consent.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last Updated" date. For material changes, we will also provide notice via email to the address associated with your account. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us at:

FootBill Inc.
Privacy Officer
Email: privacy@footbill.ca
General Inquiries: info@footbill.ca