Privacy Policy

Effective Date: November 2, 2025

Version 1.0

1. Introduction

Bear Billing, Inc. ("Bear Billing", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our billing and usage metering services.

This policy applies to our website, APIs, dashboard, and all related services (collectively, the "Services").

Your Rights at a Glance

  • ✓ Access your personal data
  • ✓ Request corrections or deletions
  • ✓ Export your data in machine-readable format
  • ✓ Opt out of marketing communications
  • ✓ Lodge complaints with supervisory authorities (EU/UK)

See Section 11 for complete details on your rights.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, phone number
  • Billing Information: Billing address, payment method (via Stripe - we never see full card details)
  • Usage Data: API calls, usage metrics, timestamps (metadata only - no end-user personal data)
  • Communications: Support tickets, feedback, survey responses

2.2 Information Collected Automatically

  • Technical Data: IP address, browser type, device information
  • Usage Analytics: Pages visited, features used, time spent
  • Cookies: See our Cookie Policy
  • Log Data: API requests, error logs, access logs

2.3 Information We Do NOT Collect

  • ❌ Your end users' personal data (only aggregate usage metrics)
  • ❌ Payment card details (handled by Stripe)
  • ❌ Sensitive personal data (health, biometric, genetic data)
  • ❌ Social security numbers or government IDs

3. How We Use Your Information

Service Delivery (Contract Performance)

  • Process and track usage for billing
  • Generate invoices and process payments
  • Provide customer support
  • Deliver account notifications

Service Improvement (Legitimate Interest)

  • Analyze usage patterns to improve features
  • Monitor and improve performance
  • Develop new products and features
  • Conduct research and analytics

Legal and Security (Legal Obligation / Legitimate Interest)

  • Comply with legal obligations
  • Detect and prevent fraud
  • Maintain security and prevent abuse
  • Enforce our Terms of Service

Marketing (Consent)

  • Send product updates and newsletters (you can opt out)
  • Provide relevant content and offers

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, UK, or Switzerland, we process your personal data based on:

  • Contract Performance: Necessary to provide our Services
  • Legal Obligation: Required by law (e.g., tax records)
  • Legitimate Interest: Service improvement, security, fraud prevention
  • Consent: Marketing communications, optional cookies

5. How We Share Your Information

5.1 Service Providers (Sub-processors)

We share data with trusted third-party service providers who help us deliver our Services:

  • Stripe: Payment processing (PCI DSS Level 1)
  • Infrastructure Provider: Cloud hosting (SOC 2 Type II)
  • Email Provider: Transactional emails
  • Support Platform: Customer support ticketing

See our Subprocessor List for complete details. All sub-processors sign data processing agreements and are bound by strict confidentiality.

5.2 Business Transfers

If we are acquired, merge with another company, or sell assets, your information may be transferred. You will be notified of any such change.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights, safety, or the rights of others.

5.4 We Do NOT

  • ❌ Sell your personal data to third parties
  • ❌ Share data with advertisers
  • ❌ Use your data to train AI models
  • ❌ Share data for marketing purposes (except our own)

6. International Data Transfers

Our servers are located in the United States. If you are located outside the US, your information will be transferred to and processed in the US.

For EU/UK/Swiss Users

We protect your data during international transfers using:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Supplementary measures per EDPB recommendations
  • Data residency options available upon request

See our Data Processing Agreement for details.

7. Data Security

We implement industry-leading security measures to protect your data:

  • Encryption: TLS 1.2+ in transit, AES-256 at rest
  • Access Controls: Role-based access, multi-factor authentication
  • Monitoring: 24/7 security monitoring and incident response
  • Audits: Regular security assessments and penetration testing
  • Compliance: Working toward SOC 2 Type II certification

See our Security page for complete details.

8. Data Retention

We retain your data only as long as necessary for the purposes described in this policy:

  • Account Data: Duration of account + 90 days
  • Usage Data: 2 years (for billing and analytics)
  • Financial Records: 7 years (legally required for tax purposes)
  • Support Tickets: 2 years from closure
  • Audit Logs: 2 years (security and compliance)
  • Marketing Data: Until you unsubscribe + 30 days

See our Data Retention Policy for complete details on retention periods and deletion procedures.

9. Cookies and Tracking

We use cookies and similar technologies to provide and improve our Services:

  • Necessary Cookies: Required for authentication and security
  • Functional Cookies: Remember your preferences (opt-in)
  • Analytics Cookies: Understand how you use our Services (opt-in)

You can manage cookie preferences at any time. See our Cookie Policy for detailed information.

10. Children's Privacy

Our Services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children.

If you believe a child has provided us with personal information, please contact us at [email protected] and we will delete the information promptly.

11. Your Privacy Rights

11.1 GDPR Rights (EU/UK/Swiss Users)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion ("right to be forgotten")
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing or optional cookies
  • Right to Lodge a Complaint: File complaint with your data protection authority

11.2 CCPA Rights (California Residents)

  • Right to Know: What personal information we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information
  • Right to Non-Discrimination: Equal service regardless of privacy choices

11.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: [email protected]

Subject Line: "Privacy Rights Request"

We will respond within 30 days.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email notification (30 days advance notice)
  • In-product notification
  • Updating the "Effective Date" at the top of this page

Continued use of our Services after changes take effect constitutes acceptance of the updated policy.

13. Contact Information

Bear Billing, Inc.

Data Protection Officer

Privacy Inquiries: [email protected]

Security Issues: [email protected]

General Support: [email protected]

EU Representative: [To be appointed if required]

UK Representative: [To be appointed if required]

Related Policies