Privacy Policy
Stand: May 2026
The German version of this policy is the legally binding one.
1. Controller
The controller for data processing on this website is:
Constantin Gebhard
Friedrich-Springorum-Straße 39A
40237 Düsseldorf
Germany
2. General information
Protecting your personal data matters to us. Below we explain which data is processed when you use Billstac, and for what purposes.
Billstac is a software for organising and managing invoices. Users can upload invoices, forward them via email, or have them imported automatically from their Gmail or Outlook inbox.
3. Registration and user account
When you create and use an account, we process in particular:
- Email address
- Name (if provided)
- Login credentials
- Account settings
- Usage information
This data is processed to provide your account and enable use of Billstac.
4. Invoices and documents
When using Billstac, the following data may be processed:
- Uploaded invoices
- PDF files
- Image files
- Invoice information
- Payment details on invoices
- Categories and notes
- Due dates
Storage is solely for providing the features you requested.
5. Gmail and Outlook integration
If you connect your Google or Microsoft account to Billstac, Billstac receives read access to your inbox in order to detect and import invoices automatically.
Billstac scans incoming emails automatically for invoice-related characteristics and only processes messages relevant to invoice detection.
The following information may be processed:
- Email subject
- Email content
- Attachments
- Technical metadata
Processing is solely for the purpose of automatic invoice detection and import.
Your email contents are not permanently stored by Billstac. We only store imported invoices, the invoice data extracted from them, and technical information required for synchronisation and to avoid duplicate imports.
You can disconnect the integration at any time in the settings.
6. AI-based invoice recognition
To automatically extract invoice data, uploaded invoices, attachments or invoice-related content are processed technically. For this we use the "Lovable AI Gateway" as a technical processor, which forwards the content to AI language models.
The following data may be processed:
- Invoice documents
- PDF files
- Image files
- Invoice information
- Invoice-related email content
Processing is solely for automatic detection and structuring of invoice data. Your content is not used to train AI models.
7. Payment processing
For paid services, Billstac uses the payment service provider Stripe (Stripe Payments Europe, Ltd., Ireland).
Payment processing is handled entirely by Stripe. Billstac does not store credit card or payment data.
More information: https://stripe.com/privacy
8. Email communication
We use the external email service Postmark (ActiveCampaign, LLC) to send transactional emails and to receive incoming emails (e.g. forwarded invoices), such as:
- Account notifications
- Reminders
- Support messages
- Information about your account
For this purpose we process your email address and the information required for delivery.
9. Hosting and infrastructure
To provide Billstac we use the following technical providers:
- Lovable Cloud (based on Supabase) for database, authentication and file storage – servers in the European Union (Ireland).
- Cloudflare for application hosting and as CDN/proxy.
Personal data (invoices, documents, account data) is processed on servers within the European Union.
10. Analytics and product improvement
If you grant consent, we use the analytics tool PostHog to understand how Billstac is used and to improve the platform.
The following data may be processed:
- Device information
- Browser information
- Page views
- Interactions within the application
- Technical usage data
Processing is based exclusively on your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time via the cookie settings.
11. Session replay
If you grant consent, technical session recordings may be created via PostHog to identify errors and usability issues.
Interactions within the application are recorded.
To protect your privacy, input fields and text content are masked by default, and images, PDFs and QR codes are hidden, so that no sensitive invoice or payment data becomes visible.
12. Error analysis and security
To ensure platform stability and security we use the error monitoring service Sentry (Functional Software, Inc.).
The following may be processed:
- Device information
- Browser information
- Technical error messages
- Technical usage data
- Your user ID and email address (for error attribution)
Sensitive content such as IBANs, payment data and request bodies is automatically scrubbed before being sent to Sentry.
13. Support
When you contact support, we process the information you provide in order to handle your request.
For error analysis and the handling of support requests, authorised administrators may in individual cases be granted access to user accounts, to the extent necessary to handle a support request or fix technical issues.
14. Legal bases
Personal data is processed based in particular on:
- Art. 6(1)(b) GDPR (performance of a contract)
- Art. 6(1)(a) GDPR (consent)
- Art. 6(1)(f) GDPR (legitimate interest)
15. Retention period
Personal data is stored only as long as required for the respective purposes or as required by statutory retention obligations.
You may delete your account at any time.
When you delete your account, the associated invoices, documents and account data are removed, unless statutory retention obligations apply. To prevent abuse, an anonymised deletion marker (without reference to you) is retained. With third-party providers (e.g. Stripe, Postmark) residual data may continue to exist under their respective retention policies.
16. Your rights
You have the right to:
- Access
- Rectification
- Erasure
- Restriction of processing
- Data portability
- Object to processing
- Withdraw given consent
To exercise your rights, you can contact us at any time at .
17. Right to complain
You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data.
18. Changes to this privacy policy
We reserve the right to adapt this privacy policy when this becomes necessary due to technical, legal or organisational changes.
