Privacy Policy

Last updated: February 8, 2026

1. Introduction

This Privacy Policy explains how Nikola Jevtić ("we", "us", "our"), operating as BillZen, collects, uses, and protects your personal data when you use our invoicing service at billzen.app.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and Spanish data protection laws (LOPDGDD).

Data Controller: - Name: Nikola Jevtić (Autónomo) - Address: Carrer de Don Armando Palacio Valdés 10 4, 46010 Valencia, España - Email: contact@billzen.app

2. Data We Collect

2.1 Account Information

Email address
Password (encrypted, we cannot see it)
Name (optional)

2.2 Profile Information

Business name
Business address
Tax identification number (NIF/VAT)
Phone number (optional)

2.3 Financial Information

Bank account details (encrypted)
Payment information (processed by Stripe, we don't store card details)
Subscription history

2.4 Invoice Data

Client names and addresses
Invoice amounts and items
Payment status

2.5 Technical Data

IP address
Browser type
Device information
Usage logs

3. How We Use Your Data

Purpose	Legal Basis (GDPR)
Provide the invoicing service	Contract performance
Process payments	Contract performance
Send transactional emails	Contract performance
Customer support	Legitimate interest
Improve our service	Legitimate interest
Prevent fraud	Legitimate interest
Legal compliance	Legal obligation

We do NOT use your data for: - Selling to third parties - Targeted advertising - Profiling for marketing

We share your data only with:

Third Party	Purpose	Location	Safeguards
Stripe	Payment processing	USA	EU-US Data Privacy Framework
Resend	Email delivery	USA	EU-US Data Privacy Framework
Hetzner	Server hosting	Germany	GDPR compliant

We may also disclose data if required by law or court order.

5. Data Storage and Security

5.1 Location

Your data is stored on servers in Germany (Hetzner), within the European Union.

5.2 Security Measures

Encryption in transit (HTTPS/TLS)
Encryption at rest for sensitive data
Password hashing (bcrypt)
Bank account encryption
Regular security updates
Access controls

5.3 Retention Period

Data Type	Retention
Account data	Until account deletion + 30 days
Invoice data	5 years after creation (legal requirement)
Payment history	7 years (tax compliance)
Server logs	90 days

You have the right to:

Right	Description
Access	Request a copy of your data
Rectification	Correct inaccurate data
Erasure	Delete your account and data ("right to be forgotten")
Portability	Export your data in a machine-readable format
Restriction	Limit how we process your data
Objection	Object to certain processing
Withdraw consent	Where processing is based on consent

To exercise these rights, contact us at: contact@billzen.app

We will respond within 30 days.

7. Cookies

We use only essential cookies required for the service to function:

Cookie	Purpose	Duration
sessionid	User session	Until logout
csrftoken	Security	1 year

We do NOT use: - Tracking cookies - Advertising cookies - Third-party analytics

8. Children's Privacy

BillZen is not intended for use by individuals under 18 years of age. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification.

10. Contact & Complaints

Questions or requests: Email: contact@billzen.app

Complaints: If you believe we have violated your privacy rights, you may file a complaint with the Spanish Data Protection Agency (AEPD): - Website: www.aepd.es - Address: C/ Jorge Juan, 6, 28001 Madrid, España

11. Spanish Law Compliance

This Privacy Policy complies with: - General Data Protection Regulation (GDPR) - EU 2016/679 - Ley Orgánica de Protección de Datos y Garantía de Derechos Digitales (LOPDGDD) - Spain

This document was last reviewed on February 8, 2026.