1. General
This policy describes how RedX Solutions Ltd. (company no. 513838060) ("BillBridge", "we"), operator of billbridge.co.il and app.billbridge.co.il (the "Service"), collects and processes information. BillBridge is an accounts-payable automation platform: it ingests invoices and receipts, extracts accounting data, detects duplicates, and reconciles documents against bank and credit-card transactions for accounting-period closing.
2. Information We Collect
Account details (name, email, business details); financial documents you upload or authorize us to collect; Google user data (Section 3); bank and credit-card transaction data via a licensed provider (Section 4); technical usage data for security and operations.
3. Google User Data (Gmail and Google Drive)
With your explicit consent on Google's authorization screen, the Service accesses: (a) your Gmail inbox in read-only mode, solely to detect messages containing invoice or receipt attachments — only attachments identified as financial documents and minimal message metadata (sender, date, subject) are stored, and no other email content is retained; (b) a Google Drive folder you designate, in read-only mode, to import new invoice files. We never send, modify, or delete emails or files. You may disconnect your Google account at any time via the Service settings or at https://myaccount.google.com/permissions, which revokes our access tokens; you may also request deletion of collected data.
BillBridge's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, do not sell it, and do not allow humans to read it except with your explicit consent, for security purposes, or to comply with applicable law.
4. Bank and Credit-Card Data
Where you choose to connect financial accounts, access is performed exclusively through a third-party provider licensed under Israel's Financial Information Service Law, 5782-2021, within the regulated open-banking framework, and based on authorization granted by the account holder. Data is processed solely for the authorizing customer's own reconciliation and period-closing purposes — never for credit scoring, underwriting, or transfer to third parties for their own use.
5. Sharing
We do not sell personal data. We share data only with: technical sub-processors operating the Service (Supabase — database and storage; Vercel — hosting; Google Cloud Document AI — OCR; Anthropic — AI field extraction), bound by confidentiality and data-processing obligations; the accountant or bookkeeper you authorize; and authorities where required by law.
6. Security
We implement safeguards in line with Israel's Privacy Protection (Data Security) Regulations, 2017, including encryption in transit and at rest, encrypted access tokens, role-based access control, tenant isolation, and audit logging.
7. Retention and Deletion
Accounting records are retained as required by Israeli tax law (generally 7 years). Google and financial-provider access tokens are deleted immediately upon disconnection. You may request export and deletion of your data, subject to statutory retention duties.
8. Your Rights
Under the Israeli Privacy Protection Law (as amended by Amendment 13), you may access, correct, or request deletion of your personal data. Contact: via our contact page. Data Protection Officer: Gal Orbach (contact via the contact page).