← Back to home

Privacy Policy

Last updated: April 7, 2026

1. Introduction

Welcome to AutoBillHQ ("we", "our", or "us"). We are committed to protecting your privacy and ensuring the security of your personal and business information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access our invoicing and expense tracking platform at autobillhq.com.

By using our platform, you consent to the data practices described in this policy. If you do not agree with the terms of this privacy policy, please do not use the application.

2. Information We Collect

We collect information that identifies you personally or your business ("Personal Information") and information about your use of the platform. This includes:

Account Data: Name, email address, phone number, business name, country, and logo provided during registration or account setup.

Invoice and Business Data: Details of invoices, quotes, customer records, expense entries, payment records, and financial information you upload or create on the platform.

Billing Data: If you subscribe to a paid plan, payment processing is handled by third-party payment processors. We do not store your card details. We store your subscription status, plan type, and billing period.

Usage Data: Information about your interaction with the platform, such as access times, pages viewed, browser type, device type, and IP addresses, collected automatically to ensure system security and performance.

Cookies: We use essential cookies for authentication and functional cookies for preferences. We do not use advertising or third-party tracking cookies.

3. How We Use Your Information

We use the collected information for the following purposes:

  • To facilitate the creation, delivery, and tracking of your invoices, quotes, and expenses
  • To send automatic payment reminders on your behalf to your clients
  • To communicate with you regarding the status of your account, payment updates, or platform maintenance
  • To process subscription payments through our payment processors
  • To generate PDF invoices and quotes with your business details
  • To improve the platform based on aggregate usage patterns
  • To comply with legal obligations, including tax reporting and auditing requirements in applicable jurisdictions

We do not sell, trade, or rent your personal information to others for marketing purposes. Ever.

4. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include data encryption in transit and at rest, secure authentication, and strict access controls.

Passwords are cryptographically hashed. We never store or have access to your plain-text password.

Access to production systems is restricted to authorized personnel only, with audit logging on all administrative actions. However, please note that no method of transmission over the Internet or electronic storage is 100% secure.

5. Disclosure to Third Parties

We do not sell, trade, or rent your personal information to others. We may share your information with:

  • Payment processors (Stripe and Paystack) to process your subscription payments. They receive only the data necessary to complete the transaction.
  • Email delivery services to send invoices, reminders, and account notifications on your behalf.
  • Image hosting services to store your business logo if you upload one.

Each third-party service operates under its own privacy policy. We only share the minimum data required for each service to function and ensure they agree to keep your information confidential.

6. Your Rights

You have the right to:

  • Access your data at any time through your account dashboard
  • Export your invoices, expenses, and customer data via CSV export
  • Correct inaccurate data through your settings page
  • Delete your account and all associated data by contacting us at [email protected]
  • Withdraw consent to data processing at any time by deleting your account

7. Compliance with NDPR

This Privacy Policy is crafted in accordance with the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023. We respect your rights as a data subject, including your right to access, correct, or request the deletion of your personal data, subject to legal and regulatory retention requirements.

If you are a Nigerian resident and wish to exercise your data protection rights, contact us at [email protected]. We will respond within 30 days.

8. Compliance with GDPR

If you are a resident of the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) and UK GDPR apply to our processing of your personal data. Under these regulations, you have additional rights:

  • Right to be informed about how your data is collected and used (this policy)
  • Right of access to obtain a copy of your personal data
  • Right to rectification of inaccurate personal data
  • Right to erasure ("right to be forgotten") of your personal data
  • Right to restrict processing in certain circumstances
  • Right to data portability to receive your data in a machine-readable format (CSV export)
  • Right to withdraw consent at any time

Legal basis for processing: We process your data on the basis of contractual necessity (to provide the invoicing service you signed up for), legitimate interest (to improve the platform and prevent fraud), and consent (for optional features like marketing communications, if applicable).

Data transfers: Your data may be processed on servers located outside the EEA. Where this occurs, we ensure appropriate safeguards are in place in compliance with GDPR requirements.

To exercise any GDPR rights, email [email protected]. We will respond within 30 days.

9. Data Retention

We retain your data for as long as your account is active. If you delete your account, we remove all personal data within 30 days. We may retain anonymized, aggregated data for analytics purposes.

Invoice and financial records may be retained for up to 7 years after account deletion to comply with tax and accounting regulations in applicable jurisdictions (including FIRS, HMRC, and IRS requirements).

10. Children

AutoBillHQ is not intended for use by anyone under the age of 18. We do not knowingly collect data from children. If we become aware that we have collected personal data from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you by email or through the application at least 14 days before they take effect. The "last updated" date at the top reflects when this policy was last revised.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]