This Privacy Policy (hereinafter “Policy”) describes what personal data BillingEngine collects, why it is processed, and what rights you have. Processing is governed by EU Regulation 2016/679 (GDPR) and applicable national data protection law.
1. Data controller
| Controller | Michal Keller |
| Company ID (IČO) | 88057801 |
| Registered address | Sušilova 1337/2, 500 02 Hradec Králové, Czech Republic |
| info@billingengine.cloud | |
| Website | billingengine.cloud |
2. What data we process
2.1 Registration and billing data
When registering or entering into a contract, we process:
- first and last name, or company name,
- e-mail address,
- billing address,
- company registration number and VAT number (for businesses).
2.2 Operational and technical data
When you use the Service, we automatically record:
- IP address and browser / client application type,
- API call logs (timestamp, endpoint, status code),
- error and outage logs.
2.3 Data submitted via the API
Detail Records (DR) and price list configurations you submit to the system via the API remain your property. We process them solely for the purpose of providing the Service — calculating prices and generating billing data.
3. Why we process your data
| Purpose | Legal basis |
|---|---|
| Contract performance (account operation, billing) | Art. 6(1)(b) GDPR |
| Legal obligation (accounting, tax) | Art. 6(1)(c) GDPR |
| Legitimate interest (security, fraud prevention) | Art. 6(1)(f) GDPR |
| Sending operational notifications and reminders | Art. 6(1)(b) GDPR |
We do not sell personal data to third parties or use it for advertising purposes.
4. Who we share data with
Personal data may be shared exclusively with technical infrastructure providers to the minimum extent necessary, always on the basis of a data processing agreement:
- Hosting provider — server infrastructure operation,
- Payment gateway — payment processing (billing data only),
- E-mail provider — sending transactional messages and notifications.
We do not transfer data outside the European Economic Area (EEA). Should such a transfer occur, we will ensure appropriate safeguards (EU Standard Contractual Clauses).
5. How long we retain data
| Data category | Retention period |
|---|---|
| Registration and contractual data | Duration of the contract + 3 years |
| Invoices and billing documents | 10 years (statutory obligation) |
| Operational logs and API records | 12 months |
| Data after account cancellation | 30 days, then permanently deleted |
6. Your rights
As a data subject, you have the following rights:
- Access — the right to obtain confirmation of whether we process your personal data and to access it.
- Rectification — the right to have inaccurate or incomplete data corrected.
- Erasure — the right to have your data deleted (“right to be forgotten”) when the processing purpose no longer applies.
- Restriction — the right to request a temporary restriction on processing.
- Portability — the right to receive your data in a machine-readable format.
- Objection — the right to object to processing based on legitimate interest.
- Withdrawal of consent — where processing is based on consent, you may withdraw it at any time.
Submit requests to info@billingengine.cloud. We will respond within 30 days of receipt.
You also have the right to lodge a complaint with a supervisory authority. If you are based in the Czech Republic:
Office for Personal Data Protection Pplk. Sochora 27, 170 00 Prague 7, Czech Republic www.uoou.cz
7. Cookies
The Service’s web interface uses:
- Necessary cookies — enable login and core functionality. No consent required.
- Analytics cookies — help us understand how you use the Service. Set only with your consent.
| Name | Type | Purpose | Retention | Provider |
|---|---|---|---|---|
be_cookie_consent | Functional | Stores your cookie consent preference | Until browser data is cleared | BillingEngine |
_ga | Analytics | Distinguishes individual users | 2 years | Google LLC |
_ga_* | Analytics | Maintains session state in Google Analytics 4 | 2 years | Google LLC |
Analytics cookies are processed solely on the basis of your freely given and informed consent (Art. 6(1)(a) GDPR and the ePrivacy Directive 2002/58/EC). We use Google Analytics 4 with Consent Mode v2 implemented — no analytics cookies are set and no data is transmitted without your consent. Data transfers to the USA are safeguarded by EU Standard Contractual Clauses.
You can manage cookie settings via the consent banner or your browser settings.
8. Security
We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or destruction — including encryption in transit (TLS) and at rest (AES-256), and restricting data access to the minimum necessary.
9. Changes to this Policy
We will notify you of material changes by e-mail or via a notice in the Service interface. The date of the last update is always shown at the top of this document.
This Policy is effective as of 17 March 2026. The current version is always available at billingengine.cloud/en/privacy/.