Privacy Policy

Last updated: February 9, 2026

Introduction

CoreBill ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered billing platform and API services. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the service.

Information We Collect

Personal Information

We collect information that you provide directly to us, including:

  • Account information (name, email address, password)
  • Organization details (company name, team members)
  • Payment information (processed securely through our payment providers)
  • Communication data (support messages, feedback)
  • Profile information (avatar, job title, preferences)

Customer Data

When you use CoreBill to manage billing and invoicing, we process:

  • Customer information (names, email addresses, contact details)
  • Invoice and quote content (items, amounts, metadata)
  • Email communications sent through our platform
  • Custom fields and tags you create
  • AI Agent conversation data (prompts and responses)

Automatically Collected Information

We automatically collect certain information when you use our services:

  • Device information (IP address, browser type, operating system)
  • Usage data (pages viewed, features used, time spent)
  • API usage and performance metrics
  • Cookies and similar tracking technologies
  • Log data (access times, error reports, system activity)

How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve our billing and invoicing platform
  • AI Agent: To process natural language requests and execute billing operations through our AI Agent
  • Account Management: To create and manage your account, authenticate users, and process payments
  • Communications: To send transactional emails, service updates, and respond to inquiries
  • Analytics: To understand how our services are used and improve performance
  • Security: To detect, prevent, and address technical issues, fraud, and security threats
  • Compliance: To comply with legal obligations and enforce our terms of service

AI Agent Data Processing

CoreBill includes an AI Agent powered by third-party AI models. When you use the AI Agent:

  • Your conversation messages are sent to our AI provider (Anthropic) for processing
  • The AI Agent accesses your company data (customers, invoices, quotes) to execute requested actions
  • Conversation history is stored to provide context for ongoing interactions
  • We do not use your conversation data to train AI models
  • You can delete conversation history at any time from your account

Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We work with third-party service providers who perform services on our behalf:

  • Cloud infrastructure (Vercel)
  • Database hosting (Supabase)
  • Email delivery services (Amazon SES)
  • File storage (Amazon S3)
  • AI processing (Anthropic)
  • Analytics providers (limited to aggregated data)

Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety, or that of our users.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in transit (TLS/SSL) and at rest
  • Secure password hashing with bcrypt
  • JWT-based authentication with HTTP-only cookies
  • Access controls and role-based permissions
  • Regular security assessments
  • Incident response and data breach notification procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations. When you close your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal, accounting, or security purposes.

Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request transfer of your data to another service
  • Objection: Object to processing of your information for certain purposes
  • Restriction: Request restriction of processing in certain circumstances
  • Withdraw Consent: Withdraw consent for processing where we rely on consent

To exercise these rights, please contact us at privacy@corebill.io

Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Keep you logged in and remember your preferences
  • Understand how you use our services
  • Improve performance and user experience
  • Provide security features and fraud prevention

You can manage your cookie preferences through our cookie consent banner or your browser settings. Note that disabling cookies may affect your ability to use certain features of our service.

International Data Transfers

CoreBill operates globally. If you access our services from outside the United States, your information may be transferred to, stored, and processed in the U.S. and other countries. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable laws, including Standard Contractual Clauses where required.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@corebill.io.

GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • We process your data based on legal grounds (contract, consent, legitimate interest, or legal obligation)
  • You have the right to lodge a complaint with your local data protection authority
  • We conduct Data Protection Impact Assessments for high-risk processing
  • We maintain records of processing activities as required by Article 30 GDPR

CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect and how it is used
  • Right to delete personal information (with certain exceptions)
  • Right to opt-out of the sale of personal information (we do not sell your information)
  • Right to non-discrimination for exercising your privacy rights

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: privacy@corebill.io

General: hello@corebill.io