Privacy Policy

1. Overview

BillDecoder.au takes your privacy seriously. We collect the minimum data needed to provide the service and nothing more.

The short version: your electricity bill is processed then deleted. We never sell your data. We never share your personal information with retailers.

2. What we collect

Bill data: When you upload a bill, we extract charges, rates, usage figures, account number, NMI, address, retailer, and plan type. This data is used solely to generate your analysis.

Email address: If you provide your email during the verdict flow or newsletter signup, we store it to deliver results and occasional bill-saving tips.

Payment information: Payments are processed by Stripe. We do not store your credit card number, expiry date, or CVV. Stripe provides us with a transaction record only.

Concession card type: If you select concession pricing, we record the type of card but not the card number. Concession card numbers are only included in your downloaded PDF and are never stored in our database, logs, or any API route.

Usage data: We collect basic analytics on how you use the site to improve the service. No third-party analytics or tracking scripts are used.

3. How we use your data

• Bill analysis: To generate your verdict and Bill Action Plan.
• Email: To deliver your results and occasional tips. You can unsubscribe at any time.
• Payment: To process your purchase and issue refunds if applicable.
• Quality review: To check report accuracy.
• Service improvement: Aggregate, de-identified data to improve our analysis accuracy.

4. BillDecoder Index

If you opt in, de-identified data from your bill is contributed to the BillDecoder Index — a public dataset showing what Australians actually pay for electricity.

De-identified means: no name, no address, no account number, no NMI, no bill image. None of this data is ever included in the Index.

What is included: rate bands, postcode area, usage bands, retailer, tariff type, verdict, and solar presence. Data is stored in bands rather than exact figures to prevent re-identification.

Index data is used to generate comparison insights and aggregate reports. We never sell Index data to retailers or third parties.

5. Data storage and security

• Bill images/PDFs: Processed in memory then deleted. Never permanently stored.
• Extraction data: Stored in encrypted Redis with a 30-day TTL, then automatically deleted.
• Generated PDF reports: Stored in encrypted Redis with a 30-day TTL, then automatically deleted.
• Index records: Stored indefinitely. Fully de-identified and cannot be linked back to you.

All data is hosted on Vercel (US) and Upstash Redis. Data is encrypted in transit (HTTPS) and at rest.

6. Third-party services

We share data with the following services to provide BillDecoder:

• Anthropic (AI processing): Your bill data is sent to Claude AI for extraction and analysis. Subject to Anthropic's privacy policy.
• Stripe (payments): Card details are handled entirely by Stripe. Subject to Stripe's privacy policy.
• Resend (email): Your email address is shared with Resend to deliver emails. Subject to Resend's privacy policy.
• Vercel (hosting): Subject to Vercel's privacy policy.
• Upstash (database): Subject to Upstash's privacy policy.

7. Concession card numbers

If you provide a concession card number during rebate screening, it appears only in your downloaded PDF.

Concession card numbers are never stored in our database, server logs, or any API route.

8. Your rights

• Request a copy of your data: Email hello@billdecoder.au and we will provide all data we hold about you within 14 days.
• Request deletion: Email hello@billdecoder.au and we will delete all identifiable data within 14 days.
• Unsubscribe: Click the unsubscribe link in any email, or email us directly.
• Opt out of the Index: Don't tick the consent checkbox. If you previously opted in, email us to remove your record.

Under the Australian Privacy Act 1988, you have additional rights regarding the handling of your personal information.

9. Data retention

• Bill images: Deleted immediately after processing.
• Analysis data: 30 days, then automatically deleted.
• PDF reports: 30 days, then automatically deleted.
• Email address: Retained until you unsubscribe.
• Index data: Stored indefinitely. Fully de-identified.
• Payment records: Retained as required by Australian tax law (typically 5 years).

10. Cookies and tracking

BillDecoder.au does not use cookies, tracking pixels, or third-party analytics services.

11. Changes to this policy

We may update this privacy policy at any time. We will not reduce your rights under this policy without your explicit consent.

12. Contact

For privacy enquiries or data deletion requests, email hello@billdecoder.au or visit our contact page.