Plain-language summary: BillOps collects only the data needed to automate your time-tracking and invoicing. We connect to QuickBooks, Google, Microsoft Outlook, and Clio on your behalf using OAuth 2.0 — we never store your passwords. We do not sell your data, show ads, or use your data to train AI. You can revoke access at any time.
1. Overview & Scope
BillOps ("we," "our," or "us") develops and operates a time-tracking and billing automation platform for service-based businesses. This Privacy Policy describes how we collect, use, retain, and protect your data when you use the BillOps platform or visit our website.
This Policy applies to all users of the BillOps platform, all data processed through it, all connected third-party integrations, and all visitors to our website and marketing pages.
By using BillOps, you agree to this Policy. If you do not agree, please discontinue use and contact us at info@cloudbaselabs.com to request deletion of your data.
2. Data We Collect
Account & Identity Data
When you create a BillOps account, we collect:
- Name and professional title
- Business email address
- Company or organization name
- Account credentials (passwords stored hashed and salted — never in plaintext)
- Subscription and billing plan information
Time-Tracking & Billing Data
- Timer start and stop timestamps, durations, and session notes
- Client and project associations you create
- Invoice records generated through the platform
Integration & Activity Data
When you connect third-party services, we access data strictly as necessary to provide our features:
- Calendar data — event titles, times, and durations (for time-entry suggestions)
- Email metadata — timestamps, subject lines, and sender/recipient domains (for activity matching; we do not read or store email body content)
- Accounting & billing data — client lists, project codes, billing rates, and invoice status from connected platforms
Usage & Technical Data
- IP address and general geographic region
- Browser type, version, and operating system
- Pages visited, features accessed, and session duration
- Error logs and diagnostic information
What We Do Not Collect
- Biometric data, health information, or government ID numbers
- Social media data or personal browsing history
- Any data from children under 16
- Personal communications unrelated to your billing activity
3. How We Use Your Data
Permitted Uses
We process your data exclusively for the following purposes:
- Tracking time, generating invoices, and syncing data with connected services at your instruction
- Authenticating your identity and maintaining your session
- Sending account notifications, security alerts, and transactional emails
- Providing customer support and resolving issues
- Detecting and preventing unauthorized access and fraud
- Improving platform reliability using anonymized, aggregate usage data
- Meeting legal and contractual obligations
Absolute Prohibition: BillOps will never use your data for advertising, sell or rent it to any third party, share it with data brokers or analytics companies, or use it to train, fine-tune, or benchmark any AI or machine learning model. This prohibition has no exceptions.
4. Third-Party Integrations
BillOps connects to third-party services you choose to link to your account. All integrations use OAuth 2.0 — we never see or store your passwords for any connected service.
Data is sent to a connected service only when you explicitly instruct BillOps to do so. You can disconnect any integration at any time from your account settings — disconnection is immediate.
This Policy does not govern the privacy practices of third-party services. Please review their policies independently.
5. Google Services
Google API Services User Data Policy: BillOps's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
When you connect a Google account, we request only the minimum permissions needed: identity (name and email for authentication) and, optionally, read-only calendar access to support time-entry suggestions. We use this data solely to provide the features you enable — never for advertising, profiling, or AI training. You can revoke access at any time from your Google Account Permissions page. Tokens are deleted within 30 days of disconnection.
6. Data Sharing & Disclosure
We do not sell, rent, or transfer your data to any third party for commercial purposes. Data is shared only in these limited circumstances:
- Connected platforms — Data is sent to QuickBooks, Google, Microsoft, or Clio only when you explicitly instruct BillOps to do so.
- Infrastructure providers — We use trusted cloud hosting and database providers under strict data-processing agreements. They process data on our behalf only and are prohibited from any independent use.
- Payment processing — Billing transactions are handled by a PCI-DSS-compliant payment processor. We do not store full card numbers or bank account details.
- Legal obligations — We may disclose data if required by a valid court order or applicable US law. To the extent permitted by law, we will notify you before disclosing and share only the minimum required.
- Corporate transactions — In a merger or acquisition, we will give you advance notice and the opportunity to delete your data before any transfer occurs.
7. Data Retention & Deletion
- Active accounts — Time entries, billing records, and account data are retained for the duration of your active subscription.
- Deleted accounts — All personal data is deleted or anonymized within 30 days of account termination, except where retention is required by law.
- Integration metadata — Raw metadata from connected services is purged after time entries are confirmed or dismissed. Unreviewed metadata is deleted on a rolling schedule.
- OAuth tokens — Access tokens are stored encrypted and deleted within 30 days of disconnecting an integration.
- Technical logs — Usage and security logs are retained for a limited period for auditing and platform reliability, then purged on a rolling basis.
To request deletion of your data at any time, contact info@cloudbaselabs.com. We will acknowledge within 2 business days and complete deletion within 30 days, providing written confirmation.
8. Security
BillOps implements layered security controls appropriate for the sensitivity of the data we handle:
Encryption
- All data in transit is protected using TLS 1.3
- All data at rest is encrypted using AES-256
- OAuth tokens and credentials are stored in encrypted vaults, never logged in plaintext
- Encryption keys are managed with regular rotation
Access Controls
- Role-based access control (RBAC) across all systems
- Multi-factor authentication (MFA) required for all personnel accessing production systems
- Principle of least privilege — staff access only the data their role requires
- All access to production systems is logged and auditable
Operations
- Continuous automated vulnerability scanning
- Regular third-party penetration testing
- 24/7 automated threat detection and anomaly monitoring
- Geographically redundant, encrypted backups
In the event of a confirmed security incident, we will notify affected users within 72 hours of becoming aware, including a summary of what happened, what data was affected, and what actions we have taken.
9. Your Privacy Rights
You have the following rights over your data, exercisable at any time by contacting info@cloudbaselabs.com. All requests are acknowledged within 2 business days and fulfilled within 30 days.
- Access — Request a copy of all personal data we hold about you.
- Correction — Request correction of inaccurate or incomplete data.
- Deletion — Request permanent deletion of your data from all our systems.
- Portability — Receive your time entries and account data in a structured, machine-readable format.
- Restrict processing — Request that we limit how we use your data in certain circumstances.
- Withdraw consent — Disconnect any integration at any time without affecting prior processing.
10. Policy Changes
We may update this Policy to reflect changes in our practices or applicable law. For any material change, we will notify registered users by email at least 30 days before the effective date and display a prominent notice in the platform. The version number and revision date at the top of this page are always current. Continued use after the effective date constitutes acceptance. If you do not accept a material change, you may terminate your account and request deletion of your data without penalty.
11. Contact Us
BillOps Privacy
Email: info@cloudbaselabs.com
General inquiries: Response within 2 business days
Formal rights requests: Fulfilled within 30 days of verified receipt
If you believe your privacy rights have been violated and we have not resolved your concern, you may file a complaint with the applicable US federal or state regulatory authority, including the Federal Trade Commission (FTC) or your state's attorney general's office.