Privacy Policy

Last updated: March 2026

1. Who We Are

SoarBill ("SoarBill", "we", "us", or "our") is an invoicing and time-tracking platform for freelancers and contractors. Our service is accessible at app.soarbill.com.

For any privacy-related questions, contact us at support@soarbill.com.

2. What Data We Collect and Why

We collect only the data necessary to provide our services:

  • Account information: name, email address, country. Required to create and identify your account.
  • Business information: company name, address, tax ID, VAT number, registration number. Required to generate invoices on your behalf.
  • Financial data: bank account details (IBAN / BIC), Stripe customer and subscription identifiers. Required to manage billing and subscription.
  • Invoices, time entries, clients, and projects: the core content you create and manage within the platform.
  • Usage data: technical log data (IP address, browser type, timestamps) for security and operational purposes.

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases as defined in GDPR Article 6:

  • Article 6(1)(b) — Contract performance: Processing is necessary to perform the service you have signed up for (account management, invoice generation, time tracking).
  • Article 6(1)(c) — Legal obligation: Where we are required to retain or process data by applicable law.
  • Article 6(1)(f) — Legitimate interests: Security, fraud prevention, and service improvement.

4. Third-Party Processors and Data Storage

We use the following sub-processors. Where data is transferred outside the European Economic Area (EEA), appropriate safeguards (Standard Contractual Clauses) are in place:

ProcessorPurposeLocation
StripePayment processing and subscription managementUSA (SCCs in place)
Amazon Web Services (S3)File storage (logos, attachments)EU region
HerokuApplication and database hostingEU region
MailgunTransactional email deliveryEU region
SentryError monitoring and diagnosticsUSA (SCCs in place)

We do not sell your personal data to any third party. We have Data Processing Agreements (DPAs) in place with all processors as required by GDPR Article 28.

5. Data Retention

We retain your personal data for as long as your account is active.

  • When you request account deletion, your account is flagged for deletion. All your data is permanently removed from our systems after a 30-day grace period.
  • Server logs are retained for up to 90 days. Database backups are retained for up to 30 days after account deletion.
  • Stripe retains payment-related records (transaction history, invoices) according to their own data retention policy and applicable financial regulations.
  • Anonymised or aggregated usage logs may be retained longer for security and operational analysis.

6. Your Rights Under GDPR

If you are in the European Economic Area, you have the following rights regarding your personal data:

  • Right of access: Request a copy of your data.
  • Right of rectification: Correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): Request deletion of your data.
  • Right to data portability: Receive your data in a machine-readable format.
  • Right to restriction: Request restricted processing of your data.
  • Right to object: Object to processing based on legitimate interests.

You can exercise these rights at any time via Settings → Account within the app, or by emailing us at support@soarbill.com. We will respond to requests within 30 days as required by GDPR Article 12.

You also have the right to lodge a complaint with your local data protection authority.

7. Email Communication

We send transactional emails only. These include:

  • Account verification and password reset emails
  • Invoice delivery emails sent to your clients on your behalf

We do not send marketing or promotional emails. Transactional emails are essential to the service and cannot be opted out of while your account is active.

8. Cookies and Local Storage

SoarBill stores only essential session tokens in your browser's localStorage to keep you logged in. We do not use tracking cookies, advertising cookies, or analytics tools that profile your behaviour.

No cookie consent banner is required because we do not use non-essential cookies.

Error monitoring via Sentry may capture anonymised technical data (stack traces, error context). No personal profile is built from this data.

9. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you.

10. Security

We implement appropriate technical and organisational measures to protect your data, including encrypted data transmission (HTTPS), hashed password storage, and access controls. However, no system is entirely immune to risk, and we cannot guarantee absolute security.

10a. Data Breaches

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours notify the relevant supervisory authority, in accordance with GDPR Articles 33–34.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date above. Continued use of the service after changes are posted constitutes your acceptance of the updated policy.

12. Contact

For privacy-related inquiries: support@soarbill.com