Privacy Policy

1. Data We Process

• Account data: name, email address, authentication events, locale, settings, and support messages.
• Merchant fiscal configuration: issuer profile, fiscal provider settings, invoice timing rules, numbering preferences, and audit records.
• Stripe Connect data: connected account identifiers, OAuth state, capability status, webhook configuration, product and price metadata, and payment event references.
• Buyer checkout and fiscal data: email, billing details, tax identifiers, company data, addresses, checkout session metadata, invoice lines, and payment references needed to create fiscal documents.
• Technical and security data: IP address, device/browser information, logs, rate-limit events, error reports, and abuse-prevention signals.
• Cookie and analytics data: consent choices and, if accepted, Google Analytics usage data for public website pages.

2. Why We Use Data

• To provide hosted fiscal checkout for Stripe payments.
• To connect merchant Stripe accounts and send invoice work to Aruba, Fatture in Cloud, OpenAPI Fatture, or other configured providers.
• To generate, review, retry, reconcile, and audit invoice workflows.
• To authenticate users, secure accounts, prevent fraud, and protect the service.
• To answer support and access requests.
• To comply with tax, accounting, data protection, and other legal obligations.
• To understand public website traffic through Google Analytics only where consent has been given.

3. Legal Bases

Depending on the context, we rely on contract performance, legitimate interests, legal obligations, and consent. Consent is used for optional Google Analytics cookies and any marketing communication that legally requires opt-in consent. You can withdraw cookie consent from the Cookie settings link in the footer.

4. Sharing Data

We share personal data only where needed to provide or protect ebill.digital:

• Stripe, for Stripe Connect, payment processing, customer records, Payment Elements, and webhook events.
• Fiscal providers selected by the merchant, such as Aruba, Fatture in Cloud, and OpenAPI Fatture.
• Hosting, database, storage, email, monitoring, and security providers.
• Google Analytics, if you accept analytics cookies on public pages.
• Professional advisers, authorities, or courts where required by law or necessary to protect rights.

5. Retention

We keep data only as long as needed for the purposes above. Fiscal and invoice records may need to be retained for tax, accounting, audit, dispute, and compliance periods. Security logs are kept for a limited period unless needed to investigate abuse or an incident. Google Analytics data is handled according to our configured analytics retention settings and Google's own controls.

6. International Transfers

Some providers may process data outside the European Economic Area. Where this happens, we use appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, or provider transfer mechanisms recognized by applicable data protection law.

7. Your Rights

Depending on your location and the type of data involved, you may have rights to access, correct, delete, restrict, object to processing, request portability, or withdraw consent. If your data was provided by a merchant using ebill.digital, we may direct you to that merchant because they decide how their buyer and invoice data is used.

8. Contact

For privacy questions, use our contact form. We may need to verify your identity before responding to privacy requests.