Privacy Policy

1. Introduction

Intellex SAS, operating as BillAI ("we", "us", "our"), provides a SaaS monetization platform for ChatGPT and MCP application developers. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Services.

This policy applies to all users of our platform, including developers who create accounts and their end-users who make purchases through our payment infrastructure.

2. Data Controller

Intellex SAS
60 rue François 1er
75008 Paris, France
SIRET: 932 652 282 R.C.S. Paris
Email: contact@billai.com

As a French company, we are subject to the General Data Protection Regulation (GDPR) and French Data Protection Act (Loi Informatique et Libertés).

Supervisory Authority: CNIL (Commission Nationale de l'Informatique et des Libertés)
Website: https://www.cnil.fr

3. Information We Collect

3.1 Information You Provide Directly

Account Registration:

• Full name
• Email address
• Company name (if applicable)
• Country of residence
• Business type and description
• Phone number (optional)
• VAT number (for EU businesses)

Payment and Business Information:

• Information required by Stripe for payment processing
• Bank account details (stored by Stripe, not by us)
• Tax identification numbers
• Business licenses and verification documents
• Billing address

Communications:

• Messages sent through our support system
• Email correspondence
• Survey responses and feedback

3.2 Information Collected Automatically

Usage Data:

• Pages visited and features used
• Time and date of access
• Session duration and frequency
• Click patterns and navigation paths
• Feature usage statistics

Technical Information:

• IP address
• Browser type and version
• Device type and operating system
• Screen resolution
• Referral source and landing pages
• Language preferences

Transaction Data:

• Transaction amounts and dates
• Payment status (successful, failed, pending)
• Products or services sold
• Refund and chargeback information
• Customer identifiers (anonymized)
• Commission amounts

3.3 Information from Third Parties

Stripe:

When you connect your Stripe account, we receive:

• Account verification status
• Transaction processing data
• Compliance and KYC information
• Payout details and schedules
• Payment method information

Analytics Services:

• Google Analytics (with IP anonymization)
• Error tracking services
• Performance monitoring tools

4. How We Use Your Information

4.1 Service Provision

We use collected information to:

• Create and manage your account
• Process transactions and calculate commissions
• Provide customer support and respond to inquiries
• Deliver platform features and functionality
• Send transactional notifications and updates
• Manage access control and entitlements

4.2 Business Operations

We use information to:

• Detect and prevent fraud and abuse
• Monitor platform security and integrity
• Analyze usage patterns and improve Services
• Develop new features and enhancements
• Conduct research and analytics
• Maintain service reliability and performance
• Troubleshoot technical issues

4.3 Legal and Compliance

We use information to:

• Comply with legal obligations
• Respond to legal requests and court orders
• Enforce our Terms of Service
• Protect our rights, property, and safety
• Fulfill tax reporting requirements
• Meet KYC (Know Your Customer) and AML (Anti-Money Laundering) requirements
• Maintain records as required by law

4.4 Communications

We use information to:

• Send important service updates and notifications
• Respond to support requests
• Provide technical notices and security alerts
• Share platform updates (with opt-out option)

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data based on the following legal grounds:

5.1 Contractual Necessity

• Processing required to fulfill our contract with you
• Providing the Services you requested
• Payment processing and transaction management

5.2 Legitimate Interests

• Platform security and fraud prevention
• Analytics to improve Services
• Business development and research
• Internal administration

5.3 Legal Compliance

• Tax reporting obligations
• Regulatory requirements and audits
• Law enforcement requests
• AML/KYC verification requirements

5.4 Consent

• Optional features requiring explicit consent
• Marketing communications (with opt-out)
• Third-party integrations you authorize
• Cookies beyond essential ones

6. Data Sharing and Disclosure

6.1 Stripe (Payment Processor)

We share necessary information with Stripe to facilitate payment processing:

• Account verification data
• Transaction information
• Business details and documentation
• KYC/compliance information

Important: Personal data provided for payment processing is received and processed by Stripe in accordance with Stripe's Privacy Policy.

6.2 Service Providers

We share limited data with trusted service providers who assist us in operating our Services:

Cloud Hosting:

• Purpose: Infrastructure and data storage
• Providers: AWS, Google Cloud, or similar
• Data Shared: All platform data (encrypted)

Analytics:

• Purpose: Understanding usage and improving Services
• Providers: Google Analytics
• Data Shared: Anonymized usage metrics, IP addresses (anonymized)

Customer Support:

• Purpose: Providing assistance
• Providers: Support ticket systems
• Data Shared: Communication history, account details

Email Services:

• Purpose: Transactional emails and notifications
• Providers: Email service providers
• Data Shared: Email addresses, notification content

All service providers are contractually obligated to protect your data and use it only for the specified purposes.

6.3 Legal Requirements

We may disclose information when required by law:

• Court orders, subpoenas, or legal processes
• Law enforcement or regulatory requests
• Compliance with applicable laws and regulations
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activities

6.4 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy:

• Your information may be transferred to the new entity
• We will provide notice before your information is transferred
• The new entity will be bound by this Privacy Policy until it is updated

7. International Data Transfers

7.1 Data Storage Locations

Your data may be stored and processed in:

• France (primary hosting location)
• European Union (backup servers)
• Other countries where our service providers operate

7.2 Transfer Safeguards

For transfers outside the EEA, we use approved transfer mechanisms:

• European Commission Standard Contractual Clauses (SCCs)
• Adequacy decisions where applicable
• Explicit consent for specific transfers
• Additional security measures as required

7.3 Stripe Data Processing

Stripe processes payment data globally in accordance with their Privacy Policy and data protection standards. See https://stripe.com/privacy for details.

8. Data Retention

8.1 Active Accounts

We retain your information while your account is active and as needed to provide Services.

8.2 After Account Closure

Following account termination or closure:

• Transaction records: 7 years (French accounting and tax law requirement)
• Account information: 30 days after closure (unless longer retention required)
• Support communications: 3 years
• Anonymized analytics: Indefinitely (no personal identifiers)
• Backup copies: Up to 90 days in backup systems

8.3 Legal Holds

We may retain data longer when required by:

• Ongoing legal proceedings or investigations
• Regulatory investigations or audits
• Dispute resolution processes
• Specific legal obligations

8.4 Deletion Requests

You may request data deletion at any time (see Section 9). We will comply within 30 days, subject to legal retention requirements.

9. Your Rights and Choices

9.1 GDPR Rights (for EEA/UK/Swiss users)

You have the following rights under GDPR:

Right to Access:

• Access your personal data
• Request a copy in machine-readable format
• Receive information about how we process your data

Right to Rectification:

• Correct inaccurate or incomplete data
• Update your account information

Right to Erasure ("Right to be Forgotten"):

• Request deletion of your personal data
• Subject to legal retention requirements

Right to Restriction:

• Limit how we process your data in certain circumstances
• During verification of accuracy or assessment of legitimate grounds

Right to Data Portability:

• Receive your data in a structured, commonly used format
• Transmit your data to another controller

Right to Object:

• Object to processing based on legitimate interests
• Object to direct marketing at any time
• Object to automated decision-making and profiling

Right to Withdraw Consent:

• Withdraw consent at any time (where processing is based on consent)
• Does not affect lawfulness of processing before withdrawal

Right to Lodge a Complaint:

• File a complaint with CNIL or your local data protection authority
• Contact details: https://www.cnil.fr

9.2 How to Exercise Your Rights

To exercise any of these rights:

We will respond within 30 days (or as required by law). We may request additional information to verify your identity.

9.3 Account Management

You can also manage your data through your account dashboard:

• Update profile information
• View transaction history
• Download your data
• Adjust privacy settings
• Manage communication preferences

10. Data Security

10.1 Security Measures

We implement industry-standard security measures to protect your information:

Technical Safeguards:

• Encryption in transit (TLS 1.3)
• Encryption at rest (AES-256)
• Secure authentication and session management
• Regular security audits and penetration testing
• Intrusion detection and prevention systems
• Firewall protection and network segmentation
• Secure API access with authentication tokens
• Regular security updates and patches

Organizational Measures:

• Employee training on data protection
• Access controls based on role and necessity
• Confidentiality agreements with all personnel
• Incident response procedures
• Regular security policy reviews
• Vendor security assessments
• Data breach notification procedures

10.2 Payment Card Data

• We do NOT store credit card information
• All payment data is processed by Stripe (PCI DSS Level 1 certified)
• We never have access to full card numbers
• Payment processing is handled exclusively by Stripe's secure infrastructure

10.3 No Absolute Security

Despite our security measures, no system is 100% secure. You are responsible for:

• Keeping your login credentials confidential
• Using strong, unique passwords
• Enabling two-factor authentication where available
• Notifying us immediately of any suspected unauthorized access
• Maintaining security on your devices

10.4 Data Breach Notification

In the event of a data breach affecting your personal information, we will:

• Notify affected users within 72 hours (as required by GDPR)
• Inform CNIL (French supervisory authority) as required
• Provide information about the breach and protective measures
• Cooperate with authorities and affected individuals
• Take immediate steps to contain and remediate the breach

11. Cookies and Tracking Technologies

11.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. We use cookies and similar technologies to enhance your experience and analyze usage.

11.2 Types of Cookies We Use

Essential Cookies (Always Active):

• Purpose: Platform functionality and security
• Examples: Authentication, session management, security tokens
• Cannot be disabled (required for Services to function)

Analytics Cookies (Optional):

• Purpose: Understanding usage and improving Services
• Provider: Google Analytics (with IP anonymization)
• Retention: 14 months
• Can be disabled via cookie settings

Preference Cookies (Optional):

• Purpose: Remember your settings and preferences
• Examples: Language preference, display settings
• Retention: 12 months
• Can be disabled via cookie settings

11.3 Cookie Management

You can control cookies through:

• Our cookie consent banner (first visit)
• Cookie settings page on our website
• Browser settings
• Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout

Note: Disabling essential cookies may prevent the platform from functioning properly.

11.4 Do Not Track

We respect browser privacy settings. We do not track users across other websites for advertising purposes.

For more details, see our Cookie Policy.

12. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

If we discover we have collected information from a person under 18:

• We will delete the information immediately
• We will terminate the account
• We will notify the parent or guardian if possible

If you believe we have collected information from a minor, contact us immediately at contact@billai.com

13. Third-Party Links and Services

Our platform may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties.

This includes:

• Stripe's payment processing services
• Developer applications using our platform
• Third-party integrations or APIs
• External websites linked from our platform

We encourage you to read the privacy policies of any third-party services before providing your information.

14. Automated Decision-Making

14.1 Fraud Detection

We use automated systems to detect potentially fraudulent transactions and suspicious activity. These systems:

• Analyze transaction patterns and behavioral signals
• Flag potentially risky activities for review
• May temporarily hold or block suspicious transactions
• Are subject to human review for final decisions

14.2 Your Rights

If you are subject to automated decision-making, you have the right to:

• Be informed of the automated decision
• Request human review of the decision
• Contest the decision
• Express your point of view

Contact us at contact@billai.com to exercise these rights.

15. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

15.1 Right to Know

Request disclosure of:

• Categories of personal information collected
• Sources of personal information
• Business purposes for collection
• Categories of third parties with whom we share information
• Specific pieces of personal information we hold about you

15.2 Right to Delete

Request deletion of your personal information, subject to legal exceptions.

15.3 Right to Opt-Out of Sale

We do NOT sell personal information. If our practices change, we will provide an opt-out mechanism.

15.4 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

15.5 Right to Correct

Request correction of inaccurate personal information.

15.6 Right to Limit Use of Sensitive Personal Information

We do not use or disclose sensitive personal information beyond what is necessary to provide Services.

To exercise these rights: Email contact@billai.com with "California Privacy Request" in the subject line.

16. Updates to This Privacy Policy

16.1 Changes

We may update this Privacy Policy to reflect:

• Changes in our data practices
• New legal or regulatory requirements
• Service enhancements or new features
• User feedback
• Industry best practices

16.2 Notification

We will notify you of material changes by:

• Email to your registered address
• Prominent notice on our platform
• In-app notification
• Updating the "Last Updated" date at the top of this policy

Changes take effect 30 days after notification (unless immediate compliance is required by law).

16.3 Continued Use

Your continued use of the Services after the effective date constitutes acceptance of the updated Privacy Policy.

16.4 Prior Versions

We maintain an archive of prior versions. Request previous versions by emailing contact@billai.com

17. Contact Us

For privacy-related questions, concerns, or to exercise your rights: