Privacy Policy

This Privacy Policy describes how Bifow ("we", "our", or "us") collects, uses, stores, and protects personal data when you use the Bifow web application and related services (the "Service"). Bifow is a software-as-a-service platform that connects to users' email accounts to automatically detect, extract, and organise supplier invoices.

This policy applies to all users of the Service, including individuals who create an account, connect an email account, or interact with the Bifow platform in any capacity.

We are committed to protecting your privacy and handling your data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Google API Services User Data Policy, including the Limited Use requirements.

The data controller responsible for the processing of your personal data is:

If you have any questions about how your data is processed, or if you wish to exercise your rights under the GDPR, you may contact us at the email address above.

3.1 Account Data

When you register for the Service, we collect your email address, your name (if provided), and an authentication token generated through our authentication provider (Supabase Auth). This information is necessary to create and maintain your account.

3.2 Organisation Data

You may create or join an organisation within Bifow. We store the organisation name, membership information, and billing-related identifiers (such as a Stripe customer identifier if you subscribe to a paid plan).

3.3 Gmail Data

When you connect a Gmail account to the Service via OAuth 2.0, we request access to the following Gmail API scopes:

• gmail.readonly — to read your email messages and attachments in order to detect supplier invoices.
• gmail.send — to forward detected invoices to accounting email addresses you designate, on your behalf and only when you have enabled the automatic forwarding feature.
• pubsub — to receive real-time notifications when new emails arrive in your inbox, so that invoice detection occurs automatically without polling.
• userinfo.email — to identify your Google account email address during authentication.

We do not request permission to delete or modify your emails. The gmail.send scope is used exclusively to forward detected invoice emails to accounting addresses you configure. We never send emails to any other recipients, and we never send emails for marketing, advertising, or any purpose other than forwarding your invoices.

The specific data we access from your Gmail account includes email metadata (sender address, subject line, date received), email body content (processed in transit for invoice detection only; not stored in full), and PDF or image attachments identified as potential invoices.

We do not store the full content of your emails. We process email content only to determine whether an email contains a supplier invoice. Emails that do not contain invoices are discarded from processing and no data from those emails is retained.

3.4 Invoice Data

When a supplier invoice is detected, we extract and store the following structured data: supplier name, supplier VAT identification number, invoice number, invoice date, due date, amounts (total, VAT, net), currency, IBAN and payment reference (if present on the invoice), and a confidence score from our extraction system.

The original PDF file may also be stored in secure cloud storage to allow you to view and manage your invoices within the Service.

3.5 Forwarding Data

If you configure automatic forwarding of invoices to an accounting email address, we store the destination email addresses you provide and a log of forwarding events (date, status, recipient). When forwarding is triggered, the invoice email is sent from your connected Gmail account to the accounting address(es) you specified. The forwarded message includes the invoice attachment(s) and a summary of extracted invoice data.

3.6 Technical and Usage Data

We collect standard technical data necessary to operate the Service, including IP addresses, browser type, pages visited, and timestamps. This data is used for security, debugging, and service improvement purposes.

We use the data we collect for the following purposes, and only for these purposes:

• Providing the Service. We access your Gmail account to scan incoming emails for supplier invoices. When an invoice is detected, we extract structured data from the invoice attachment and store it in your Bifow account. This is the core function of the Service.
• Invoice forwarding. If you enable automatic forwarding, we use the gmail.send scope to forward detected invoice emails from your Gmail account to the accounting email address(es) you specify. Forwarding is initiated only for emails identified as invoices, and only to recipients you have explicitly configured. You may disable forwarding at any time.
• Real-time email monitoring. We use the Pub/Sub scope to register a push notification subscription with Gmail. When a new email arrives, Google sends a notification to our server, which triggers the invoice detection pipeline. This allows near-instant processing without continuously polling your mailbox.
• Account management. We use your account data to authenticate you, manage your subscription, and communicate with you about the Service (e.g., quota notifications, service updates).
• Security and fraud prevention. We use technical data to detect and prevent unauthorised access, abuse, and other security threats.
• Service improvement. We may use aggregated, anonymised data to understand usage patterns and improve the Service. Individual Gmail data is never used for this purpose.

We do not use your data for advertising, profiling, or any purpose unrelated to providing the Bifow service.

This section describes how Bifow accesses, uses, stores, and shares data obtained through Google APIs, in accordance with the Google API Services User Data Policy, including the Limited Use requirements.

5.1 Purpose of Access

Bifow accesses Google user data for two purposes: (1) to detect and process supplier invoices received by email (using the gmail.readonly scope), and (2) to forward detected invoices to accounting addresses designated by the user (using the gmail.send scope). We also use the Pub/Sub scope to receive real-time notifications when new emails arrive.

We do not request scopes that would allow us to delete or modify existing emails. The gmail.send scope is used strictly and exclusively for invoice forwarding to addresses the user has configured.

5.2 Limited Use Disclosure

Bifow's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google user data to provide and improve the invoice detection, processing, and forwarding functionality described in this policy.
• We do not transfer Google user data to third parties unless it is (a) necessary to provide the Service (e.g., sending a PDF to the OpenAI API for data extraction), (b) necessary to comply with applicable law, (c) required as part of a merger, acquisition, or sale of assets, with notice to users, or (d) with the user's explicit consent.
• We do not use Google user data for advertising purposes. We do not use Google user data to serve ads. We do not allow Google user data to be used for advertising by any third party.
• We do not sell Google user data. We do not sell, lease, or trade Google user data under any circumstances.
• We do not use Google user data for purposes unrelated to the Bifow service.
• Human employees do not read your Gmail data, except in the following limited circumstances: with your explicit consent (e.g., if you contact support and ask us to investigate a specific processing issue), when required by law (e.g., in response to a valid legal order), or when necessary for security purposes (e.g., investigating a security incident). Any such access is logged and limited to the minimum data necessary.

5.3 Data Processing by Third-Party Processors

When a PDF invoice is detected, the file may be sent to the OpenAI API for structured data extraction. The OpenAI API processes the document content to identify invoice fields (supplier name, amounts, dates, etc.) and returns structured data. We use the OpenAI API solely for this purpose. The content sent to OpenAI is limited to the invoice document itself and minimal contextual metadata (sender address, subject line, filename). OpenAI's data processing terms prohibit the use of API inputs for model training.

5.4 Revoking Access

You may revoke Bifow's access to your Google account at any time by disconnecting your Gmail account within the Bifow application, or by removing Bifow from your Google account's third-party access settings at https://myaccount.google.com/permissions. Upon revocation, we will delete your stored access and refresh tokens and cease accessing your Gmail data.

We process your personal data on the following legal bases under Article 6(1) of the GDPR:

• Contract (Article 6(1)(b)). Processing of your account data and Gmail data is necessary to perform the contract between you and Bifow (our Terms of Service). Without processing this data, we cannot provide the Service.
• Consent (Article 6(1)(a)). You provide explicit consent when you connect your Gmail account via OAuth and authorise Bifow to access your email data. You may withdraw consent at any time by disconnecting your Gmail account.
• Legitimate interest (Article 6(1)(f)). We process technical and usage data based on our legitimate interest in maintaining the security and proper functioning of the Service. This processing is proportionate and does not override your rights.
• Legal obligation (Article 6(1)(c)). We may process and retain certain data to comply with legal obligations, such as financial record-keeping requirements or valid legal orders.

We retain your personal data only for as long as necessary to provide the Service and fulfil the purposes described in this policy.

• Account data is retained for as long as your account is active. If you delete your account, your account data is deleted within 30 days.
• Gmail OAuth tokens are retained for as long as your Gmail account is connected. When you disconnect your Gmail account or delete your Bifow account, tokens are deleted immediately.
• Invoice data and PDF files are retained for as long as your account is active. Upon account deletion, all invoice data and associated files are deleted within 30 days.
• Email content that does not contain invoices is not stored. It is processed in transit and discarded.
• Technical logs are retained for a maximum of 90 days for security and debugging purposes, after which they are automatically purged.

You may request deletion of your data at any time, as described in Section 11 of this policy.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption in transit. All communication between your browser and our servers, and between our servers and third-party services, is encrypted using HTTPS (TLS 1.2 or higher).
• Encryption at rest. Gmail OAuth access tokens and refresh tokens are encrypted using AES-256-GCM before storage. Invoice data is stored in a PostgreSQL database hosted by Supabase, which provides encryption at rest.
• Access controls. Access to production systems and databases is restricted to authorised personnel. Service-to-service communication uses secret keys that are stored as environment variables and never committed to source code.
• Infrastructure security. Our database infrastructure is hosted within the European Union by Supabase. Our application backend is hosted on Vercel. Our workflow automation infrastructure is hosted on Hostinger cloud servers in the European Union. All providers maintain their own security certifications and compliance programmes.

No system can guarantee absolute security. If we become aware of a security breach that affects your personal data, we will notify you and the relevant supervisory authority in accordance with the GDPR.

We use the following third-party service providers ("processors") to operate the Service. Each processor is bound by a data processing agreement and processes data only on our instructions and for the purposes specified below:

• Supabase (Supabase, Inc.) — Database hosting, authentication, and file storage. Data is hosted in the EU region. Supabase acts as a processor for all account data, invoice data, and stored files.
• Vercel (Vercel, Inc.) — Application hosting and serverless functions. Vercel processes HTTP requests and serves the Bifow application.
• Hostinger (Hostinger International Ltd.) — Cloud server hosting for workflow automation. Our automated invoice processing workflows run on Hostinger cloud infrastructure hosted in the European Union. These workflows handle Gmail API interactions, invoice extraction orchestration, and forwarding logic.
• OpenAI (OpenAI, LLC) — AI-powered invoice data extraction. When a PDF invoice is detected, its content may be sent to the OpenAI API for structured data extraction. OpenAI processes this data under their API data processing terms, which prohibit the use of API inputs for model training.
• Stripe (Stripe, Inc.) — Payment processing. Stripe processes your payment information when you subscribe to a paid plan. Bifow does not store your credit card details.
• Resend (Resend, Inc.) — Transactional email delivery. Resend is used to send service notifications (e.g., quota alerts, account notifications). Resend processes only the recipient email address and message content.
• Google (Google LLC) — Gmail API and Pub/Sub. Google provides the APIs through which Bifow reads email messages and attachments, sends forwarded invoice emails, and receives real-time email notifications. Google's own privacy policy governs how Google handles your data within its systems.

We do not share your personal data with any other third parties, except as required by law.

If you are located in the European Economic Area, you have the following rights under the GDPR:

• Right of access (Article 15). You have the right to request a copy of the personal data we hold about you.
• Right to rectification (Article 16). You have the right to request correction of inaccurate personal data.
• Right to erasure (Article 17). You have the right to request deletion of your personal data, subject to any legal retention obligations.
• Right to restriction (Article 18). You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to data portability (Article 20). You have the right to receive your personal data in a structured, commonly used, machine-readable format.
• Right to object (Article 21). You have the right to object to processing based on legitimate interests.
• Right to withdraw consent (Article 7(3)). Where processing is based on consent, you may withdraw consent at any time by disconnecting your Gmail account or deleting your Bifow account.

To exercise any of these rights, contact us at privacy@bifow.com. We will respond to your request within 30 days, as required by the GDPR.

You also have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

You may request deletion of your data through the following methods:

• Disconnecting your Gmail account. You can disconnect your Gmail account from within the Bifow application at any time. This immediately deletes your stored OAuth tokens and stops all email processing and forwarding. Invoice data previously extracted remains in your account unless you request its deletion.
• Deleting your Bifow account. You can request full account deletion by contacting us at privacy@bifow.com. Upon account deletion, we will delete all data associated with your account, including account information, OAuth tokens, invoice data, stored PDF files, and forwarding logs. Deletion is completed within 30 days of your request.
• Revoking access via Google. You may also revoke Bifow's access to your Google account at https://myaccount.google.com/permissions. This revokes our OAuth tokens. We recommend also disconnecting your account within Bifow to ensure associated data is cleaned up.

After deletion, we may retain anonymised, aggregated data that cannot be used to identify you, for the sole purpose of improving the Service.

We may update this Privacy Policy from time to time to reflect changes to our practices, legal requirements, or the Service itself. When we make material changes, we will notify you by email or by posting a prominent notice within the application at least 14 days before the changes take effect.

The effective date at the top of this policy indicates when it was last updated. We encourage you to review this policy periodically.

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how your data is handled, please contact us:

We aim to respond to all enquiries within 30 days.