Effective April 6, 2026

Privacy Policy

This Privacy Policy explains how QuietBill collects, uses, and protects your personal data. By using the Service you agree to this policy. For the full terms governing your use, see our Terms & Conditions.

1. Who We Are

  • QuietBill is operated by Oleh Reznichenko as an individual sole trader. When this policy says "we," "us," or "our," it refers to Oleh Reznichenko.
  • Contact: nonlimit@proton.me

2. Data We Collect

  • Account information: name, email address, authentication identifiers (GitHub OAuth, Google One Tap, passkeys/WebAuthn, or email/password).
  • AWS integration data: Role ARNs, External IDs, and cost and usage data retrieved from your AWS accounts via the Service.
  • Notification channel identifiers: Telegram chat ID, Slack workspace and channel metadata, email address used for alert delivery, and email notification preferences.
  • Billing records: subscription plan, payment status, and transaction references managed through our billing provider.
  • Alert history: cost anomaly alerts, daily summaries, CloudTrail event notifications, and AI-generated explanations generated on your behalf.
  • Usage data: pages visited, feature interactions, and operational metadata collected through product analytics and error monitoring.

3. Data We Do Not Collect or Store

  • AWS credentials are never persisted. We access your AWS account through short-lived STS session tokens obtained via AssumeRole. Tokens are held in memory only for the duration of the API call and expire automatically within 1 hour.
  • We do not collect payment card numbers, bank account details, or other financial instrument data. All payment processing is handled by our billing provider (Merchant of Record).
  • We do not sell, rent, or trade your personal data to third parties.

4. How We Use Your Data

  • Authenticate you and manage your account.
  • Connect and monitor your AWS accounts for cost anomalies, usage trends, and resource events.
  • Generate and deliver alerts to the notification channels you configure (Telegram, Slack, email).
  • Operate billing and subscription management.
  • Prevent abuse, enforce our Terms, and maintain security.
  • Respond to support requests.
  • Improve the Service through anonymized product analytics.

5. Sub-Processors and Third-Party Services

  • Vercel — application hosting and edge delivery.
  • Turso / LibSQL — primary database.
  • Upstash Redis — caching and rate limiting.
  • Trigger.dev — background job processing (cost checks, alert delivery, lifecycle tasks).
  • Google Gemini — AI-generated alert text and cost explanations.
  • Telegram — alert delivery to Telegram channels you configure.
  • Slack — alert delivery to Slack workspaces you configure.
  • Resend — transactional and alert email delivery.
  • Creem — billing infrastructure and Merchant of Record (collects and remits VAT/GST/sales tax).
  • Each sub-processor receives only the minimum data necessary to perform its function.

6. Analytics and Error Monitoring

  • Sentry — error monitoring. Captures operational error traces and diagnostic metadata to identify and fix bugs. Not intended to receive the full content of your AWS cost data or notification messages.
  • PostHog — product analytics. Tracks onboarding and usage flows to improve the Service. Not intended to receive the full content of your AWS cost data.

7. Cookies and Session Management

  • Session cookies are scoped to .quietbill.dev and configured as HttpOnly, Secure, and SameSite.
  • Authentication is managed by BetterAuth on our own infrastructure.
  • We do not use third-party advertising cookies or cross-site tracking cookies.

8. Data Retention

  • Account records, connected account metadata, billing records, and alert history are retained while your account is active.
  • Short-lived cache entries may be stored with operational TTLs in caching infrastructure.
  • When you delete your account (via Settings → Danger Zone or by emailing nonlimit@proton.me), operational data is removed. Backups are retained for up to 30 days, after which data is permanently purged.

9. Your Rights

  • Access: You may request a copy of the personal data we hold about you.
  • Correction: You may request correction of inaccurate personal data.
  • Deletion: You may delete your account at any time via the in-app offboarding flow, which removes all Customer Data subject to the 30-day backup retention period.
  • Data portability: You may request your data in a structured, commonly used format.
  • To exercise any of these rights, contact nonlimit@proton.me. We will respond within 30 days.

10. International Data Transfers

  • The Service relies on infrastructure and vendors that operate across multiple regions. Your data may be processed outside Ukraine or your home jurisdiction.
  • By using the Service, you acknowledge these international data transfers as necessary to provide the product.

11. Children's Privacy

  • QuietBill is not directed at children under 18. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, contact nonlimit@proton.me and we will delete it.

12. Changes to This Policy

  • We may update this Privacy Policy as the product and legal requirements evolve. For material changes, we will provide at least 14 days' notice by email or in-product notification before the new policy takes effect.
  • Continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact

For privacy-related questions, data access requests, or deletion requests, email nonlimit@proton.me.

QuietBill · operated by Oleh Reznichenko