Privacy Policy

Effective date: 5 March 2026 · Last updated: 5 March 2026

This Privacy Policy explains how BillShield (“we”, “us”, or “our”) collects, uses, discloses, and protects your personal information when you use our website at billshield.com.au and our bill analysis service (collectively, the “Service”). BillShield is operated by Thomas Robert Glasgow as a sole trader under Australian Business Number (ABN) 22 581 904 383.

We are committed to complying with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). By using the Service, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

When you use BillShield, you may provide the following information:

Uploaded documents: Household bills (energy, internet, gas, mobile, insurance) or bank/credit card statements in PDF, CSV, or image format. These documents may contain your name, address, account numbers, provider details, usage data, and payment amounts.

Payment information: When you purchase a full report, your payment is processed securely by Stripe. We do not store your credit card number, CVV, or full card details on our servers. Stripe handles all payment data in accordance with PCI DSS standards.

Email address: Only if you voluntarily provide it (for example, to receive a copy of your report). We do not require an account or email to use the free scan.

1.2 Information We Collect Automatically

When you visit our website, we automatically collect:

Device and browser information: Including IP address, browser type and version, operating system, screen resolution, timezone, and language preferences.

Device fingerprint: We use FingerprintJS (open-source version) to generate a hashed device identifier from your browser attributes such as canvas rendering, WebGL parameters, installed fonts, and screen properties. This hash is not personally identifiable on its own and is used for fraud prevention and service analytics (see Section 3.4 below).

Usage data: Pages visited, buttons clicked, time spent on pages, and scan completion events.

Cookies and tracking pixels: We use the Meta (Facebook) Pixel to measure advertising effectiveness and optimise ad delivery. See Section 5 below.

2. How We Use Your Information

We use the information we collect for the following purposes:

To provide the Service: Analysing your uploaded bills or statements using artificial intelligence to identify potential savings, generate comparison results, and produce your BillShield report.

To process payments: Facilitating your one-time payment through Stripe.

To prevent fraud and abuse: Using device fingerprints and IP addresses to detect and prevent misuse of the free scan feature.

To improve the Service: Analysing aggregated, de-identified usage patterns to improve our AI analysis accuracy, user experience, and service quality.

To measure advertising performance: Using the Meta Pixel to understand how users arrive at our site and to optimise our ad campaigns.

3. Document Handling and Data Retention

3.1 Uploaded Documents

Your uploaded bills and bank statements are processed by our AI system to generate your results. Uploaded files are deleted from our servers immediately after analysis is complete. We do not retain copies of your original documents. The AI processes the document in memory, extracts the relevant data points (provider, plan, costs, usage), and the source file is then permanently deleted.

Your documents are sent to Anthropic's Claude API for AI analysis. Anthropic does not use API request data for model training. However, Anthropic may retain API request logs for up to 30 days for security monitoring and abuse prevention, in accordance with their privacy policy.

3.2 Analysis Results

We retain extracted billing metadata (provider name, plan type, costs, and usage data) to deliver your report and for aggregated market insights. Sensitive personal identifiers — such as account numbers and meter identifiers (NMI) — are automatically stripped and are never stored in our database.

Incomplete or errored scans are automatically cleaned up after 30 days. Completed scan data is retained in anonymised form (with sensitive identifiers stripped) to deliver your report and to improve our service.

3.3 Payment Records

We retain transaction records (date, amount, Stripe transaction ID, and device fingerprint) for the period required by Australian tax law (currently 5 years). These records do not include your full card details.

3.4 Device Fingerprints and Scan Logs

We retain device fingerprint hashes and associated scan event logs (which record that a scan occurred, the bill categories detected, and whether a payment was made) for up to 12 months. These are used for fraud detection and service analytics. The fingerprint hash alone cannot identify you personally.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share information with the following third parties, solely for the purposes described:

Stripe (payment processing): Receives payment details necessary to process your transaction. Stripe's privacy policy is available at stripe.com/au/privacy.

Anthropic / AI providers (document analysis): Your uploaded document content is sent to a third-party AI service for analysis. The AI provider processes the content to extract bill details and does not retain your data after processing. We use Anthropic's Claude API, which does not use customer data for model training.

Meta Platforms (advertising analytics): The Meta Pixel on our site sends page view events, button click events, and purchase events to Meta for ad optimisation. This may include your IP address and browser information. Meta's data policy is available at facebook.com/privacy.

Hosting and infrastructure providers: Our website is hosted on cloud infrastructure. These providers may process data on our behalf subject to strict data processing agreements.

We may also disclose your information if required by law, regulation, legal process, or governmental request.

5. Cookies, Tracking, and the Meta Pixel

Our website uses cookies and similar technologies:

Essential cookies: Required for the website to function (e.g., maintaining session state during your scan).

Meta (Facebook) Pixel: A tracking pixel that sends event data (page views, scan completions, purchases) to Meta for ad measurement and optimisation. You can opt out of Meta's use of cookies and tracking at facebook.com/adpreferences.

Google Analytics (GA4): We use Google Analytics to understand how users interact with our website — including page views, button clicks, scan completions, and purchase events. No personally identifiable information is sent to Google Analytics. Google's privacy policy is available at policies.google.com/privacy.

Device fingerprinting: As described in Section 1.2, we use browser-based fingerprinting for fraud prevention. This does not use cookies but derives a hash from your browser's technical properties.

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the Service.

6. Data Security

We take reasonable steps to protect your information from misuse, interference, loss, unauthorised access, modification, and disclosure. Our security measures include encryption of data in transit (TLS/HTTPS), secure API communication with third-party providers, immediate deletion of uploaded files after processing, and restricted access to production systems.

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights

Under the Australian Privacy Act, you have the right to:

Access: Request access to the personal information we hold about you.

Correction: Request correction of any inaccurate personal information.

Complaint: Lodge a complaint if you believe we have breached the APPs.

Because we delete uploaded documents immediately after analysis and do not require account creation, we may hold very limited personal information about you. To exercise your rights, contact us at hello@billshield.com.au. If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

8. Children's Privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children.

9. International Data Transfers

Your data may be processed by third-party providers located outside Australia, including in the United States (Stripe, Anthropic, Meta). We take reasonable steps to ensure these providers comply with obligations substantially similar to the APPs.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page with a revised “Last updated” date. Material changes will be notified via a prominent notice on our website.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: