Privacy Policy
Play Store Short Summary
SlickBills collects account information, authentication data, and transaction-related data to provide its payment and billing features. We use push notifications to keep you informed about your account. We do not sell your personal data. Data is stored securely via Supabase. You can request deletion of your account and data at any time by contacting us at info@deningsy.com.
1. Introduction
Welcome to SlickBills, a mobile application operated by Deningsy OÜ, a company registered in Estonia (Varvi 12, Tallinn 10621, Estonia, hereinafter "we", "us", or "our"). Our website is https://slickbills.com.
This Privacy Policy explains what personal information we collect when you use the slickbills mobile app, why we collect it, how we use it, and what choices you have. By using slickbills, you agree to the practices described in this policy.
If you have questions or concerns about this policy, please contact us at info@deningsy.com.
2. Information We Collect
We collect only the information needed to provide the slickbills service. This falls into the following categories:
a) Information You Provide Directly
- Account information: name, email address, and profile details you supply when creating an account.
- Authentication credentials: passwords (stored as hashed values via Supabase Auth; we never store plain-text passwords), or tokens issued by third-party sign-in providers (Google, Facebook, Web3Auth).
- Payment and transaction data: billing amounts, due dates, payment status, invoice details, and any notes you attach to transactions.
- User-uploaded files and images: documents, receipts, or images you choose to upload within the app.
- Support messages: any communications you send to us for help or feedback.
b) Information Collected Automatically
- Device identifiers: device model, operating system version, and a unique device or installation identifier used to route push notifications.
- Push notification tokens: a Firebase Cloud Messaging (FCM) registration token assigned to your device so we can send you account notifications. You can disable notifications in your device settings at any time.
- Local storage data: app preferences and session state stored locally on your device via shared preferences (e.g., whether you have enabled local biometric authentication). This data does not leave your device unless explicitly described elsewhere in this policy.
c) Information from Third-Party Sign-In Providers
If you choose to sign in using Google Sign-In, Facebook Login, or Web3Auth, those services will share a limited set of profile information (typically your name, email address, and a unique identifier) with us. We do not receive your password from these providers. Their own privacy policies govern how they process your information before sharing it with us.
d) Information from Device Features
- NFC: if you use NFC features within the app, NFC tag data may be read from physical tags. This data is processed on-device or transmitted to our backend only as required for the specific feature.
- Camera / barcode and QR scanning: if you use scanning features, the camera is accessed temporarily to capture and decode a code. We do not store camera images from scanning sessions.
- File and image picker: files or images you explicitly select are uploaded to our backend for use within the app. We do not access files or images unless you choose to select them.
3. How We Use Information
- To provide the service: creating and managing your account, processing and displaying payment and billing information, and enabling all app features.
- To authenticate you: verifying your identity via email/password, social login (Google, Facebook, Web3Auth), or device-level biometric / local authentication.
- To send notifications: delivering push notifications via Firebase Cloud Messaging about your account activity, payments, and reminders. You can opt out by adjusting notification settings on your device.
- To store your files: saving documents and images you upload so they are accessible across sessions.
- To support you: responding to messages and support requests you send us.
- To maintain security: detecting fraud, unauthorized access, and policy violations.
- To comply with law: meeting legal, tax, or regulatory obligations where applicable.
We do not use your data for advertising, ad targeting, or sale to third parties.
4. Legal Bases for Processing
Where applicable (for example, for users in the European Economic Area, United Kingdom, or other jurisdictions requiring a legal basis), we process your personal data on the following grounds:
- Contract performance: processing your account information, authentication data, and transaction data is necessary to provide the slickbills service you have requested.
- Legitimate interests: maintaining the security of our systems, preventing fraud, and sending you transactional notifications related to your account activity.
- Legal obligation: retaining records as required by applicable law.
- Consent: where we rely on consent (for example, for optional notifications or any optional analytics), you may withdraw consent at any time without affecting the lawfulness of prior processing.
5. How We Share Information
We do not sell your personal data. We share information only in the following limited circumstances:
| Recipient | Purpose | Data Shared |
|---|---|---|
| Supabase | Backend database, file storage, and authentication infrastructure | Account data, transaction data, uploaded files, authentication tokens |
| Firebase (Google) | Push notification delivery (Firebase Cloud Messaging) | FCM device token, notification payload |
| Google Sign-In (optional authentication method) | OAuth token exchanged; Google shares name & email with us | |
| Meta (Facebook) | Facebook Login (optional authentication method) | OAuth token exchanged; Facebook shares name & email with us |
| Web3Auth | Decentralized / Web3 authentication (optional) | OAuth / wallet token exchanged for authentication |
| Legal authorities | Compliance with a valid court order, subpoena, or legal obligation | Minimum data required by the specific legal request |
We do not currently use third-party advertising networks or sell data to data brokers.
6. Data Storage and Security
Your data is stored on servers provided by Supabase, hosted on eu-west-1. Supabase implements industry-standard security controls including encryption at rest and in transit (TLS).
We take the following additional measures to protect your information:
- All data transmitted between the app and our backend is encrypted using TLS/HTTPS.
- Passwords are never stored in plain text; authentication is handled via Supabase Auth's hashed credential system.
- Authentication tokens from third-party providers are exchanged securely and not stored longer than necessary.
- Local device data (preferences, session state) stored via shared preferences does not contain sensitive account or financial information.
- Device biometric / local authentication is handled entirely by the operating system; we do not receive or store biometric data.
No system is completely secure. We encourage you to use a strong, unique password and to keep your device and operating system up to date.
7. Permissions Used by the App
The slickbills app may request the following device permissions. Each permission is requested only when needed for a specific feature, and where possible is optional:
| Permission | Why It Is Needed | Optional? |
|---|---|---|
| Camera | Scanning barcodes / QR codes; capturing document images | Yes — only requested when you use a scanning or upload feature |
| NFC | Reading NFC tags for supported payment or identification workflows | Yes — only used when you initiate an NFC action |
| Storage / Media Access | Selecting files and images from your device to upload | Yes — only requested when you use the file or image picker |
| Push Notifications | Receiving account and payment alerts via Firebase Cloud Messaging | Yes — you can deny or revoke this permission in device settings |
| Internet | Required for all network communication with our backend | No — the app requires internet access to function |
| Biometrics / Device Credentials | Optional local authentication (fingerprint, face ID, PIN) to unlock the app | Yes — you can disable local authentication in app settings |
8. Third-Party Services
The app integrates with the following third-party services. Each has its own privacy policy that governs how they handle data on their end:
- Supabase — supabase.com/privacy
- Firebase / Google Cloud — firebase.google.com/support/privacy
- Google Sign-In — policies.google.com/privacy
- Meta (Facebook Login) — facebook.com/privacy/policy
- Web3Auth — web3auth.io/privacy-policy.html
We do not currently use third-party advertising SDKs, ad networks, or cross-app tracking tools.
9. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the service. Specifically:
- Account and transaction data is retained for the life of your account and for 1 after account deletion, as required for financial record-keeping and legal compliance.
- Uploaded files and images are deleted when you remove them within the app or when your account is deleted.
- Push notification tokens are retained only while your account is active and are invalidated when you sign out or uninstall the app.
- Support messages are retained for 5 years for quality and compliance purposes.
- Local device data (shared preferences) is deleted when you uninstall the app.
You may request deletion of your account and associated data at any time — see Section 10 below.
10. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you.
- Correction: ask us to correct inaccurate or incomplete data.
- Deletion: request that we delete your account and personal data. Some data may be retained where required by law.
- Portability: request your data in a structured, machine-readable format.
- Restriction: ask us to limit how we process your data in certain circumstances.
- Objection: object to processing based on legitimate interests.
- Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior processing.
Notification preferences: you can enable or disable push notifications at any time in your device's notification settings.
Local authentication: you can enable or disable biometric / PIN unlock within the app settings.
To exercise any of the rights above, contact us at info@deningsy.com. We will respond within 30 days and may ask you to verify your identity before processing a request.
If you are located in the EEA or UK and believe we have not addressed your concern, you have the right to lodge a complaint with your local data protection supervisory authority.
11. Children's Privacy
SlickBills is not directed at children under the age of 16. We do not knowingly collect personal data from children below this age. If you believe a child has provided us with personal information, please contact us at info@deningsy.com and we will delete that information promptly.
12. International Data Transfers
SlickBills is operated by Deningsy OÜ, registered in Estonia (European Union). If you are located outside the EU, your data may be transferred to and processed in countries where our service providers (including Supabase and Google Firebase) operate their infrastructure. These transfers are subject to appropriate safeguards, such as standard contractual clauses or the recipient country's adequacy decision, as required by applicable law.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in the app, our practices, or applicable law. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you via an in-app notice or push notification before the change takes effect. Continued use of slickbills after a policy update constitutes acceptance of the revised policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
- Email: info@deningsy.com
- Company: Deningsy OÜ
- Address: Varvi 12, Tallinn 10621, Estonia
- Website: https://slickbills.com