Here's an honest account of where your data lives, who can see it, and what we're planning as the product grows.
Right now, Billino works entirely offline. Every invoice, client, and business profile you create is stored locally on your phone. Nothing is sent to any server. Billino has no access to any of your data — we cannot read it, lose it, or hand it over to anyone.
The practical consequence: if you uninstall the app without a backup, your data is gone. This is a trade-off we're aware of, and the planned cloud sync feature addresses it.
billino.io is a static site served over TLS via Cloudflare's global edge network. There is no login, no database, and no server-side code. There is nothing to breach on the web side.
When optional cloud sync launches, invoice data stored on our servers will be encrypted at rest. We will publish technical details — including the encryption scheme and key management approach — before the feature ships. You will be able to delete your account and all associated data at any time.
Found a security issue? Please email hello@billino.io. We aim to acknowledge reports within 48 hours and will credit researchers who report responsibly.
We do not have a bug bounty programme at this time.