A.Billi Privacy Policy

Parallel Systems · Last updated: May 1, 2026

Key Principles

1. Local-First Design

Your purchase history, receipt scans, and shopping list are stored on your device. We do not have access to your individual purchase records. Receipt scanning uses on-device OCR (Google ML Kit) — no images or text leave your phone.

2. Tiered Identity

A.Billi offers three levels of identity, each with different data handling:

Tier	Identity	Data shared
Observer	No account needed	None — everything stays on your device
Participant	Google or Apple sign-in	An opaque participant ID for voting and proposals. Your email is used for authentication only and is never displayed or shared.
Verified (future)	Bank-linked via Plaid	Spending verification only — A.Billi will never access your bank balance, account numbers, or full transaction history. Only category-level spending confirmation.

3. Anonymous Community Features

When you vote on campaigns, endorse proposals, or participate in community coordination, your actions are linked to an opaque participant ID that cannot be traced back to your name or email. Community-level data is always shown in aggregate, never individually.

4. Demand Signals

A.Billi collects anonymized, aggregate behavior signals to understand community demand patterns. These include: which alternatives users view, which swaps are tapped, and which searches return no results. These signals contain no user identity — they are anonymous counts used to help local businesses understand what communities need.

To prevent individual re-identification, demand signals in any community-and-category bucket are only displayed once at least five people have contributed to that bucket. Below the threshold, the bucket is hidden entirely — not shown as a low number.

5. Deliberation: Reasons Boards

When your community is thinking through a proposal, A.Billi uses a Polis-style reasons board: people post short statements explaining their reasoning, and others react agree, disagree, or pass on each statement. The system surfaces which reasons cross groups and which divide them.

What we store on our servers when you participate:

Statements you post — the text itself, linked to your opaque participant ID. Statements are visible to other members of your community.
Reactions you give — whether you reacted agree, disagree, or pass to each statement, linked to your opaque participant ID. Reactions are aggregated for display; individual reactions are not shown to other users.
Vote weight — equal for all participants. Stewards have no extra weight; their only authority is corrective (the ability to flag a board for re-deliberation), and that authority is publicly logged.

Statements you post are public to your community by their nature. We don't show your email or name alongside them — only your opaque participant ID — but the text is visible to others. If you delete your account, your statements and reactions are removed from our servers within 30 days.

You can request deletion of a specific statement at any time by emailing privacy@abilli.app.

What We Collect

On your device only: Purchase history, receipt scans, shopping list items, barcode scan results, bank statement imports.
On our servers (Supabase): Opaque participant ID (if signed in), community votes and proposals, deliberation statements and reactions you post on reasons boards, anonymized demand signals, campaign participation.
Never collected: Your name (unless you provide it), location tracking, contacts, browsing history, advertising identifiers.

Third-Party Services

Service	Purpose	Data shared
Supabase	Backend for community features	Opaque participant ID, votes, proposals, anonymous signals
Google Sign-In / Apple Sign-In	Authentication	Email address (for auth only, never displayed)
Google ML Kit	On-device receipt OCR	None — processing is entirely on your device
Open Food Facts	Product barcode lookup	Barcode numbers only
Plaid (future)	Bank-linked spending verification	Category-level spending only — never balances, account numbers, or full transaction details

Data Retention

On-device data: Retained until you delete it or uninstall the app.
Community participation: Votes and proposals are retained as long as the associated campaign or proposal exists.
Deliberation content: Statements you post and reactions you give on reasons boards are retained as long as the board exists. If a board is closed or archived, its statements remain visible for transparency. Deleting your account removes your statements and reactions within 30 days.
Demand signals: Aggregated anonymously and retained indefinitely for community demand intelligence. Individual signal records are pruned after 12 months.
Account deletion: You can delete your account and all associated server-side data through the Settings screen.

Your Rights

You can use A.Billi fully without creating an account.
You can view and delete all local data through the Settings screen.
You can delete your account and request deletion of all server-side data.
Community data is anonymous and cannot be linked to you.
Uninstalling the app removes all local data from your device.

Children

A.Billi is not directed at children under 13. We do not knowingly collect any information from children.

No Ads, No Data Sales

A.Billi does not display advertisements. We do not sell, rent, or share your personal data with any third party for marketing purposes. Our revenue model is based on businesses paying to be listed as local alternatives — not on your data.

Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via the app. The “Last updated” date at the top reflects the most recent revision.

Contact

Questions about privacy? Reach us at:

Email: abilliapp@gmail.com

Your purchases stay on your device. Community features use only anonymous aggregates. Verified accounts use opaque IDs that can never be traced to your email. No tracking, no ads, no data sales. Ever.