Privacy Policy

1. Information We Collect

• Account data: Name, email address, and role — provided via SSO (AWS Cognito)
• Calendar data: Event titles, times, and attendees — read-only access for time tracking
• Time tracking data: Time entries, hours, projects, and billing categories
• Usage data: Anonymized interaction data for platform improvement

2. How We Store Your Data

• AWS infrastructure (DynamoDB, S3, Lambda) in US regions
• AES-256 encryption at rest via AWS KMS
• TLS 1.2+ encryption for all data in transit
• Tenant-isolated by DynamoDB partition key — no cross-tenant data access

3. Third-Party Services

BillPilot integrates with the following services to provide its functionality:

• Google Calendar API — calendar event synchronization
• Microsoft Graph API — Microsoft 365 calendar integration
• AWS Cognito — authentication and identity management
• Vercel — frontend hosting and delivery

4. Data Retention

Data is retained while your account is active. Audit logs are retained for compliance purposes (default 7 years, configurable per tenant). Upon account termination, data can be exported and is deleted within 30 days.

5. Your Rights

• Access: View your data via the BillPilot dashboard or request from your Admin
• Export: Export your timesheet and invoice data via the Exports feature
• Deletion: Request deletion by contacting privacy@blueskyatg.com

6. Cookies

• bp_id_token — HttpOnly session cookie (essential, authentication)
• keyboard-hints-visible — localStorage preference (non-essential)

BillPilot does not use tracking cookies or third-party analytics cookies.

7. Contact

BlueSky ATG, Inc.
privacy@blueskyatg.com
www.blueskyatg.com