Security & Protection

Security policy

Learn how we safeguard your data through industry-standard security practices, infrastructure protections, and internal controls.

Last Updated
Septermber 9, 2025

At Billix, we take security seriously. This policy outlines how we protect your data and maintain the security of our AI application.

Last Updated: September 9, 2025

Encryption

  • API Keys: Encrypted using AES-GCM 256-bit with PBKDF2 key derivation (100,000 iterations)
  • Data in Transit: All communications use HTTPS/TLS encryption
  • User Isolation: User-specific encryption keys ensure data isolation

Access Controls

  • Authentication via Google OAuth through Convex Auth
  • Users can only access their own data
  • Server-side validation for all data access requests
  • Rate limiting: 5 messages/day anonymous, 20 messages/day authenticated
  • Session management with automatic expiration

Technology Stack

  • Convex Backend: Managed serverless backend with built-in security features
  • Next.js 15: Modern framework with security best practices
  • TypeScript: Type-safe development to reduce bugs
  • Vercel Hosting: Secure hosting with DDoS protection

Application Security

  • Input validation and sanitization
  • Protection against common web vulnerabilities (XSS, CSRF)
  • Secure session management
  • Environment variables for sensitive configuration

AI Providers

  • OpenAI, Anthropic, Google, and other established AI providers
  • API calls are encrypted
  • Only necessary message data is sent
  • API keys are encrypted and stored securely

Other Services

  • Convex: Database and backend infrastructure
  • Vercel: Hosting and analytics
  • Polar: Payment processing (PCI compliant) — we do not store card info

Data We Store

  • Account information (name, email from Google OAuth)
  • Chat messages and conversation history
  • Encrypted API keys (if provided)
  • User preferences and settings

Data Deletion

  • Users can delete their chat history at any time
  • Account deletion removes all associated data
  • Data is retained only as long as necessary for service functionality

Our Security Practices

  • Regular updates of dependencies and frameworks
  • Code reviews for security-sensitive changes
  • Monitoring for known vulnerabilities in dependencies
  • Following web application security best practices
  • Using environment variables for sensitive configuration

Incident Response

  • Investigate security issues promptly
  • Contain and fix problems
  • Notify affected users if data is compromised
  • Work to prevent similar incidents in the future

Your Security Responsibilities

  • Keep your Google account secure
  • Do not share your API keys
  • Log out when using shared devices
  • Report any suspicious activity to us

Reporting Security Issues

  • Report vulnerabilities to support@billix.io
  • Include issue details and reproduction steps
  • Allow reasonable time for investigation and resolution
  • Do not publicly disclose until addressed

Policy Updates

We may update this security policy as practices evolve. Check periodically for updates. The "Last Updated" date shows the most recent changes.

FAQS

Frequently Asked Questions

Find quick, helpful explanations about features, pricing, integrations, and how Billix fits into your workflow.

Billix is an AI-powered workspace that unifies chat, automation, content creation, and 500+ integrations into one seamless platform.

Just give plain-language instructions and Billix executes real actions across your connected apps — no setup or technical skills required.

Let's Make Life Easier

Try Billix for
free right now

Start for free

Enterprise-
Grade Security

Effortless
For Everyone

Automation
Made Natural

Unified
Workflow Sync

Start for free, right now