Trust & security
Security at BillBridge
BillBridge handles invoicing, quotes, time tracking, and client records for freelancers and small agencies. This page summarizes how we protect the platform and the data you store in it.
Last updated: June 23, 2026
Hosting & infrastructure
BillBridge runs on Vercel's managed cloud platform with monitored uptime and network isolation. We rely on reputable, industry-standard providers for application hosting, data storage, and file storage. Production access is restricted to authorized personnel on a need-to-know basis.
Encryption
Data in transit is protected with TLS (HTTPS) between your browser, our application, and the services we integrate with. Data at rest is stored with our cloud providers' managed encryption.
Authentication & access control
Sign-in and account security are handled by Clerk, a dedicated authentication provider. BillBridge never stores your password. Sessions are scoped to your account, and dashboard, portal, and API routes require valid credentials. We follow least-privilege principles for internal tooling and production access.
Payments
Subscription billing is processed by Stripe, a PCI-DSS Level 1 certified payment provider. Card details are entered directly with Stripe and are never stored on BillBridge servers — we keep only the billing metadata needed to manage your subscription.
Data storage & ownership
Your business records — clients, invoices, quotes, time entries, and expenses — are stored in managed cloud databases, and uploaded files such as logos are kept in object storage (Amazon S3). You retain ownership of your data. Meritt Dev Limited does not sell it. We process it only to provide and improve the service.
Backups & availability
Production data is hosted on managed database infrastructure with provider-level redundancy and backups. We design for resilience with retries on background jobs (such as recurring invoices and notifications) and operational monitoring to detect issues quickly.
Third-party services
BillBridge relies on trusted providers, each limited to the data necessary to perform its function:
- Vercel — application hosting and delivery.
- Clerk — authentication and session management.
- Stripe — subscription payments and billing.
- Google Cloud / Firebase — managed database for business records.
- Amazon S3 — storage for uploaded files such as logos.
- Resend — delivery of transactional email (invoices, quotes, notifications).
- Google Analytics & AdSense — analytics and advertising on the free plan and public pages.
For retention, your rights, and how we handle personal data, see our Privacy Policy.
Reporting a vulnerability
If you believe you've found a security issue, please email [email protected] with details so we can investigate. We appreciate responsible disclosure and will respond as quickly as we can.