Security and privacy are at the core of BillMaple. This page explains how we protect your data and the steps you can take to keep your account safe.
← Back to BillMapleLast updated: June 18, 2026
BillMaple is built with a "least access" and "privacy by design" mindset. We collect the minimum data needed to run the Service, isolate sensitive information, and prefer keeping credentials on your device rather than on our servers.
When you link a provider account, your session token is saved strictly on your own smartphone using hardware-backed local encryption. We never store your plain-text passwords or financial credentials on our servers. Account passwords for BillMaple itself are stored only as salted, one-way hashes — never in readable form.
BillMaple acts only as a technical reader. We fetch your balance and due date so your dashboard stays current — typically once a month. We do not initiate payments, transfer funds, or change settings on your provider accounts. This dramatically limits what could happen even in a worst-case scenario.
BillMaple does not process or store full payment-card numbers. Premium subscriptions are billed securely through the Apple App Store or Google Play, which handle payment data under their own PCI-compliant systems.
We welcome reports from security researchers. If you believe you have found a vulnerability, please email bill@billmaple.ca with details and steps to reproduce. Please give us a reasonable time to investigate and fix the issue before public disclosure, and avoid accessing or modifying other users' data. We will acknowledge valid reports and keep you updated.
We maintain an incident-response process. In the event of a data breach that poses a real risk of significant harm, we will notify affected users and the relevant authorities as required by PIPEDA and applicable law.
Security questions or reports: bill@billmaple.ca. General privacy questions: Privacy Policy.
