Bilan AI — a product of Dependable Property LLC. Version 2.1 · Effective June 1, 2026
This Privacy Notice explains how Bilan AI (operated by Dependable Property LLC) collects, uses, discloses, and safeguards your information, and the rights and choices available to you. It applies to personal data processed through the Bilan AI platform, websites, and related services. Please read it together with our Terms of Use and Cookie Policy.
This Privacy Notice ("Notice") applies to all personal information collected through Bilan AI services on which it is posted, including aibilan.com and all associated mobile applications, platforms, and digital services, unless otherwise modified by another notice.
This Notice describes our practices regarding: (a) what personal information we collect; (b) how we collect it; (c) how we use it; (d) who we share it with; (e) how long we retain it; (f) how we protect it; and (g) your rights with respect to it.
When we say "Bilan AI," "we," "our," or "us," we mean Dependable Property LLC, a Georgia limited liability company doing business as Bilan AI. We are a United States company and, for now, we operate in the United States.
We provide an easy-to-use online platform for small businesses and their advisors. At the core of our platform is our cloud-based accounting software. Our company details are:
"Personal data" means information that relates to you and from which you can be identified, directly or indirectly. This Notice applies to personal data we collect across all our websites, apps, and digital services, including data collected when you visit our websites, interact with our support teams, participate in events or competitions, or access us through cookies and similar tracking technologies.
This Notice does not apply to personal data that our subscribers or their invited users enter into our Services about their own customers, suppliers, employees, or other third parties. In those cases, our subscribers are the data controllers and we process that data only as a data processor (or "service provider") on their behalf, in accordance with our Data Processing Terms. This Notice also does not apply to job applicants or employees in the context of our working relationship with them.
When you visit our websites, create an account, sign up for a trial, purchase services, contact support, participate in surveys or competitions, or attend our events.
We automatically collect technical data when you visit our websites or use our Services — including data about your device, browser, IP address, usage patterns, and platform interactions.
| Category | Examples | Primary Source |
|---|---|---|
| Identity & Contact | Name, email, phone, address, social media handle | Directly / Third parties |
| Account Data | Login info, profile, password, subscription details | Directly / Third parties |
| Payment Data | Card details (truncated), bank account, billing address | Directly / Payment processors |
| Communications | Support tickets, chat logs, email history, call recordings | Directly / Automatically |
| Marketing & Advertising | Interests, survey responses, communication preferences | Directly / Automatically |
| Device Data | IP address, browser type, device ID, OS, location | Automatically |
| Service Usage | Page views, feature usage, login events, clicks, session length | Automatically |
| Uploaded Content | Photos, videos, audio recordings uploaded to the Services | Directly |
| Sensitive Information | Health data, union membership (where voluntarily provided) | Directly |
We use your personal data to operate our Services and to manage our relationship with you. We are committed to data minimisation — we collect and process only the personal data that is necessary for the purposes described in this Notice. We do not sell your personal data to third parties for their own marketing purposes.
| Purpose | Description |
|---|---|
| Deliver Services | Sign-up, subscription management, purchases, maintenance, data analysis, testing, and system hosting including AI/ML technologies |
| Communications | Service updates, invoices, technical notices, security alerts, support responses via email, telephone, SMS, or in-product notifications |
| Quality Assurance | Review communications for customer support, quality assurance, training purposes, and related record-keeping |
| Security Management | Detect suspicious activity, block unauthorised access, prevent fraud, and protect users and business |
| Compliance Management | Ensure compliance with our Terms, internal reporting, and audit purposes |
| Improve Services | Analyse collected data to improve our platform, develop new products, and understand customer behaviour including through AI/ML analysis |
| Marketing | Contact you about products, promotions, and events (with consent where required), via email, SMS, and in-product messaging |
| Personalisation | Provide locally targeted content and tailor the interface and content served to you |
| Advertising | Personalise and target advertising on our platforms and through third-party services |
| Legal & Regulatory | Comply with applicable laws and regulations including responding to regulatory authorities and law enforcement |
| Legal Claims | Preserve our legal rights and defend or bring claims to protect our interests |
We use cookies and similar tracking technologies to collect and use personal data about you, including to serve interest-based advertising.
| Cookie Type | Purpose | Can Be Disabled? |
|---|---|---|
| Essential | Necessary for the Services to function correctly | No |
| Performance | Help us understand how visitors interact with our Services | Yes |
| Functionality | Remember your preferences and settings | Yes |
| Targeting/Advertising | Used to deliver relevant advertising and measure campaign effectiveness | Yes |
You can control cookies through your browser settings and, where available, through our cookie consent manager. We comply with applicable cookie consent requirements under GDPR and the ePrivacy Directive.
| Data | Bilan AI Role | Subscriber Role |
|---|---|---|
| Subscriber account & profile data | Data Controller | Data Subject |
| Subscriber's customer / employee data entered into the platform | Data Processor | Data Controller |
| Usage analytics & platform telemetry | Data Controller | — |
With other companies within the Bilan AI group to enable us to provide you with our Services.
With service providers who process data on our behalf, including providers of: cloud hosting and storage; email and communications services; customer support tools; data analytics; security and fraud prevention; marketing and advertising; payment processing. These service providers are contractually bound to process your data only as instructed by us and are listed in our Sub-processor List.
If you connect third-party apps or services, your data may be shared with those providers. Their use of your data is governed by their own terms and privacy policies.
We may disclose personal data to regulators, law enforcement, courts, or other authorities where required by applicable law. Where permitted, we will notify you before making such disclosure.
In connection with a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, who will be bound by privacy obligations at least as protective as those set out here.
| Data / Document Type | Retention Period | Legal Basis |
|---|---|---|
| Account & subscriber data | Duration of subscription + 3 years post-termination | Contractual / Legal obligation |
| Transaction & journal records | 7 years minimum | Tax law (IRS, HMRC, IRD, ATO) / GAAP |
| Invoices & billing records | 7 years | Tax / accounting regulations |
| Payroll records | 7 years | Employment & tax law |
| Bank reconciliation records | 7 years | GAAP / tax audit requirements |
| Audit trail logs | 7 years (permanent where legally required) | SOC 2 / GAAP / Legal obligation |
| Support & communications | 3 years from last interaction | Legitimate interests / dispute resolution |
| Security & access logs | 12 months (minimum); 3 years for SOC 2 | Security policy / SOC 2 Type II |
| Marketing & consent records | Until consent withdrawn + 1 year | GDPR / CCPA consent management |
| Backup snapshots | 90-day rolling window | Disaster recovery / business continuity |
| Deleted user data (after DSAR) | 30 days (purge cycle) | GDPR Art. 17 / CCPA |
After the applicable retention period, we will securely delete or irreversibly anonymise your personal data using industry-standard data destruction methods. Data retained for legal or audit obligations will be restricted from active processing until deletion.
You may submit a Data Subject Access Request (DSAR) or erasure request at any time. Note that we may be unable to delete data that we are legally required to retain. Requests should be sent to privacy@aibilan.com.
We are committed to protecting your information and have implemented appropriate technical and organisational security measures (TOMs) as required by GDPR Article 32 and equivalent regulations.
In the event of a security incident that constitutes a notifiable personal data breach, Bilan AI will:
Bilan AI stores and processes personal data on cloud infrastructure located in the United States. If you access the Services from outside the United States, your personal data will be transferred to and processed in the United States. Where you are located in a region whose laws restrict such transfers, we rely on appropriate safeguards (such as the EU Standard Contractual Clauses) as required by applicable data-protection law.
| Transfer Route | Safeguard Mechanism | Legal Framework |
|---|---|---|
| EEA → United States | Standard Contractual Clauses (SCCs) | GDPR Art. 46(2)(c) — EU Commission approved SCCs |
| UK → United States | International Data Transfer Agreement (IDTA) / UK Addendum | UK GDPR Art. 46 |
Where required, Bilan AI conducts Transfer Impact Assessments (TIAs) prior to transferring personal data to third countries to evaluate the legal landscape and ensure adequate protection is maintained in practice. TIA summaries are available to Enterprise subscribers upon request.
Our principal sub-processors, including our cloud infrastructure provider, operate data centres in the United States. Your data is stored in the United States. Contact privacy@aibilan.com for specific data-residency information.
Depending on your jurisdiction, you have some or all of the following rights over your personal data. We honour these rights without requiring you to pay a fee and without imposing unreasonable requirements.
Know whether we hold personal data about you and receive a copy in a readable format.
Request correction of inaccurate, incomplete, or out-of-date personal data.
Request deletion of your personal data where there is no overriding legal basis for retention.
Request that we temporarily halt processing of your personal data while a dispute is resolved.
Receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV).
Object to processing based on legitimate interests or for direct marketing at any time.
Not be subject to solely automated decisions with significant legal or similarly significant effects, and to request human review.
Withdraw consent at any time where our processing is based on consent, without affecting prior lawful processing.
| Right | How to Submit | Our Response Time |
|---|---|---|
| Access (SAR / DSAR) | Email privacy@aibilan.com with subject "Data Access Request" | Within 30 days (extendable to 90 days for complex requests) |
| Erasure / Deletion | Email privacy@aibilan.com or use the in-app DSAR button | Within 30 days (subject to legal retention obligations) |
| Rectification | Update via Account Settings, or email us | Within 14 days |
| Portability | Use in-app data export, or email us for a full data package | Within 30 days |
| Opt-out of Marketing | Unsubscribe link in emails, or email privacy@aibilan.com | Within 10 business days |
| CCPA Opt-out (Do Not Sell) | Email privacy@aibilan.com | Within 15 business days |
To protect your privacy, we may ask you to verify your identity before processing a rights request. We will use the minimum information necessary to confirm your identity and will not use it for any other purpose.
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority:
| Jurisdiction | Authority | Website |
|---|---|---|
| EU / EEA | Your national Data Protection Authority (DPA) | edpb.europa.eu/about-edpb/about-edpb/members |
| United Kingdom | Information Commissioner's Office (ICO) | ico.org.uk |
| United States (Federal) | Federal Trade Commission (FTC) | ftc.gov |
| California (US) | California Privacy Protection Agency (CPPA) | cppa.ca.gov |
We may update this Privacy Notice from time to time. If we make a material change, we will notify you by sending an email to the address associated with your account or by posting a prominent notice on our website and within the Services. Material changes will become effective 30 days after we post notice.
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.
If you are in the European Economic Area ("EEA") or United Kingdom ("UK"), this section provides additional information applicable to you in relation to the personal data we process under this Notice. The sections on Controllers & Representatives and Legal Bases are particularly relevant to you.
| Role | Entity | Address |
|---|---|---|
| Data Controller | Dependable Property LLC (d/b/a Bilan AI) | Grayson, Georgia 30017, United States |
| Legal Basis | GDPR Article | Processing Activities |
|---|---|---|
| Contractual Necessity | Art. 6(1)(b) | Delivering services; managing subscriptions; communicating about your account; processing payments; providing customer support |
| Consent | Art. 6(1)(a) | Marketing communications (where consent is required); personalised advertising; non-essential cookies; competitions and surveys |
| Legitimate Interests | Art. 6(1)(f) | Quality assurance; security management; fraud prevention; compliance management; product improvement; analytics; managing legal claims |
| Legal Obligation | Art. 6(1)(c) | Tax and financial record-keeping; responding to legal/regulatory requests; security incident management; AML compliance |
California residents have additional rights including: the right to know about personal information collected and disclosed; the right to delete personal information; the right to opt-out of the sale or sharing of personal information; the right to correct inaccurate personal information; the right to limit use of sensitive personal information; and the right to non-discrimination for exercising CCPA rights. Submit a CCPA request at privacy@aibilan.com. We do not sell your personal information.
Virginia residents have rights under the VCDPA including rights to access, correct, delete, and obtain a copy of their personal data, and to opt out of processing for targeted advertising, sale, or profiling.
Similar rights may apply to residents of Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with comprehensive privacy laws.