☁ Bilan AI

Privacy Policy

Bilan AI — a product of Dependable Property LLC. Version 2.1 · Effective June 1, 2026

This Privacy Notice explains how Bilan AI (operated by Dependable Property LLC) collects, uses, discloses, and safeguards your information, and the rights and choices available to you. It applies to personal data processed through the Bilan AI platform, websites, and related services. Please read it together with our Terms of Use and Cookie Policy.

Contents
36. Privacy Information — Rights and Responsibilities Statement 37. Introduction 38. Who Are We? 39. What Does This Notice Cover? 40. What This Notice Doesn't Cover 41. Personal Data We Collect and How We Get It 42. Personal Data Categories and Sources 43. How We Use Your Personal Data 44. Purposes for Using Personal Data 45. Cookies and Similar Tracking Technology 46. How We Share Your Personal Data & Data Processing Addendum (DPA) 47. Personal Data & Document Retention Schedule 48. Security of Your Personal Data 49. International Data Transfers 50. Your Data Rights & How to Exercise Them 51. Updates to This Notice 52. How to Contact Us 53. Additional Information — EEA & UK Users 54. Data Controller 55. Legal Bases for Processing Personal Data 56. State-Specific Disclosures

36. Privacy Information — Rights and Responsibilities Statement

Your Rights

  • The right to know whether and what personal data we hold about you
  • The right to access a copy of your personal data
  • The right to correct inaccurate or out-of-date personal data
  • The right to request deletion of your personal data
  • The right to object to or restrict our processing of your personal data
  • The right to data portability — to receive your data in a machine-readable format
  • The right not to be subject to solely automated decision-making with legal or significant effects
  • The right to withdraw consent at any time where processing is based on consent
  • The right to lodge a complaint with a supervisory authority

Your Responsibilities

  • Providing accurate and current information when creating or updating your account
  • Maintaining the security and confidentiality of your account credentials
  • Using the Services only for lawful purposes and in compliance with these Terms
  • Notifying us promptly of any security breaches affecting your account
  • Ensuring you have the right to share any personal data of third parties that you enter into the Services

37. Introduction

This Privacy Notice ("Notice") applies to all personal information collected through Bilan AI services on which it is posted, including aibilan.com and all associated mobile applications, platforms, and digital services, unless otherwise modified by another notice.

This Notice describes our practices regarding: (a) what personal information we collect; (b) how we collect it; (c) how we use it; (d) who we share it with; (e) how long we retain it; (f) how we protect it; and (g) your rights with respect to it.

Scope of This NoticeThis Notice applies to personal data processed by Bilan AI in its capacity as a data controller. It does not apply to personal data that our subscribers enter about their own customers, suppliers, or employees — that data is processed by us as a service provider (data processor) on the subscriber's behalf.

38. Who Are We?

When we say "Bilan AI," "we," "our," or "us," we mean Dependable Property LLC, a Georgia limited liability company doing business as Bilan AI. We are a United States company and, for now, we operate in the United States.

We provide an easy-to-use online platform for small businesses and their advisors. At the core of our platform is our cloud-based accounting software. Our company details are:

39. What Does This Notice Cover?

"Personal data" means information that relates to you and from which you can be identified, directly or indirectly. This Notice applies to personal data we collect across all our websites, apps, and digital services, including data collected when you visit our websites, interact with our support teams, participate in events or competitions, or access us through cookies and similar tracking technologies.

40. What This Notice Doesn't Cover

This Notice does not apply to personal data that our subscribers or their invited users enter into our Services about their own customers, suppliers, employees, or other third parties. In those cases, our subscribers are the data controllers and we process that data only as a data processor (or "service provider") on their behalf, in accordance with our Data Processing Terms. This Notice also does not apply to job applicants or employees in the context of our working relationship with them.

41. Personal Data We Collect and How We Get It

Directly from You

When you visit our websites, create an account, sign up for a trial, purchase services, contact support, participate in surveys or competitions, or attend our events.

Automatically

We automatically collect technical data when you visit our websites or use our Services — including data about your device, browser, IP address, usage patterns, and platform interactions.

From Third Parties

  • Marketing partners and data providers who help us identify potential customers
  • Social media platforms where you have made information publicly available
  • Analytics providers and advertising partners
  • Financial services providers including payment processors and fraud detection services
  • Partners and resellers who refer customers to our platform

42. Personal Data Categories and Sources

CategoryExamplesPrimary Source
Identity & ContactName, email, phone, address, social media handleDirectly / Third parties
Account DataLogin info, profile, password, subscription detailsDirectly / Third parties
Payment DataCard details (truncated), bank account, billing addressDirectly / Payment processors
CommunicationsSupport tickets, chat logs, email history, call recordingsDirectly / Automatically
Marketing & AdvertisingInterests, survey responses, communication preferencesDirectly / Automatically
Device DataIP address, browser type, device ID, OS, locationAutomatically
Service UsagePage views, feature usage, login events, clicks, session lengthAutomatically
Uploaded ContentPhotos, videos, audio recordings uploaded to the ServicesDirectly
Sensitive InformationHealth data, union membership (where voluntarily provided)Directly

43. How We Use Your Personal Data

We use your personal data to operate our Services and to manage our relationship with you. We are committed to data minimisation — we collect and process only the personal data that is necessary for the purposes described in this Notice. We do not sell your personal data to third parties for their own marketing purposes.

44. Purposes for Using Personal Data

PurposeDescription
Deliver ServicesSign-up, subscription management, purchases, maintenance, data analysis, testing, and system hosting including AI/ML technologies
CommunicationsService updates, invoices, technical notices, security alerts, support responses via email, telephone, SMS, or in-product notifications
Quality AssuranceReview communications for customer support, quality assurance, training purposes, and related record-keeping
Security ManagementDetect suspicious activity, block unauthorised access, prevent fraud, and protect users and business
Compliance ManagementEnsure compliance with our Terms, internal reporting, and audit purposes
Improve ServicesAnalyse collected data to improve our platform, develop new products, and understand customer behaviour including through AI/ML analysis
MarketingContact you about products, promotions, and events (with consent where required), via email, SMS, and in-product messaging
PersonalisationProvide locally targeted content and tailor the interface and content served to you
AdvertisingPersonalise and target advertising on our platforms and through third-party services
Legal & RegulatoryComply with applicable laws and regulations including responding to regulatory authorities and law enforcement
Legal ClaimsPreserve our legal rights and defend or bring claims to protect our interests

45. Cookies and Similar Tracking Technology

We use cookies and similar tracking technologies to collect and use personal data about you, including to serve interest-based advertising.

Cookie TypePurposeCan Be Disabled?
EssentialNecessary for the Services to function correctlyNo
PerformanceHelp us understand how visitors interact with our ServicesYes
FunctionalityRemember your preferences and settingsYes
Targeting/AdvertisingUsed to deliver relevant advertising and measure campaign effectivenessYes

You can control cookies through your browser settings and, where available, through our cookie consent manager. We comply with applicable cookie consent requirements under GDPR and the ePrivacy Directive.

46. How We Share Your Personal Data & Data Processing Addendum (DPA)

Data Processing Addendum (DPA) — Bilan AI acts as a Data Processor when processing personal data that subscribers (as Data Controllers) enter about their customers, employees, and suppliers. This section summarises our DPA obligations. A full executed DPA is available upon request at privacy@aibilan.com.

Controller vs. Processor

DataBilan AI RoleSubscriber Role
Subscriber account & profile dataData ControllerData Subject
Subscriber's customer / employee data entered into the platformData ProcessorData Controller
Usage analytics & platform telemetryData Controller

DPA Key Obligations

  • Process personal data only on documented instructions from the subscriber
  • Ensure persons authorised to process data are bound by confidentiality
  • Implement appropriate technical and organisational security measures (Article 32 GDPR)
  • Assist the subscriber in responding to data subject rights requests
  • Notify the subscriber of any personal data breach within 72 hours of becoming aware
  • Delete or return all personal data upon termination of services
  • Provide all information necessary to demonstrate compliance upon request

Within the Bilan AI Group

With other companies within the Bilan AI group to enable us to provide you with our Services.

Third-Party Service Providers (Sub-processors)

With service providers who process data on our behalf, including providers of: cloud hosting and storage; email and communications services; customer support tools; data analytics; security and fraud prevention; marketing and advertising; payment processing. These service providers are contractually bound to process your data only as instructed by us and are listed in our Sub-processor List.

Third-Party Integrations

If you connect third-party apps or services, your data may be shared with those providers. Their use of your data is governed by their own terms and privacy policies.

Legal and Regulatory Requirements

We may disclose personal data to regulators, law enforcement, courts, or other authorities where required by applicable law. Where permitted, we will notify you before making such disclosure.

Business Transfers

In connection with a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, who will be bound by privacy obligations at least as protective as those set out here.

47. Personal Data & Document Retention Schedule

Document Retention Schedule — This schedule governs how long Bilan AI retains personal data and financial records. Periods reflect requirements under GAAP, tax laws (IRS, IRD, HMRC, ATO), and applicable privacy regulations. Last Updated: 2026-06-01.
Data / Document TypeRetention PeriodLegal Basis
Account & subscriber dataDuration of subscription + 3 years post-terminationContractual / Legal obligation
Transaction & journal records7 years minimumTax law (IRS, HMRC, IRD, ATO) / GAAP
Invoices & billing records7 yearsTax / accounting regulations
Payroll records7 yearsEmployment & tax law
Bank reconciliation records7 yearsGAAP / tax audit requirements
Audit trail logs7 years (permanent where legally required)SOC 2 / GAAP / Legal obligation
Support & communications3 years from last interactionLegitimate interests / dispute resolution
Security & access logs12 months (minimum); 3 years for SOC 2Security policy / SOC 2 Type II
Marketing & consent recordsUntil consent withdrawn + 1 yearGDPR / CCPA consent management
Backup snapshots90-day rolling windowDisaster recovery / business continuity
Deleted user data (after DSAR)30 days (purge cycle)GDPR Art. 17 / CCPA

After the applicable retention period, we will securely delete or irreversibly anonymise your personal data using industry-standard data destruction methods. Data retained for legal or audit obligations will be restricted from active processing until deletion.

Requesting Early Deletion

You may submit a Data Subject Access Request (DSAR) or erasure request at any time. Note that we may be unable to delete data that we are legally required to retain. Requests should be sent to privacy@aibilan.com.

48. Security of Your Personal Data

We are committed to protecting your information and have implemented appropriate technical and organisational security measures (TOMs) as required by GDPR Article 32 and equivalent regulations.

Personal Data Breach Notification

In the event of a security incident that constitutes a notifiable personal data breach, Bilan AI will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware (as required under GDPR Art. 33 and equivalent laws)
  • Notify affected subscribers and data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms
  • Provide clear information about the nature of the breach, categories and approximate number of individuals affected, likely consequences, and measures taken or proposed
  • Maintain a breach register for internal accountability and regulatory inspection
Technical Details: For full technical security specifications including encryption standards, penetration test schedules, and SOC 2 report availability, see Section 14 (Security & Encryption Whitepaper) in the Terms of Use tab, or contact security@aibilan.com.

49. International Data Transfers

Bilan AI stores and processes personal data on cloud infrastructure located in the United States. If you access the Services from outside the United States, your personal data will be transferred to and processed in the United States. Where you are located in a region whose laws restrict such transfers, we rely on appropriate safeguards (such as the EU Standard Contractual Clauses) as required by applicable data-protection law.

Transfer Safeguards by Region

Transfer RouteSafeguard MechanismLegal Framework
EEA → United StatesStandard Contractual Clauses (SCCs)GDPR Art. 46(2)(c) — EU Commission approved SCCs
UK → United StatesInternational Data Transfer Agreement (IDTA) / UK AddendumUK GDPR Art. 46

Transfer Impact Assessments

Where required, Bilan AI conducts Transfer Impact Assessments (TIAs) prior to transferring personal data to third countries to evaluate the legal landscape and ensure adequate protection is maintained in practice. TIA summaries are available to Enterprise subscribers upon request.

Sub-processor Locations

Our principal sub-processors, including our cloud infrastructure provider, operate data centres in the United States. Your data is stored in the United States. Contact privacy@aibilan.com for specific data-residency information.

50. Your Data Rights & How to Exercise Them

Depending on your jurisdiction, you have some or all of the following rights over your personal data. We honour these rights without requiring you to pay a fee and without imposing unreasonable requirements.

👁
Right of Access

Know whether we hold personal data about you and receive a copy in a readable format.

✏️
Right to Rectification

Request correction of inaccurate, incomplete, or out-of-date personal data.

🗑
Right to Erasure

Request deletion of your personal data where there is no overriding legal basis for retention.

Right to Restrict

Request that we temporarily halt processing of your personal data while a dispute is resolved.

📦
Right to Portability

Receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV).

🚫
Right to Object

Object to processing based on legitimate interests or for direct marketing at any time.

🤖
Automated Decisions

Not be subject to solely automated decisions with significant legal or similarly significant effects, and to request human review.

↩️
Withdraw Consent

Withdraw consent at any time where our processing is based on consent, without affecting prior lawful processing.

How to Exercise Your Rights

RightHow to SubmitOur Response Time
Access (SAR / DSAR)Email privacy@aibilan.com with subject "Data Access Request"Within 30 days (extendable to 90 days for complex requests)
Erasure / DeletionEmail privacy@aibilan.com or use the in-app DSAR buttonWithin 30 days (subject to legal retention obligations)
RectificationUpdate via Account Settings, or email usWithin 14 days
PortabilityUse in-app data export, or email us for a full data packageWithin 30 days
Opt-out of MarketingUnsubscribe link in emails, or email privacy@aibilan.comWithin 10 business days
CCPA Opt-out (Do Not Sell)Email privacy@aibilan.comWithin 15 business days

Identity Verification

To protect your privacy, we may ask you to verify your identity before processing a rights request. We will use the minimum information necessary to confirm your identity and will not use it for any other purpose.

Complaints & Escalation

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority:

JurisdictionAuthorityWebsite
EU / EEAYour national Data Protection Authority (DPA)edpb.europa.eu/about-edpb/about-edpb/members
United KingdomInformation Commissioner's Office (ICO)ico.org.uk
United States (Federal)Federal Trade Commission (FTC)ftc.gov
California (US)California Privacy Protection Agency (CPPA)cppa.ca.gov

51. Updates to This Notice

We may update this Privacy Notice from time to time. If we make a material change, we will notify you by sending an email to the address associated with your account or by posting a prominent notice on our website and within the Services. Material changes will become effective 30 days after we post notice.

52. How to Contact Us

Privacy Email
Postal Address
Data Protection Team, Dependable Property LLC (d/b/a Bilan AI), Grayson, Georgia 30017, USA

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

53. Additional Information — EEA & UK Users

If you are in the European Economic Area ("EEA") or United Kingdom ("UK"), this section provides additional information applicable to you in relation to the personal data we process under this Notice. The sections on Controllers & Representatives and Legal Bases are particularly relevant to you.

54. Data Controller

RoleEntityAddress
Data ControllerDependable Property LLC (d/b/a Bilan AI)Grayson, Georgia 30017, United States

55. Legal Bases for Processing Personal Data

Legal BasisGDPR ArticleProcessing Activities
Contractual NecessityArt. 6(1)(b)Delivering services; managing subscriptions; communicating about your account; processing payments; providing customer support
ConsentArt. 6(1)(a)Marketing communications (where consent is required); personalised advertising; non-essential cookies; competitions and surveys
Legitimate InterestsArt. 6(1)(f)Quality assurance; security management; fraud prevention; compliance management; product improvement; analytics; managing legal claims
Legal ObligationArt. 6(1)(c)Tax and financial record-keeping; responding to legal/regulatory requests; security incident management; AML compliance

56. State-Specific Disclosures

California Residents — CCPA/CPRA

California residents have additional rights including: the right to know about personal information collected and disclosed; the right to delete personal information; the right to opt-out of the sale or sharing of personal information; the right to correct inaccurate personal information; the right to limit use of sensitive personal information; and the right to non-discrimination for exercising CCPA rights. Submit a CCPA request at privacy@aibilan.com. We do not sell your personal information.

Virginia Residents — VCDPA

Virginia residents have rights under the VCDPA including rights to access, correct, delete, and obtain a copy of their personal data, and to opt out of processing for targeted advertising, sale, or profiling.

Colorado, Connecticut, and Other US State Residents

Similar rights may apply to residents of Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with comprehensive privacy laws.