OVERVIEW
Protecting your data and the reliability of our systems is a top priority for Billyr. The following points describe the current status of our technical and organizational measures — they are not individual contractual SLA or certification commitments, unless expressly agreed.
Infrastructure and Region
We rely on providers that enable hosting within the European Union. Computing resources are preferably located in the Frankfurt (eu-central-1) region — e.g. Vercel, Supabase. Providers are used — where required — with data processing agreements and appropriate technical/organizational measures.
Transport and Access Security
- TLS/HTTPS for data transmission between browser and services, enforced by the platform.
- Access controls in development and production environments based on least-privilege principle (only necessary permissions).
- Code and configuration status via Git (e.g. GitHub) with traceable changes in development.
Data
Persistent customer data is stored in the EU region of the application configuration. Backups and deployment are set up for technical necessity and for the purposes described in the privacy policy.
Ongoing Development
We continuously improve processes (dependencies, updates, monitoring). Public listing of certifications happens only when they are demonstrably available — we don't claim certificates we haven't earned.
Reporting Security Vulnerabilities
If you notice possible vulnerabilities, please contact us with a brief description without public exploit details at hi@billyr.ai with subject 'Security Billyr'. We aim for a timely review and response. No bug bounty program is currently available.
As of: April 2026