Privacy Policy

Last updated: February 10, 2026

Table of Contents

1. Introduction
2. Data Controller
3. Data We Collect
4. Gmail Data & Google API Limited Use Disclosure
5. Legal Bases for Processing
6. How We Use Your Data
7. Sub-Processors & Third-Party Services
8. International Data Transfers
9. Data Retention
10. Data Security
11. Your Rights (GDPR)
12. Automated Processing
13. Children's Privacy
14. Changes to This Policy
15. Contact Us

1. Introduction

This Privacy Policy explains how The Formula AI S.r.l. collects, uses, stores, and protects your personal data when you use the Beel platform at getbeel.com. This policy is provided in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Italian Privacy Code (Legislative Decree 196/2003, as amended), and all applicable data protection legislation.

2. Data Controller

The data controller responsible for your personal data is:

3. Data We Collect

3.1 Account Information

When you create an account, we collect:

• Full name and email address (provided during sign-up or via Google OAuth)
• Profile picture (if provided by your Google account)
• Account preferences and settings

3.2 Invoice Data

• Invoice content extracted from emails or uploaded files (vendor names, amounts, dates, line items, tax information)
• Uploaded invoice documents (PDF, images)
• Metadata associated with invoices (tags, categories, notes you add)

3.3 Payment Data

• Subscription plan and billing cycle
• Payment history and invoice records
• Payment method details are processed and stored exclusively by Stripe; we do not have access to your full credit card number

3.4 Usage Data

• Browser type, operating system, and device information
• IP address and approximate geolocation
• Pages visited, features used, and interaction patterns
• Aggregated, anonymous analytics via Simple Analytics (no personal data collected, no cookies used, no tracking across sites)
• Cookies and similar technologies (see our Cookie Policy)

4. Gmail Data & Google API Limited Use Disclosure

When you connect your Gmail account to Beel, we request read-only access to your email messages via the gmail.readonly scope. This section describes exactly how we handle your Gmail data.

4.1 What We Access

• Email message content, subject lines, and sender information — solely to identify and extract invoice-related data
• Email attachments that appear to be invoices (PDF, image files)

4.2 What We Do NOT Do

• We do not read, store, or process emails unrelated to invoice extraction
• We do not send emails on your behalf or modify your emails
• We do not access your contacts, calendar, or any other Google service
• We do not sell, rent, or share your Gmail data with third parties
• We do not use your Gmail data for advertising, market research, or serving ads

4.3 Google API Services User Data Policy Compliance

Beel's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we comply with the following Limited Use restrictions:

• Use limitation: We only use Gmail data to provide and improve the invoice extraction features visible in Beel's user interface.
• No transfer for ads: We never transfer Gmail data to third parties for advertising, data brokering, or credit assessment purposes.
• No unauthorized human access: No employee or contractor reads your email content unless you provide explicit affirmative consent to view a specific message, or it is necessary for security or legal compliance.
• No generalized AI/ML training: We never use your Gmail data to train generalized or non-personalized artificial intelligence or machine learning models.

4.4 Revoking Gmail Access

You can disconnect your Gmail account at any time through your Beel account settings, or by visiting your Google Account permissions page. Upon disconnection, we will stop accessing your Gmail. Already extracted invoice data will remain in your Beel account unless you request its deletion.

5. Legal Bases for Processing (GDPR Art. 6)

6. How We Use Your Data

• Service delivery: To provide, maintain, and improve the Beel platform, including invoice extraction, parsing, and organization features.
• Authentication: To verify your identity and manage your account securely.
• Communication: To send you service-related notifications (e.g., subscription updates, security alerts) and respond to support requests.
• Analytics: To understand usage patterns and improve the user experience using aggregated, anonymized data.
• Billing: To process payments, manage subscriptions, and generate billing records.
• Legal compliance: To comply with applicable laws, regulations, and legal processes.

We do not use your personal data for profiling, targeted advertising, or selling to third parties.

7. Sub-Processors & Third-Party Services

We use the following sub-processors to operate Beel. Each processes data in accordance with their own privacy policies and our data processing agreements:

8. International Data Transfers

Some of our sub-processors are based in the United States. Where your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

• EU-US Data Privacy Framework: Where the sub-processor is certified under the EU-US Data Privacy Framework (e.g., Google, Stripe).
• Standard Contractual Clauses (SCCs): We enter into SCCs approved by the European Commission with sub-processors that are not covered by an adequacy decision.

9. Data Retention

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption in transit (TLS/HTTPS) and at rest
• Row-level security (RLS) policies enforcing per-user data isolation
• Secure authentication via OAuth 2.0 and session tokens
• Regular security assessments and access controls
• Principle of least privilege for internal team access
• Secure infrastructure hosted on SOC 2 compliant platforms

11. Your Rights (GDPR)

As a data subject under the GDPR, you have the following rights:

To exercise any of these rights, contact us at info@theformulaai.com. We will respond within 30 days as required by law. If we need additional time, we will inform you of the extension and the reasons within the initial 30-day period.

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at www.garanteprivacy.it.

12. Automated Processing

Beel uses automated systems to extract invoice data from your emails and uploaded documents. This includes identifying vendor names, amounts, dates, line items, and tax information using pattern recognition and machine learning.

This automated processing is performed solely to provide the core features of the Service. It does not produce legal effects or similarly significant effects on you as described under GDPR Article 22. You should always verify extracted invoice data before relying on it for accounting or tax purposes.

13. Children's Privacy

Beel is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at info@theformulaai.com.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Post the updated policy on this page with a new "Last updated" date
• Notify registered users via email for significant changes

Your continued use of Beel after changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.

15. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about our data practices, please contact us: