Last updated: May 7, 2026
This Privacy Policy explains how Luis Vega, a sole proprietor based in the Republic of the Philippines, doing business as "Billmux" ("Billmux", "we", "us", "our"), collects, uses, discloses, and protects personal information in connection with the Billmux mobile application, the website at billmux.com, and related services (collectively, the "Service").
Billmux is the personal-information controller for the data described in this Policy. We process personal information in accordance with the Philippine Data Privacy Act of 2012 (R.A. 10173), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission ("NPC"). Where applicable, we also honor rights granted to users by other data-protection laws (such as the EU General Data Protection Regulation and the California Consumer Privacy Act). See sections 11 and 12 below.
By using the Service, you acknowledge that you have read this Policy. Where we rely on consent as the lawful basis for processing, you signify that consent by creating an account and continuing to use the Service.
expo-secure-store). It is sent to our backend with each
request to identify you.
We use the information described above to:
We rely on the following legal bases under the Data Privacy Act:
We do not sell your personal information, share it with advertisers, or use your bill data to train machine-learning models. We share personal information only with the following categories of recipients, and only as necessary:
| Recipient | Purpose | Data |
|---|---|---|
| Google LLC (Google Sign-In) | Authenticating you when you choose "Sign in with Google" | OAuth handshake; we receive email, name, account ID |
| Apple Inc. (Sign in with Apple) | Authenticating you on iOS | OAuth handshake; we receive email (or relay), name, user ID |
| Our hosting and infrastructure providers | Operating the backend servers, PostgreSQL database, and Redis cache that run the Service | All account and bill data, encrypted in transit (HTTPS) |
| Functional Software, Inc. d/b/a Sentry | Server-side error and performance diagnostics | Backend error events (request path, stack trace; we strip email, IP, and username before sending where feasible) |
| Apple Inc. / Google LLC (push notifications) | Delivering reminder notifications to your device, if you have enabled them | Anonymous device push token and the notification payload (typically the biller name and due date) |
We may also disclose information when we believe in good faith that disclosure is necessary to (a) comply with applicable law or a valid legal request from a government authority; (b) enforce our Terms; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of Billmux, our users, or the public.
If Billmux is involved in a merger, acquisition, restructuring, or sale of assets, personal information may be transferred as part of that transaction; we will give you notice (for example, via email or an in-app notice) before your information becomes subject to a different privacy policy.
Our hosting and the third parties listed above operate servers in multiple countries, which may include locations outside the Philippines (such as the United States and the European Union). When we transfer personal information abroad, we take reasonable steps to ensure that recipients provide a comparable level of protection consistent with the Data Privacy Act, including by using providers whose terms commit to industry-standard security and contractual safeguards.
We retain personal information for as long as your account is active and as needed to provide the Service. After you delete your account, we erase or irreversibly anonymize your account and bill data from our production database. Some information may persist in:
We may retain information for longer where required by law (for example, to comply with tax, accounting, or legal-hold obligations) or where necessary to establish, exercise, or defend legal claims.
We implement reasonable and appropriate organizational, physical, and technical security measures to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These include:
No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we will notify affected users and the National Privacy Commission of any personal-data breach within the timeframes required by Philippine law.
If you are a data subject under the Philippine Data Privacy Act, you have the following rights:
To exercise any of these rights, email support@billmux.com. We will respond within a reasonable period and in any event within the time required by law. We may need to verify your identity before acting on your request.
Billmux is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe that a child under 13 has provided personal information to us, please contact us and we will take steps to delete it. Users between 13 and the age of majority in their jurisdiction may use the Service only with parental or guardian consent (see the Terms of Service, section 2).
Our marketing website (billmux.com) is a static site and does not set tracking cookies. Our backend uses only short-lived, server-issued tokens; we do not use third-party advertising or analytics cookies.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent laws give you rights similar to those listed in section 8, including the right to access, rectify, erase, restrict, and port your personal data, and to object to processing. You also have the right to lodge a complaint with your national data-protection authority.
Our lawful bases under the GDPR mirror those listed in section 3 (contract, consent, legitimate interests, and legal obligation). International transfers of your personal data outside the EEA/UK are carried out under appropriate safeguards (for example, the European Commission's Standard Contractual Clauses, where applicable).
Billmux has not designated an EU representative under Article 27 GDPR, because our processing is small-scale, occasional, and not directed at EU residents. If this changes, we will update this Policy.
If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you the right to know what personal information we collect about you, to access and delete it, to correct inaccuracies, and to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under California law, and we do not use or disclose sensitive personal information for purposes that require an opt-out right. To exercise your rights, contact support@billmux.com. We will not discriminate against you for exercising your rights.
We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date above and, where appropriate, notify you in the app or by email before the changes take effect. We encourage you to review this Policy periodically.
Billmux is operated by Luis Vega (sole proprietor), Philippines, who also serves as the contact person for personal-information matters.
Mailing address: [INSERT PHYSICAL ADDRESS]
Email:
support@billmux.com
You also have the right to lodge a complaint with the National Privacy Commission of the Philippines: 5th Floor, Philippine International Convention Center, Vicente Sotto Avenue, Pasay City; web: https://privacy.gov.ph; email: complaints@privacy.gov.ph.