How bill data is handled
Sensitive bills require conservative defaults: ephemeral raw files, minimal fields, and clear disclosure.
Raw files are ephemeral
Uploaded PDFs, images, and forwarded email attachments are processed for extraction and are not stored permanently by default. Production integrations should process in memory or temporary storage, then delete immediately after extraction.
Minimal extracted data
The product stores only fields needed to compare bills and provide reminders. We prefer zipcode/postcode over full address and account-number last four digits over complete account numbers.
Aggregated comparisons
Regional comparison insights should only be shown when enough anonymized data exists to avoid exposing an individual user.
No MVP affiliate bias
Affiliate revenue is out of scope for the MVP. If provider revenue is added later, recommendations must disclose it clearly.