Security

Secure handling of receipts, upload links and firm data.

BilagPilot is not an open file area. Firm users must log in, clients use scoped upload links, and files are kept private.

How BilagPilot protects receipts and upload links

BilagPilot is built for a scoped workflow: the firm requests missing documentation, the client uploads through a link, and the firm tracks status and activity. Security is based on private file storage, login for firm users, firm isolation and technical validation of uploads.

Private files

Uploaded receipts are stored in private Supabase Storage and downloaded through authenticated, time-limited links.

Scoped upload links

Client links use random tokens. The token is stored as a hash, can be rotated and expires after the selected number of days.

Firm isolation

Database policies and server routes scope data to the signed-in firm for clients, requests, files, reminders and activity.

Traceable activity

BilagPilot logs created requests, opened links, uploads, reminders, status changes and completion.

Restricted uploads

The upload page limits file type, file size, number of files and number of upload attempts.

Deletion and archive

Client data can be archived or deleted operationally when a client relationship ends, in line with privacy and agreement terms.

Where is data stored?

BilagPilot uses Supabase for authentication, sessions, database and private file storage. Uploaded receipts are stored in private storage and retrieved through controlled server routes and time-limited signed links.

The app runs on Vercel, and technical logs, analytics and performance data can be processed there. Payments, email, SMS, Fiken integration and lookups go through relevant subprocessors when those features are used. Some subprocessors may process personal data outside Norway or the EEA; valid transfer mechanisms are used when required.

What can the client see with an upload link?

The upload link normally does not require an account. Anyone with a valid link can open a limited upload page for the relevant request.

  • The firm name and the client name the request concerns.
  • Period, firm message and requested receipt items.
  • Any notes and comments the firm has added.
  • Fields for uploading files and adding a comment.

The link is therefore a sensitive access link. It should not be shared more broadly than necessary, and it is not a secure identity check of the person uploading.

Access for firm users

Firm users log in with Supabase Auth. Data is tied to firm membership, and database policies scope clients, requests, files, reminders, Fiken data and activity logs to the correct firm.

Admin can manage users, while the accountant role can use the operational workflow without access to user administration and billing. Server routes check membership, role and active subscription before operations are completed.

Subprocessors

BilagPilot uses subprocessors when necessary to deliver the service. This can include Supabase, Vercel, Stripe, Resend, GatewayAPI, Fiken, the Brønnøysund Register Centre/Entity Register and Bring.

Which vendors actually process data depends on which features the firm uses, for example payments, email, SMS, Fiken transfer or address and company lookups.

Deletion, archive and export

BilagPilot helps the firm collect and follow up receipts, but it is not the client's official receipt archive. The firm should export or transfer required documentation to the accounting system or its own archive where required.

After a subscription ends, client data is normally deleted or anonymized within 90 days, unless continued retention is necessary for accounting, billing, legal claims, security, statutory obligations or ordinary backup rotation. Deleted clients may first be deactivated or hidden through soft delete.

Controller and processor

When the firm enters information about its own clients, employees, suppliers or other people, the firm is normally the controller. The firm must then have a lawful basis, provide necessary information and ensure the information is relevant.

Bjorvand Solutions is the processor for such information when it is processed to deliver BilagPilot to the firm. Bjorvand Solutions is the controller for its own purposes such as account, payment, customer administration, security, support, analytics and marketing aimed at its own customers and users.

Security questions

Send security questions, reports of possible misconfiguration or suspected security incidents to kevin@bilagpilot.no. Include the time, affected account or link and what you observed where relevant. Do not send receipts or unnecessary personal data by email unless agreed.