GDPR compliance at AsanBill
The General Data Protection Regulation (GDPR) is the European Union’s data-protection law. It took effect on 25 May 2018 and applies to any organisation that processes the personal data of people in the EU and the European Economic Area (EEA), wherever that organisation is based.
AsanBill serves traders and businesses across borders, so this statement explains how we handle personal data in line with the GDPR — what we collect, why, the lawful bases we rely on, how data moves between countries, and the rights you can exercise at any time.
Who this statement is for
This statement applies to visitors to asanbill.com and to customers of the AsanBill platform who are located in the EU or EEA. It also reflects the standard we apply to personal data more generally, across every market we serve.
Who we are and our role
AsanBill operates an invoicing and export-documentation platform for cross-border trade, and, through AsanBill Solutions, builds custom software for companies, NGOs, governments, and organisations.
For the account and website data we collect directly from you, AsanBill acts as the data controller. For the business data you enter into the platform — your own invoices, customers, items, and export documents — you are the controller and AsanBill acts as your data processor, handling that data on your instructions and under our terms.
The data we collect
Depending on how you use AsanBill, we may process:
Account information: Your name, email address, phone number, company details, and billing address, provided when you register or manage your account.
Business and invoicing data: The invoices, estimates, quotations, customers, items, and export documents you create in the platform, which may include personal data about your own customers and contacts.
Payment information: Your billing details and the record of your payments and plan. Card and payment credentials are handled by our payment providers and are not stored by AsanBill.
Usage and technical data: IP address, browser and device information, and how you interact with the site and app, collected to keep the service secure and working.
Communications: Messages, support requests, and their content when you contact us.
Why we process your data, and our lawful bases
Under the GDPR we only process personal data when we have a lawful basis. We rely on:
Performance of a contract: To create and manage your account, provide the platform, generate invoices and documents, and take payment for your plan.
Legitimate interests: To keep the service secure, prevent fraud and abuse, maintain audit and email logs, and improve how AsanBill works — balanced against your rights.
Legal obligation: To meet accounting, tax, and other legal requirements that apply to us.
Consent: For optional communications, such as product updates, where we ask for it. You can withdraw consent at any time.
International data transfers
AsanBill operates across borders — including Afghanistan, Iran, Türkiye, and international markets — so personal data may be transferred to and processed in countries outside the EU/EEA.
Where we transfer personal data internationally, we put appropriate safeguards in place, such as the European Commission’s Standard Contractual Clauses, and we take steps to ensure the data continues to be protected to GDPR standards.
How long we keep your data
We keep personal data only for as long as we need it to provide the service, meet our legal and accounting obligations, and resolve disputes.
When you close your account, we delete or anonymise your personal data within a reasonable period, except where we are required to retain certain records by law.
Service providers and sub-processors
To run the platform we rely on a small number of trusted service providers, who process data only on our instructions. These fall into categories such as:
Cloud hosting and infrastructure: To host the application and store your data securely.
Payment processing: To take subscription payments and handle billing.
Exchange-rate data: To provide the live FX rates used in multi-currency invoicing.
Email and communications: To send transactional emails, such as invoices and account notifications.
We keep a current list of our sub-processors and make it available on request.
Your rights
If you are in the EU or EEA, the GDPR gives you the right to:
Access: Obtain a copy of the personal data we hold about you.
Rectification: Correct data that is inaccurate or incomplete.
Erasure: Ask us to delete your personal data, where the law allows.
Restriction: Ask us to limit how we use your data.
Portability: Receive your data in a portable, machine-readable format.
Objection: Object to processing that is based on our legitimate interests.
Withdraw consent: Withdraw consent at any time, where we relied on it.
Complain: Lodge a complaint with your local data-protection supervisory authority.
Where AsanBill acts as a processor for your business data, we will help you respond to requests from your own customers.
How to exercise your rights
You can view and update much of your account information at any time from your dashboard.
To exercise any of the rights above, request a data export, or ask a question about how we handle your data, contact us at privacy@asanbill.com. We will respond within the timeframes required by the GDPR.
Changes to this statement
We may update this statement as our platform and legal obligations evolve. When we make material changes, we will update this page and, where appropriate, notify you.
Questions about your data?
Reach out and our team will help you understand and exercise your rights.



