Security at Billit

Our focus on Compliance & Trust

Billit takes security very seriously—Clients trust us with their data. We use a combination of enterprise-class security features and comprehensive audits of our applications, systems, and networks to ensure that your data is always protected, which means every customer can rest easy.

Billit - Security & Trust


We are committed to ensuring the privacy of your data. We’re further committed to preventing unauthorized access to that data. Our Privacy & Cookie Policy and Data Processing Agreement details what data is collected from our customers, how we use it, and how it is stored.


Our customers trust us with critical data contained within their finances and related to their business efforts. We work hard to ensure every bit of data is safe and protected.

  • All commits go through mandatory code and security review, along with examination by static analysis.
  • Our architecture implements safe-by-default principles to consolidate user input, authorization, and business logic.
  • All data access and mutation goes through a framework utilizing strong typing and parameterization to eliminate SQL Injection attacks, as well as enforcing the presence of an anti-CSRF token prior to any data mutation.
  • We utilize a strict Content Security Policy and a safe-by-default templating language to effectively neutralize Cross-Site Scripting (XSS).
  • We encrypt all network communications with SSL/TLS accompanied HTTP Strict Transport Security (HSTS), including being HSTS preloaded in most major browsers.
  • All requests pass through multiple rate-limiting methods to protect against brute-force attacks.
  • We don't store passwords; we store hashes
  • Two-factor authentication is available to further restrict access to accounts.
  • Role-based access control allows for granular permissions for team members.


We provide our users with a service, and they look to us to ensure we have adequate internal controls over our systems and their data. Therefore we engage ourselves to stay compliant by gaining important certifications.


We believe in transparency when it comes to our platform uptime, incidents, and service level agreements, details of which are available on our status page.

We go for 99.99% uptime.

e-Archiving standards

Important information should be kept accessible and reusable for years to come, regardless of the system used to store it.

These standards are respected by Billit when it comes to e-archiving:


Specific .XML structure

We ensure that our e-archive follows a specific .XML structure, dividing it into "information packages" that act as containers for storing one or more objects, such as e-invoices, or their related metadata. At Billit, we store all invoices as UBL + PDF.


Metadata archiving

All the necessary metadata related to the documents, such as e-invoices, is meticulously e-archived. 


Search Capabilities

To facilitate easy retrieval of information from the e-archive, we have implemented a robust search function. Users can conveniently download information based on criteria such as company name, VAT number, fiscal code, date, or other relevant information. Billit provides state-of-the-art search capabilities.


EU Server location

Billit operates on ISO 9001, ISO 27001, and NEN 7510 certified servers based in the EU. These servers are notified and to the local tax-authorities and meet local technical and tax rules related legislation where necessary (e.g. Italian tax authorities for the SDI network.)


Legal compliancy

We ensure full online access to tax authorities upon their request as necessary to comply with applicable laws or regulations. We may share data with regulators, law enforcement bodies, government agencies, courts, or other relevant third parties as necessary to comply with applicable laws or regulations, or to exercise, establish, or defend our legal rights, where possible and appropriate.



Our documents are designed to be easily printable and portable to any computer device without unnecessary delays. At Billit, we empower our users to download their documents (PDF and xml) whenever they need them.


Instant e-archiving process

Most authorities require the e-archiving process be completed within three months from the deadline of the relevant return by affixing a time stamp token on the e-archiving package. Billit completes the process instantly and has the data staying instantly available in the platform for the user.