Privacy Policy

1. Scope and Applicability

This Privacy Policy applies to:

• Users located in India, under the Digital Personal Data Protection Act, 2023 (DPDP Act) and IT Act, 2000;
• Users in the European Union, under the General Data Protection Regulation (GDPR);
• Users in California, under the California Consumer Privacy Act (CCPA); and
• Any other user who accesses our website or services globally.

2. Information We Collect

A. Personal Information

When you register or use our services, we collect:

• Full name
• Email address
• Company name, business address, and GST or tax ID (if applicable)
• Payment or billing information (processed securely via payment partners)
• Account credentials (hashed passwords only)

B. Invoice Data

To help you generate and manage invoices, we collect data you input, including:

• Client or customer information (names, addresses, contact details)
• Invoice descriptions, amounts, tax rates, and payment due dates

C. Automatically Collected Data

When you visit our site, we automatically collect:

• IP address, browser type, operating system
• Device information
• Pages visited, time spent, and referral URLs
• Cookies and tracking identifiers

3. Purpose of Data Collection

We collect and process your data to:

• Operate and maintain the invoice generation platform
• Allow you to create, download, and manage invoices
• Send transaction-related or service-related notifications
• Improve website performance and user experience
• Prevent fraud, unauthorized access, and security threats
• Comply with legal obligations (such as tax and audit requirements)

4. Legal Basis for Processing (GDPR Compliance)

For users in the European Economic Area (EEA), we process data based on the following legal grounds:

• Performance of a Contract: To provide our invoice services.
• Consent: For email communications or marketing (you may withdraw consent anytime).
• Legal Obligation: To comply with applicable tax, accounting, or anti-fraud laws.
• Legitimate Interest: To enhance and secure our platform.

5. Data Sharing and Disclosure

However, we may share data with:

• Trusted Service Providers: Cloud storage, payment gateways (e.g., Razorpay, Stripe), and analytics providers.
• Regulatory Authorities: If required by law or government order.
• Business Transfers: In case of merger, acquisition, or restructuring.

All third parties are contractually bound to follow strict data protection standards.

6. International Data Transfers

Your data may be transferred to servers located outside your country (e.g., to the United States, EU, or Singapore) for secure processing. We ensure such transfers comply with applicable data protection laws through standard contractual clauses or other approved mechanisms.

7. Data Security

We implement industry-standard security measures including:

• SSL/TLS encryption for data transmission
• Secure cloud hosting with restricted access
• Regular vulnerability assessments and backups

While we strive to protect your data, no system is completely secure. You acknowledge this risk by using our Service.

8. Data Retention

We retain your personal and invoice data for as long as necessary to:

• Provide ongoing access to your invoices,
• Comply with tax, legal, or regulatory obligations, and
• Resolve disputes.

Upon request, we will delete or anonymize your data unless retention is legally required.

9. Your Rights

For Indian Users (DPDP Act):

You have the right to:

• Access your personal data
• Request correction or deletion
• Withdraw consent
• Lodge a grievance with the Data Protection Board of India

For EU Users (GDPR):

You have the right to:

• Access and obtain a copy of your data
• Request rectification or erasure
• Restrict or object to processing
• Data portability
• Withdraw consent anytime

For California Users (CCPA):

You have the right to:

• Know what data we collect and how it's used
• Request deletion of your data
• Opt-out of data sharing (we do not sell data)