Privacy Policy

1. Who We Are (Data Fiduciary)

For the purposes of India's Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Data Fiduciary is:

• TradeCrest Technologies Private Limited
• CIN: U62099UP2026PTC247501
• Registered Office: 529, Harsewakpur No 2, Harsewakpur, Jangle Dhushar, Sadar, Gorakhpur – 273014, Uttar Pradesh, India
• Data Protection Contact: privacy@shopbillpro.in

2. What Data We Collect

2.1 Account & Identity

• Name, email, phone number, password (hashed)
• Shop name, business type, GSTIN (if you provide one)
• Address, city, state, pincode

2.2 Operational Data You Create in the App

• Bills, invoices, receipts you generate
• Customer records (names, phone numbers, balances) you add
• Products, stock, prices, photos
• Sales reports, GST returns, financial summaries

2.3 Technical Data (collected automatically)

• Device type, browser, operating system
• IP address, approximate location (city-level)
• Usage events (which pages/features you visit) — via PostHog analytics
• Crash logs and error reports (if you opt in)

2.4 Payment Data

When you subscribe, payment is processed by Razorpay. We do not store your card or UPI credentials. We only receive a transaction ID and amount.

3. How We Use Your Data

We process personal data only for these specified, lawful purposes (DPDP Act §4):

• To provide the Service — create your account, run billing, sync data, send bills via WhatsApp.
• To bill you — process subscription payments, issue invoices.
• To support you — respond when you contact us.
• To improve the Service — analyse aggregate usage, fix bugs.
• To comply with law — respond to legal requests, enforce our Terms.
• To communicate — send service updates, security notices, and (with your consent) product news.

4. Lawful Basis (Consent)

We process your personal data based on:

• Your consent at signup (you tick the box agreeing to this Privacy Policy);
• Legitimate use for fulfilling the contract you have with us (delivering ShopBill Pro);
• Legal obligation for tax records, fraud prevention, regulatory cooperation.

You can withdraw consent at any time by writing to privacy@shopbillpro.in. Withdrawal does not affect prior lawful processing.

5. Who We Share Data With (Subprocessors)

We share data only with the third-party services we need to operate ShopBill Pro:

We do not sell your personal data to anyone, ever. We do not share it with advertisers.

6. Data Storage & Cross-Border Transfer

Your data is primarily stored in Supabase Singapore (ap-southeast-1 region), with edge caching via Vercel's global CDN. PostHog analytics are stored in the USA. By using ShopBill Pro you consent to this cross-border transfer, which we make under appropriate contractual safeguards as permitted by §16 of the DPDP Act.

7. How Long We Keep Your Data

• Active accounts: as long as your account exists.
• Cancelled accounts: deleted 30 days after cancellation, except for billing records (kept 8 years for GST & Income Tax compliance).
• Backups: rolling 30-day retention, then permanently deleted.
• Audit logs: kept 1 year for security investigations.

8. Your Rights Under the DPDP Act

As a Data Principal, you have the right to:

• Access — request a copy of your personal data we hold.
• Correction — request correction of inaccurate or incomplete data.
• Erasure — request deletion of your data (subject to legal retention obligations).
• Withdraw consent — at any time, with future effect.
• Nominate — appoint another individual to exercise these rights on your behalf in case of death or incapacity.
• Grievance redressal — file a complaint with our Data Protection Contact (below). If unresolved, you may approach the Data Protection Board of India.

To exercise any right, write to privacy@shopbillpro.in. We respond within 30 days.

9. Security

We protect your data with:

• HTTPS/TLS encryption in transit (everywhere)
• AES-256 encryption at rest (database disk)
• Hashed passwords (bcrypt/scrypt)
• Encrypted secrets (pgcrypto for sensitive credentials)
• Row-Level Security on every table — your shop's data is invisible to other shops
• Server-side authorisation on every API call
• Daily automated backups
• Mandatory 2FA on all admin accounts

If a breach occurs that is likely to result in significant harm, we will notify you and the Data Protection Board of India within the time required by §8(6) of the DPDP Act.

10. Children

ShopBill Pro is a business tool not directed at children under 18. We do not knowingly collect data from children. If you believe a child has provided us data, write to privacy@shopbillpro.in and we will delete it.

11. Cookies & Tracking

We use:

• Essential cookies — required for login, session management. Cannot be disabled.
• Analytics — PostHog uses a first-party identifier to measure aggregate usage. You can opt out at any time in Settings → Privacy → Analytics.
• localStorage — used to cache UI preferences (language, theme) and offline data.

We do not use third-party advertising cookies or trackers.

12. Customer Data You Process Through ShopBill Pro

When you add your customers (their names, phone numbers, addresses) to ShopBill Pro to issue them bills, you are the Data Fiduciary for that data and we are your Data Processor. You are responsible for telling your customers how you handle their data and for having a lawful basis to process it.

13. Changes to This Policy

We may update this Privacy Policy. Material changes will be notified by email and via in-app notice at least 14 days before they take effect.

14. Grievance & Contact

Data Protection Contact: privacy@shopbillpro.in

You may also write to: TradeCrest Technologies Pvt. Ltd., 529, Harsewakpur No 2, Harsewakpur, Jangle Dhushar, Sadar, Gorakhpur – 273014, Uttar Pradesh, India.

If your grievance is not resolved to your satisfaction, you may approach the Data Protection Board of India as constituted under §18 of the DPDP Act.