Privacy Policy
This Privacy Policy explains how [LEGAL ENTITY NAME] ("we", "us"), the operator of GSTInvoice2GSTR1 (the "Service"), collects, uses, and protects your information. We process personal data in accordance with India's Digital Personal Data Protection Act, 2023 (DPDP).
1. Information we collect
- Account information: when you sign in with Google, we receive your email address and a Google account identifier.
- Invoice files you upload: the PDF and image files you submit for conversion. These are processed to extract invoice data and are not stored on our servers after processing.
- Payment records: when you purchase page credits, our payment processor records the transaction. We store a payment reference, amount, and credits purchased. We do not store your card or bank details.
- Usage data: your page-credit balance and basic technical logs needed to run the Service.
2. How we use your information
- To provide the Service: read your invoices and generate your GSTR-1 working file.
- To manage your account, page credits, and purchases.
- To provide support and respond to your requests.
- To maintain security and meet legal and accounting obligations.
3. Service providers (data processors)
We use trusted third parties to operate the Service. Your data may be processed by them, including outside India:
- Google — sign-in / authentication.
- Anthropic — reads your uploaded invoice to extract the data fields.
- Supabase — authentication and the database storing your account and credits.
- Razorpay — payment processing.
- Vercel — website hosting.
4. Data retention
Uploaded files are processed in memory and not retained after your conversion completes. Account and payment records are kept while your account is active and as required for legal and accounting purposes.
5. Your rights
Under the DPDP Act you may request access to, correction of, or erasure of your personal data. You can delete your account at any time from the Account page, which removes your login and remaining credits (past payment records are retained in de-identified form for accounting). To exercise other rights, contact us at [SUPPORT EMAIL].
6. Security
We use industry-standard measures to protect your data, including encrypted connections and access controls. No method of transmission is 100% secure, but we work to protect your information.
7. Cookies
We use only essential cookies/local storage needed to keep you signed in. We do not use advertising cookies.
8. Grievance Officer
In accordance with applicable law, our Grievance Officer is [NAME], reachable at [SUPPORT EMAIL], [PHONE].
9. Contact
[LEGAL ENTITY NAME], [REGISTERED ADDRESS]. Email: [SUPPORT EMAIL].