Privacy Policy

We collect different types of information to provide and improve our Service:

a) Information you provide directly

• Account information: When you sign in with Google, we receive your name, email address, and profile picture from Google OAuth.
• Business details: Business name, GSTIN number, address, phone number, email, and business logo that you enter in your settings.
• Client data: Names, GSTIN numbers, addresses, phone numbers, and email addresses of your customers that you save for invoice creation.
• Invoice data: Line items, descriptions, quantities, rates, GST rates, and totals for each invoice you create.

b) Information collected automatically

• Usage data: Pages visited, features used, number of invoices created, and general interaction patterns with our Service.
• Device information: Browser type, operating system, screen resolution, and device type (mobile/desktop).
• Cookies: We use essential cookies to maintain your authentication session. We do not use tracking or advertising cookies.

c) Payment information

• Subscription payments are processed by Razorpay. We do not store your credit card, debit card, or UPI details. Razorpay handles all payment information securely under their own privacy policy. We only store your Razorpay subscription ID to track your plan status.

We use the information we collect to:

• Provide our Service: Create and store your GST invoices, manage your clients, and generate PDF documents.
• Authenticate your account: Verify your identity through Google OAuth and maintain your session.
• Process subscriptions: Manage your free trial and paid subscription through Razorpay.
• Improve the Service: Understand usage patterns to make InvoiceGPT faster, simpler, and more useful.
• Communicate with you: Send important updates about your account, service changes, or security notices.
• Comply with legal obligations: Retain records as required by Indian tax and business regulations.

We do not use your data for advertising, profiling, or selling to third parties. Your business data is used solely to deliver the Service to you.

• Database: Your data is stored in a secure PostgreSQL database hosted on Supabase, which provides enterprise-grade security, encryption at rest, and encryption in transit (TLS/SSL).
• File storage: Business logos are stored on Supabase Storage with access controls ensuring only authenticated users can upload or access their own files.
• Authentication: We use NextAuth.js with JWT-based sessions. Passwords are never stored — authentication is handled entirely through Google's OAuth 2.0 protocol.
• Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS (TLS 1.2+).
• Access control: Your invoices, client data, and business details are only accessible to your authenticated account. No other user can view or modify your data.

While we implement industry-standard security measures, no system is 100% secure. We continuously monitor and improve our security practices.

We do not sell, rent, or trade your personal information to any third party. We share data only in the following limited circumstances:

• Google (Authentication): We use Google OAuth for sign-in. Google receives standard authentication requests but does not have access to your invoice or business data stored in InvoiceGPT.
• Razorpay (Payments): When you subscribe to a paid plan, your payment is processed by Razorpay. We share your email and subscription plan details with Razorpay to create and manage your subscription.
• Supabase (Infrastructure): Your data is hosted on Supabase servers. Supabase acts as a data processor and does not use your data for any purpose other than providing hosting services.
• Legal requirements: We may disclose your information if required by law, court order, or government regulation applicable in India.

We never share your client list, invoice details, revenue figures, or GSTIN information with any third party for marketing or commercial purposes.

• Account data: We retain your account and business data for as long as your account is active.
• Invoices: Your invoices are retained indefinitely while your account exists, so you always have access to your billing history.
• Deleted accounts: If you request account deletion, we will permanently delete all your personal data, business information, invoices, and client data within 30 days of your request.
• Backups: Automated database backups may retain deleted data for up to 30 additional days before being permanently purged.

As a user of InvoiceGPT, you have the right to:

• Access your data: View all personal data we hold about you through your account settings and dashboard.
• Update your data: Edit your business details, client information, and profile at any time.
• Export your data: Download your invoices as PDF documents at any time.
• Delete your data: Request complete deletion of your account and all associated data by contacting us.
• Withdraw consent: You can stop using the Service at any time. Revoking Google OAuth access will prevent future sign-ins.

We use only essential cookies required for:

• Authentication: Maintaining your sign-in session so you don't have to log in on every page.
• Security: CSRF protection tokens to keep your account safe.

We do not use advertising cookies, analytics cookies, or third-party tracking scripts. Your browsing activity on InvoiceGPT is not shared with advertisers.

Our Service integrates with the following third-party providers. Each has their own privacy policy governing your data:

InvoiceGPT is designed for business use and is not intended for children under 18 years of age. We do not knowingly collect personal information from minors. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. When we make significant changes, we will notify you by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

If you have any questions about this Privacy Policy, your data, or wish to exercise your rights, please contact us: