Privacy Policy
Welcome to Billvil ("Application", "we", "us", or "our"). We are committed to protecting your privacy and ensuring your personal data is handled securely. This Privacy Policy explains how we collect, use, process, and protect your personal data when you use our application.
This policy is designed to comply with the Digital Personal Data Protection Act, 2023 (DPDPA) of India and the requirements for Google API Services.
1. Information We Collect
We collect only the minimum personal data necessary to provide and improve our services to you.
A. Data Collected via Google OAuth (Single Sign-On)
When you choose to sign in using your Google account, we access the following information via the Google API:
- Primary Email Address: To create your account, manage your subscription, and send important service notifications.
- Profile Information (Name and Profile Picture): To personalize your user experience within the Application.
We do not request access to your Google Workspace data (like Gmail contents, Google Drive files, or Calendar) unless explicitly requested through a separate consent flow for specific features.
B. Data Collected Directly from You
- Mobile Number: Collected during sign-up for account security (OTP verification) and essential service communications.
- Business Details: Such as company name (if provided) for your profile and invoice processing.
- Invoice Data: Information extracted from the invoices you upload to the Application. Note: As a "Data Fiduciary," we process this data strictly for the purpose of providing you the extraction and analysis service.
2. Notice and Consent (Under DPDP Act)
By using Billvil and signing in, you consent to the processing of your personal data for the specified purposes outlined in this policy.
- Free Consent: Your consent is voluntary. You may choose not to use Google Sign-In or provide your phone number, though this may prevent you from using certain core features.
- Specific Purpose: Your data will only be used for the purposes explicitly stated in Section 3.
- Withdrawal of Consent: You have the right to withdraw your consent at any time. Withdrawal will not affect the legality of processing based on consent before its withdrawal.
3. How We Use Your Information
We use the collected information for the following specific purposes:
- Authentication & Security: To securely verify your identity (via Google or OTP) and prevent unauthorized access.
- Service Delivery: To provide the core functionalities of Billvil, including invoice data extraction and reporting.
- Account Management: To manage your license, subscription, and provide customer support.
- Communication: To send essential service updates, security alerts, and verification codes.
Google API Services User Data Policy
Billvil's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
4. Data Sharing and Disclosure
We do not sell, rent, or trade your personal data. We may share data only under the following circumstances:
- Service Providers (Data Processors): We use trusted third-party services (like Supabase for database hosting and authentication) who process data on our behalf. They are bound by strict data processing agreements.
- Legal Requirements: If required by law, court order, or government authority in India.
5. Data Security and Retention
- Security Measures: We implement robust technical measures, including encryption in transit (HTTPS) and at rest (database encryption), and strict access controls (PIN protection, session expiry) to protect your data from unauthorized access, alteration, or loss.
- Data Retention: We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy or to comply with legal obligations. If you delete your account, your personal data will be erased within a reasonable timeframe, subject to legal requirements.
6. Your Rights (Under DPDP Act)
As a Data Principal under the DPDP Act, you have the following rights:
- Right to Access: Request a summary of your personal data being processed by us.
- Right to Correction & Erasure: Request correction of inaccurate data or deletion of your data when it is no longer required for its purpose.
- Right of Grievance Redressal: Avenues to register complaints regarding the handling of your data.
- Right to Nominate: Nominate another person to exercise your rights in the event of death or incapacity.
7. Compliance with the DPDP Act, 2023
We act as a Data Fiduciary regarding the personal data you provide for your account creation. We adhere to the core principles of the DPDPA:
- Lawful, fair, and transparent processing based on valid consent.
- Purpose limitation (data used only for agreed purposes).
- Data minimization and accuracy.
- Ensuring reasonable security safeguards.
- Notifying users and the Data Protection Board of any personal data breaches.
8. Updates to this Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of any significant changes via email or an in-app notice.
9. Contact Us & Grievance Officer
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact our designated Grievance Officer:
Email: Grievance@billvil.com
Website: https://billvil.com
(We will acknowledge your request within 24 hours and aim to resolve it within 15 days).