Privacy Policy

Account information — When you register, we collect your business name, email address, and a hashed version of your password (we never store your password in plain text).

Business and GST data — To generate invoices, we collect and store your GSTIN, PAN number, business address, bank details, logo, and signature image that you provide in Settings.

Customer data — We store names, email addresses, phone numbers, GSTIN numbers, and addresses of your customers as you enter them.

Invoice and transaction data — We store all invoices, line items, payment records, and related financial data you create through the Service.

Usage data — We collect basic usage information such as pages visited, actions taken, and error logs to help us improve the Service. This does not include the content of your invoices or customer data.

• To provide, operate, and maintain the Service
• To generate GST-compliant invoices and reports on your behalf
• To send transactional emails such as password reset links
• To enforce our Terms of Service and prevent fraud or abuse
• To respond to your support requests
• To improve the Service through analysis of aggregated, anonymised usage data

We do not sell, rent, or share your personal or business data with third parties for marketing purposes.

Your data is stored in a secure PostgreSQL database. All data is transmitted over HTTPS. Passwords are hashed using bcrypt with a strong salt before storage — we have no ability to recover your original password.

Images you upload (logo, signature) are stored as encrypted data in our database, not on a public file server.

We implement rate limiting, authentication tokens, and access controls to protect your account from unauthorised access.

We use a limited number of trusted third-party providers to operate the Service:

• Database hosting — Your data is stored on a managed PostgreSQL service with encryption at rest.
• Application hosting — The Service is hosted on a cloud platform with industry-standard security certifications.
• Email delivery — Transactional emails (password resets, notifications) are sent via a third-party email API. Only the email address and content necessary to deliver the message are shared.

Each provider is contractually bound to process your data only for the purposes we specify and in accordance with applicable data protection laws.

We retain your data for as long as your account is active. If you close your account, your data is retained for 30 days to allow for recovery in case of accidental deletion, then permanently deleted.

You may request an export of your data at any time by contacting us at support@gstmint.in.

You have the right to:

• Access — Request a copy of the personal data we hold about you
• Correction — Update or correct inaccurate data via the Settings page or by contacting us
• Deletion — Request deletion of your account and all associated data
• Portability — Request your data in a machine-readable format
• Objection — Object to processing of your data in certain circumstances

To exercise any of these rights, contact us at support@gstmint.in. We will respond within 30 days.

We use a single secure, HTTP-only session cookie to keep you signed in. This cookie does not track you across other websites and is deleted when you sign out or when the session expires.

We do not use advertising cookies or third-party tracking cookies.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes via email to your registered address at least 14 days before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.

This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and any applicable provisions of the Digital Personal Data Protection Act, 2023.

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

GSTMint
Email: support@gstmint.in