Privacy Policy

Last updated: 11 April 2026

This Privacy Policy describes how Pardeep Jha & Associates, Chartered Accountants ("Company", "we", "us"), operating the website raisebill.com and the RaiseBill application (the "Service"), collects, uses, stores, and protects information provided by users ("you", "User"). This policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023 ("DPDP Act"), and the Consumer Protection (E-Commerce) Rules, 2020.

1. Information We Collect

1.1 Free Tier Users (No Account)

When you use the Free Tier, we do not collect any personal or business data. All data you enter — business name, GSTIN, bank details, invoice items, customer details — is stored exclusively in your browser's localStorage on your device. This data is never transmitted to our servers. We have no ability to access, read, or recover this data.

1.2 Registered Users (Google OAuth)

When you sign in using Google OAuth, we receive and store the following information from Google:

  • Name — as set in your Google account
  • Email address — your Google account email
  • Profile picture URL — your Google account avatar (if available)
  • Google account ID — a unique identifier used for authentication

We do not receive or store your Google account password. Authentication is handled entirely by Google's OAuth 2.0 protocol via Supabase Auth.

1.3 Pro Plan Users

If you subscribe to the Pro Plan, we additionally store:

  • Company profile data — business name, GSTIN, address, state code, bank details (account number, IFSC, bank name), UPI ID
  • Company logo and signature — images uploaded to our secure storage
  • Invoice data — invoice number, date, supplier details, recipient details, line items, tax breakdowns, totals, payment status
  • Client data — client business names, GSTINs, addresses, contact details
  • Invoice sequence settings — prefix, last number, financial year

1.4 Payment Data

When you purchase a Pro Plan, the payment is processed by Razorpay. We store:

  • Razorpay order ID and payment ID (transaction references)
  • Payment amount and currency
  • Payment status (pending, success, failed, refunded)
  • Plan type (monthly/annual)

We do not store your card number, CVV, UPI PIN, net banking credentials, or any payment instrument details. These are handled entirely by Razorpay under Razorpay's Privacy Policy. Razorpay is PCI-DSS Level 1 compliant.

1.5 Automatically Collected Data

We do not use any third-party analytics, trackers, or cookies for advertising. The Service does not load Google Analytics, Facebook Pixel, or any similar tracking scripts. The only cookies used are:

  • Authentication session cookies — httpOnly cookies set by Supabase Auth to maintain your login session. These are strictly necessary for the Service to function and are not used for tracking.

2. Purpose of Data Collection

We collect and process your data for the following specific purposes:

Data Purpose Legal Basis (DPDP Act)
Name, email Account creation, communication Consent (Google OAuth)
Company profile Auto-fill invoices, display on invoices Performance of contract
Invoice data Cloud storage, history, GSTR-1 export Performance of contract
Client data Auto-fill recipient details Performance of contract
Payment data Activate Pro Plan, payment records, refund processing Performance of contract, legal obligation
Session cookies Maintain authenticated session Legitimate use (strictly necessary)

3. Data Storage and Security

3.1 Infrastructure

Pro Plan data is stored on Supabase (hosted on Amazon Web Services infrastructure). The database is PostgreSQL with encryption at rest (AES-256). All data transmission between your browser and our servers is encrypted using TLS 1.2 or higher.

3.2 Access Controls

All database tables are protected by Row Level Security (RLS) policies. This means each user can only access their own data — even if the database were compromised, one user's data cannot be accessed by another user's credentials. The public API key used in the browser does not grant access to any data without a valid authenticated session.

3.3 File Storage

Company logos and signatures are stored in a secure Supabase Storage bucket, scoped by user ID. Files are served via signed URLs with limited expiry.

3.4 Payment Security

All payment processing is handled by Razorpay, which is PCI-DSS Level 1 certified. Payment instrument details (card numbers, UPI PINs) never pass through our servers.

4. Data Sharing

We do not sell, rent, trade, or share your personal or business data with any third party for marketing or advertising purposes. Data is shared only with:

  • Supabase Inc. — as our database and authentication infrastructure provider (data processor). They process data on our behalf under their data processing terms.
  • Razorpay Software Pvt. Ltd. — as our payment gateway provider, solely for processing your payments.
  • Google LLC — solely for OAuth authentication. We receive only the data listed in Section 1.2; we do not send your invoice or business data to Google.
  • Law enforcement or regulatory authorities — only if required by a valid legal order under Indian law (e.g., court order, notice under the IT Act).

5. Data Retention

  • Free Tier data: Stored in your browser only. Clearing your browser data or localStorage removes it permanently. We have no copy.
  • Account data (name, email): Retained as long as your account exists. Deleted within 90 days of account deletion request.
  • Invoice and client data: Retained as long as your account exists. After account deletion, data is retained for up to 90 days (to allow recovery if requested), then permanently deleted.
  • Payment records: Retained for 8 years from the date of transaction, as required under the Income Tax Act, 1961, and GST record-keeping requirements.
  • Session cookies: Expire when you log out or after 7 days of inactivity.

6. Your Rights Under the DPDP Act, 2023

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:

  • Right to Access: You may request a summary of your personal data that we process and the processing activities undertaken.
  • Right to Correction and Erasure: You may request correction of inaccurate data or deletion of your data (subject to legal retention requirements).
  • Right to Grievance Redressal: You may raise a grievance with our Grievance Officer (details below) and expect a response within 30 days.
  • Right to Nominate: You may nominate another person to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, email us at info@raisebill.com with the subject line "Data Principal Rights Request".

7. Children's Data

The Service is not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If we become aware that we have collected data from a person under 18, we will delete it promptly.

8. Cross-Border Data Transfer

Your data is processed on Supabase infrastructure, which may be hosted in data centres outside India (AWS regions). Such transfers are conducted in compliance with Section 16 of the DPDP Act, 2023, and only to jurisdictions not restricted by the Central Government. We ensure that appropriate security safeguards are in place with our infrastructure providers.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users and/or a prominent notice on the website at least 15 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

10. Grievance Officer

In accordance with the Information Technology Act, 2000, and the DPDP Act, 2023, the details of our Grievance Officer are:

Name: Pardeep Jha
Designation: Grievance Officer
Email: info@raisebill.com
Phone: +91 84371-10333
Address: A1, B17, Kharar, opp. Anaj Mandi, Chaudhary Hari Singh Nagar, Sector 115, Kharar, Punjab 140301

Grievances will be acknowledged within 48 hours and resolved within 30 days of receipt.

11. Contact

For any questions or concerns regarding this Privacy Policy, contact us at:

Pardeep Jha & Associates, Chartered Accountants
Email: info@raisebill.com
Phone: +91 84371-10333
Website: raisebill.com