Privacy Policy
What personal data we collect, why we collect it, who we share it with, and the rights you can exercise over it.
Who we are
This policy describes the privacy practices of BillBasket Solutions LLP ("BillBasket", "we", "us"), a limited-liability partnership registered in India with its office at Kalyani Nagar, Pune, Maharashtra 411006. For privacy queries, write to support@billbasket.in.
Scope
This policy applies to:
- the corporate website at billbasket.in (this site);
- the BillBasket.app POS product, including the desktop application and accounts.billbasket.app;
- the Payment Collection & Gateway platform, including dashboards and APIs;
- the KYC, AML, credit-risk and banking-API services we operate for business customers;
- communication channels we run for sales, support, and recruiting.
It does not apply to third-party services we link to or to data processed by your bank or PSP under their own terms.
What we collect
Account information
Name, business name, designation, work email and phone, GSTIN (where applicable), and credentials you use to sign in.
Billing & subscription
Plan, invoices, GST details, and a payment-method reference. Full card numbers and CVV are processed by our payment partners and never reach our servers.
Usage telemetry
Application logs, device type, OS, app version, IP address, and crash reports — to keep the service reliable.
Customer business data
For products like BillBasket.app and our APIs, data your business enters or processes — bills, invoices, inventory, transactions, settlement records, KYC artefacts where applicable. You remain the owner; we are the processor.
Device permissions
Where features need them — camera (barcode scan), storage (offline DB), printer access (thermal/A4), and notification permission. Each is asked at the moment of first use.
Cookies & similar technologies
See our Cookie Policy for the categories used on this site.
How we use it
- To deliver and operate the services you signed up for.
- To process payments, generate invoices, and meet tax obligations.
- To provide customer support and respond to your queries.
- To detect, investigate, and prevent fraud, abuse, or breaches.
- To improve product quality through aggregated, de-identified analytics.
- To communicate updates, security advisories, and material changes to terms.
- To comply with applicable law, including RBI guidance and the Digital Personal Data Protection Act, 2023.
Legal bases
We rely on one or more of the following bases:
- Contract: to provide the services you have purchased.
- Consent: for marketing communications and non-essential cookies — withdrawable at any time.
- Legitimate interests: security, fraud prevention, and improving the service.
- Legal obligation: tax, accounting, AML, and regulatory disclosures.
Sharing & sub-processors
We do not sell your personal data. We share it only with:
- cloud infrastructure providers hosting our services (India region by default);
- payment gateways and banking partners to process transactions and settle funds;
- communication providers (email, SMS, WhatsApp, OTP) when you opt into those channels;
- analytics and crash-reporting providers operating on aggregated or de-identified data;
- auditors, advisors, and authorities where required by law.
An up-to-date list of material sub-processors is available on request at support@billbasket.in. Enterprise customers receive change notifications under their Data Processing Agreement.
Storage & cross-border transfers
Personal and customer business data is stored in India by default. Some communications and analytics providers may process limited data outside India under appropriate safeguards (standard contractual clauses or equivalent). We do not transfer customer business data outside India without your prior agreement.
Retention
We retain personal data only as long as necessary to:
- provide the services and administer your account;
- meet contractual, tax, accounting, and regulatory obligations;
- resolve disputes, enforce agreements, and maintain security and audit trails.
On termination, customer business data is made available for export for a defined window (see your Enterprise Service Agreement or the product's terms), after which it is deleted unless law requires retention.
Security
We employ commercially reasonable safeguards:
- encryption in transit (TLS 1.2+) and at rest where applicable;
- role-based access controls, MFA for administrative access, and audit logs;
- secure software-development practices, code review, and dependency scanning;
- regular backups, disaster recovery testing, and incident response runbooks;
- annual reviews of vendors and sub-processors.
If you discover a vulnerability, write to support@billbasket.in with the subject line "Security disclosure". We commit to acknowledge within 3 working days.
Your rights
Subject to applicable law, you may request:
- access to your personal data;
- correction of inaccurate data;
- erasure where the data is no longer necessary;
- portability in a structured, machine-readable format;
- withdrawal of consent (without affecting prior processing);
- to lodge a complaint with the Data Protection Board of India or your local supervisory authority.
Write to support@billbasket.in. We respond within 30 days.
Children's data
Our services are not directed at children under 18. We do not knowingly collect personal data from children. If you believe we have, write to us and we will delete it.
Updates to this policy
We may update this policy from time to time. Material changes are announced by email to account owners and at the top of this page for at least 30 days. The current version is stamped above.
Contact
Privacy queries: support@billbasket.in
Postal: BillBasket Solutions LLP, Kalyani Nagar, Pune, Maharashtra 411006, India