Privacy Policy

Account Information

When you register, we collect your name, email address, firm name, and password (stored as a secure hash). For client accounts we also collect GSTIN, business name, contact details, and GST registration information.

Financial & Tax Data

To perform reconciliation we process GSTR-2B data and Purchase Register data you upload. This includes invoice numbers, supplier GSTINs, taxable values, tax amounts, and ITC eligibility flags. This data is stored encrypted and is never shared with third parties.

Usage Data

We collect standard server logs (IP address, browser type, pages visited, timestamps) to operate and improve the platform. We do not use third-party analytics trackers.

Service Delivery

Your data is used solely to provide reconciliation reports, ITC risk analysis, and related features you have subscribed to.

Communication

We send transactional emails (OTP verification, invoice notifications, critical security alerts). We do not send marketing emails without your explicit consent.

Platform Improvement

Aggregated, anonymised usage patterns help us improve matching accuracy and add new features. No personally identifiable information is used for this purpose.

Infrastructure

All data is stored on MongoDB Atlas clusters hosted in India (Mumbai region) with encryption at rest and in transit (TLS 1.2+).

Access Controls

Access to production data is restricted to authorised personnel. Role-based access controls (CA, Staff, Client, Admin) ensure each user can only access their own data.

Retention

Reconciliation records are retained for 7 years in line with GST record-keeping requirements under Section 36 of the CGST Act. You may request deletion of your account data at any time, subject to statutory retention obligations.

No Third-Party Sales

We do not sell, rent, or trade your personal or financial data to any third party.

Service Providers

We use a limited number of sub-processors (cloud hosting, email delivery) who are contractually bound to protect your data and may not use it for any other purpose.

Legal Requirements

We may disclose data if required by applicable Indian law, court order, or government authority.

Access & Correction

You may access and update your account information at any time from your profile settings.

Data Portability

You can export your reconciliation data as Excel or PDF reports at any time from the Reports section.

Account Deletion

To permanently delete your account and associated data, contact us at support@gstr2bai.in. Deletion is processed within 30 days, subject to statutory retention requirements.

Session Cookies

We use a single httpOnly session cookie to maintain your authenticated session. This cookie is essential for the platform to function and cannot be disabled while you are logged in.

No Tracking Cookies

We do not use advertising cookies, cross-site tracking cookies, or any third-party marketing cookies.