Legal

Privacy Policy

Last updated: 30 May 2026

GSTify ("we", "us") operates the GSTify mobile application and the website at gstify.site. This page explains what we collect, how we use it, and your rights.

1. Information we collect

1.1 Account information

  • Email address — used as your sign-in identifier (passwordless OTP).
  • Device identifier — generated locally so we can enforce the per-plan device limit.

1.2 Business data you create

  • Company profile (name, GSTIN, address, contact details).
  • Customers (names, GSTINs, billing addresses).
  • Invoices, delivery challans, quotations, proformas, POS bills.
  • Payments recorded against customers / invoices.
  • Products in your catalog.

This data is stored in Supabase (an encrypted PostgreSQL backend) and, if you opt in, mirrored to your own Google Drive backup.

1.3 Analytics and diagnostics

We use anonymous crash reports and basic usage analytics (screens visited, feature usage frequency) to improve the app. No invoice contents or customer data are sent in analytics.

2. How we use your data

  • To provide the app's core function (creating, storing, and exporting your invoices).
  • To sync your data across the devices you sign in on.
  • To send transactional notifications (e.g., overdue invoice reminders) — opt-out from in-app settings.
  • To enforce plan limits (free / pro / business).

We never sell your data to third parties. We do not run advertising in GSTify.

3. Data storage and security

  • All data is encrypted in transit (TLS 1.2+) and at rest (Supabase managed encryption).
  • Row-Level Security policies ensure you can only read / write your own data.
  • Google Drive backups are stored in your own Drive's appData scope — only the GSTify app can read them, no other Drive app can.
  • Push notification tokens are stored solely to deliver app notifications.

4. Third-party services

  • Supabase — database + authentication (data hosted in their secure cloud).
  • Google Sign-In / Drive — used only if you connect Drive backup. We request the minimum scope (drive.appdata).
  • Google Play Billing — used to process subscription purchases (Pro / Business). We never see your payment details.
  • India Post PIN lookup — public API used to auto-fill city/state from a PIN code. No personal data is sent.
  • Firebase Cloud Messaging — used to deliver push notifications.

5. Your rights

  • Access — view all your stored data from inside the app.
  • Export — generate PDFs of every invoice / report.
  • Delete — from Settings → Delete Account. This permanently removes your data from our servers within 7 days.
  • Disconnect Drive — revoke Drive access any time from Settings → Backup.

6. Data retention

Soft-deleted invoices, customers, and payments remain in trash for 30 days before being permanently dropped. Account deletion is permanent and irrecoverable after 7 days.

7. Children's privacy

GSTify is intended for use by business owners aged 18 or older. We do not knowingly collect data from children.

8. Changes to this policy

If we materially change this policy, we will notify you inside the app and update the "Last updated" date at the top of this page.

9. Contact

Questions? Email us at support@gstify.site.