Privacy Policy

Last updated: January 15, 2025

Welcome to UdharKhataPlus ("we," "our," "us," or "the App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("Service"). By using UdharKhataPlus, you consent to the data practices described in this policy.

Important: Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use the App.

1. Information We Collect

1.1 Personal Information You Provide

Account Information: Email address, password (encrypted), full name, phone number, business name, business type, GST number, and business address
Customer Data: Names, phone numbers, addresses, and profile images of your customers that you voluntarily add to the App
Transaction Records: Credit and payment transaction details including amounts, dates, notes, and attached images/receipts
Voice Data: Voice recordings when you use the voice input feature (processed locally and not stored permanently)
Contact Information: Access to your device contacts (only when you grant permission) to facilitate adding customers

1.2 Automatically Collected Information

Device Information: Device model, operating system version, unique device identifiers, mobile network information
Usage Data: App features used, time spent on features, crash reports, performance data
Location Data: We do NOT collect precise location data. General location may be inferred from IP address for service optimization
Log Data: IP address, access times, app version, and diagnostic information

1.3 Information from Third Parties

Authentication Services: If you sign in using third-party services, we receive basic profile information as permitted by those services
Payment Processors: Subscription payment information is processed by third-party payment gateways; we do not store credit card details

2. How We Use Your Information

We use the collected information for the following legitimate purposes:

Service Delivery: To provide, operate, and maintain the App's core functionality including customer management, transaction tracking, and reporting
Cloud Synchronization: To sync your data across multiple devices when you enable cloud sync (Premium feature)
Communication: To send payment reminders via WhatsApp/SMS (only when you initiate), subscription notifications, and important service updates
Personalization: To customize your experience, including language preferences and theme settings
Analytics & Improvement: To analyze usage patterns, identify bugs, improve features, and optimize app performance
Customer Support: To respond to your inquiries, provide technical assistance, and resolve issues
Security: To detect, prevent, and address fraud, security breaches, and unauthorized access
Legal Compliance: To comply with applicable laws, regulations, and legal processes
Business Operations: To process subscription payments, manage accounts, and send transactional emails

3. Data Storage and Security

3.1 Data Storage

Local Storage: All your data is stored locally on your device using SQLite database. This ensures the App works 100% offline and you maintain full control over your data.

Cloud Storage (Optional): If you enable cloud sync (Premium feature), your data is securely stored in our cloud database powered by Supabase (hosted on AWS infrastructure). Cloud sync is entirely optional and can be disabled at any time.

3.2 Security Measures

We implement industry-standard security measures to protect your information:

Encryption in Transit: All data transmitted between your device and our servers uses TLS/SSL encryption (HTTPS)
Encryption at Rest: Cloud-stored data is encrypted using AES-256 encryption
Authentication: Secure authentication using JWT (JSON Web Tokens) and bcrypt password hashing
Access Controls: Row-level security policies ensure users can only access their own data
Regular Updates: We regularly update our security protocols and conduct vulnerability assessments
Secure Infrastructure: Our cloud services are hosted on enterprise-grade, SOC 2 compliant infrastructure

3.3 Data Security Limitations

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

4. Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal information to third parties.

We may share your information only in the following limited circumstances:

4.1 With Your Explicit Consent

When you choose to send payment reminders via WhatsApp or SMS to your customers
When you export and share reports (PDF/Excel) with third parties
When you explicitly authorize data sharing for specific purposes

4.2 Service Providers

We work with trusted third-party service providers who assist in operating our App:

Supabase (Database & Authentication): Stores cloud-synced data and manages user authentication
AWS (Infrastructure): Provides hosting infrastructure for our cloud services
Payment Processors: Process subscription payments (they do not receive your customer or transaction data)

These providers are contractually obligated to protect your data and use it only for providing services to us.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

Valid legal processes (subpoenas, court orders, warrants)
Government or regulatory requests
Protection of our rights, property, or safety, or that of our users or the public
Enforcement of our Terms and Conditions
Investigation of fraud, security issues, or technical problems

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice in the App before your data is transferred and becomes subject to a different privacy policy.

4.5 Aggregated Data

We may share aggregated, anonymized data that cannot identify you personally for analytics, research, or marketing purposes.

5. Your Rights and Choices

You have the following rights regarding your personal data:

5.1 Access and Portability

Access: View all your data within the App at any time
Export: Download your complete data (customers and transactions) as Excel files
Data Portability: Transfer your data to another service using our export feature

5.2 Correction and Update

Profile Information: Update your profile, business details, and preferences in Settings
Customer Data: Edit or update customer information at any time
Transaction Records: Modify transaction details as needed

5.3 Deletion

Account Deletion: Delete your account and all associated data from Settings → Profile → Sign Out → Delete Account
Local Data: Uninstalling the App removes all locally stored data from your device
Cloud Data: Upon account deletion, cloud data is permanently deleted within 30 days
Right to be Forgotten: Contact us to request complete data deletion

5.4 Control and Preferences

Cloud Sync: Enable or disable cloud synchronization at any time
Notifications: Control notification preferences in device settings
Permissions: Manage app permissions (contacts, microphone, storage) in device settings
Language & Theme: Customize language and appearance preferences

5.5 Opt-Out Rights

Marketing Communications: We do not send marketing emails; you can opt out of service notifications
Data Collection: Use the App offline without cloud sync to minimize data collection
Voice Input: Voice feature is optional; disable microphone permission to prevent voice data processing

5.6 Exercising Your Rights

To exercise any of these rights, contact us at udharkhataplus@gmail.com. We will respond to your request within 30 days.

6. Data Retention

We retain your information for different periods depending on the type of data:

6.1 Active Accounts

Account Data: Retained as long as your account is active
Transaction Data: Retained indefinitely while your account is active (for business record-keeping)
Usage Logs: Retained for 90 days for troubleshooting and analytics

6.2 Deleted Accounts

Personal Data: Deleted within 30 days of account deletion
Backup Data: Removed from backups within 90 days
Legal Retention: Some data may be retained longer if required by law (e.g., tax records, legal disputes)

6.3 Inactive Accounts

If your account remains inactive for 3 years with no cloud sync activity, we may send a notification before deleting your cloud data. Local data on your device is unaffected.

7. Children's Privacy

UdharKhataPlus is not intended for use by individuals under the age of 18. The App is designed for business owners and professionals managing financial transactions. We do not knowingly collect personal information from anyone under 18 years of age.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at udharkhataplus@gmail.com. We will take steps to delete such information from our systems.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. Our cloud infrastructure (Supabase/AWS) may store data in various regions. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy, regardless of where it is processed.

9. Third-Party Links and Services

The App may contain links to third-party services (e.g., WhatsApp for sending reminders). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with your information.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

Right to know what personal information is collected, used, shared, or sold
Right to delete personal information
Right to opt-out of the sale of personal information (Note: We do NOT sell personal information)
Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at udharkhataplus@gmail.com.

11. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:

Right to access, rectify, or erase your personal data
Right to restrict or object to processing
Right to data portability
Right to withdraw consent at any time
Right to lodge a complaint with a supervisory authority

Our legal basis for processing your data includes: consent, contract performance, legal obligations, and legitimate interests.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

Posting the updated policy in the App with a new "Last updated" date
Sending an in-app notification or email (for significant changes)
Requiring your acceptance before continuing to use the App (for major changes)

Your continued use of the App after changes become effective constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: udharkhataplus@gmail.com
Response Time: We aim to respond to all inquiries within 48-72 hours

For data protection inquiries specifically, please include "Privacy Request" in your email subject line.