Jump to section
- Who we are
- Data roles
- Team access
- What we collect
- Cookies & analytics
- Referral program
- Subscription & payments
- Communications
- WhatsApp summaries
- How we use data
- Automated processing
- Analytics
- No selling data
- Sub-processors
- Third parties
- Cross-border
- Security
- Your responsibilities
- Children
- Your rights
- Export & portability
- Account deletion
- Retention
- Breach notification
- Law enforcement
- Geographic scope
- Data Protection Officer
- Changes
- Contact
Who We Are
Hisabchi ("हिसाबची") is an accounting and inventory platform for brick kilns and small businesses in India at hisabchi.com, operated by Hisabchi, Rajasthan, India (GSTIN: 08AETPN8404L1ZS).
Use of Hisabchi is also governed by our Terms of Service. We align our practices with applicable Indian data protection and IT laws, including the Digital Personal Data Protection Act, 2023, where applicable.
Your Role & Our Role
You remain the owner and controller of business data you enter. Hisabchi acts as a service provider / data processor on your instructions. We process account and security data (mobile number, login logs) to provide and secure the service.
Team Members & Workspace Access
If you invite staff or accountants, you are responsible for ensuring they are authorized and understand how their mobile number, name, and role are processed. Team members should only access data necessary for their role.
What We Collect
- Mobile phone number — OTP login; stored securely (encrypted at rest)
- Profile & team information — name, role, workspace membership
- Business data — ledgers, sales, purchases, stock, attendance, attachments you upload
- Media metadata — when you attach photos or videos, we may store capture time and, if you allow it in your browser, approximate location to support receipt and proof records
- Payment metadata — subscription status and payment partner references (not card/UPI credentials for checkout)
- Referral program data — referral code, attribution to referrer, wallet/ledger history; invitee contact details you submit for invites; if you request payout: account holder name, bank name, and UPI ID (for UPI transfer only)
- Legal & consent records — when you accept Terms and Privacy at signup or re-consent: timestamps, policy versions shown, optional promotional opt-in/opt-out, and basic request metadata stored with your account for compliance
- Service logs — general connection and activity records used for security, support, and reliability (we do not publish internal security configurations)
Cookies, Sessions & Analytics
We use essential cookies and session tokens for secure login, workspace context, and protection against common web attacks. We do not use third-party advertising trackers.
If you arrive via a referral link (?ref=), we may store a referral cookie (e.g. hc_ref) for up to 30 days so the referral can be linked when you sign up. You can clear cookies in your browser; clearing may prevent attribution.
On public pages (such as our homepage and pricing), we may use Google Analytics to understand aggregate traffic (pages viewed, general device/browser type, approximate region). We configure IP anonymization where supported. You can limit analytics via browser settings or Google's opt-out tools. Analytics data is used for product improvement, not to sell your business records.
Referral Program Data
If you participate in Refer & Earn:
- As a referrer: we store your referral code, signups attributed to you, reward status (pending, approved, paid, expired), ledger entries, and payout requests
- Invites you send: if you use in-app WhatsApp or email invite, we process the contact details you enter solely to deliver that invite on your behalf — you must have permission from the recipient
- Leaderboard: top referrers may see a shared leaderboard inside the app showing display name, referral code, signup counts, and reward totals for a recent period
- For payouts: account holder name, bank name, and UPI ID — used only to process referral rewards you request
- As a referred user: we store which referrer (if any) was linked at signup and whether a qualifying yearly payment occurred
We use this data to operate the program, prevent fraud (including self-referrals and duplicate accounts), calculate rewards, and meet legal/tax obligations where applicable. Program rules are in our Terms of Service.
Subscription & payment data
For paid plans we process billing through Razorpay (or successors we designate). We store:
- Your selected plan, subscription status, billing period dates, and workspace limits
- Razorpay subscription and payment identifiers (not full card or UPI credentials)
- Payment attempt logs (success, failure, abandonment) for support, fraud prevention, and receipts
- Trial-ending and payment-failure reminder timestamps (to avoid duplicate WhatsApp notifications)
- Invoice/receipt metadata and PDF paths where generated; delivery status for billing messages you enable
We use this data to activate your plan, enforce read-only mode when appropriate, send transactional billing messages, and operate the Refer & Earn program for qualifying yearly payments.
Communications & marketing
Transactional: We send OTP, billing, security, and account messages without a separate marketing opt-in because they are necessary to provide the service.
Promotional (opt-in only): If you tick the optional promotional consent at signup, we may use your mobile number and/or email to send product updates, offers, or tips via SMS, WhatsApp, or email. You can opt out anytime by emailing [email protected] — we will stop promotional messages within a reasonable time.
We store your consent choice (opt-in time, version of policy shown, and opt-out time if applicable) for compliance and audit.
WhatsApp Business Summaries
On eligible plans, Hisabchi can send scheduled business summaries to WhatsApp numbers you configure — for example day-book performance, trial or billing reminders, and payment receipts. These messages may include summary financial figures from your workspace (such as sales, purchases, dues, or cash position).
- Delivery uses licensed messaging partners and the WhatsApp network; message content is limited to what is needed for the notification you enabled
- You are responsible for adding only phone numbers of people who have agreed to receive these business messages (owners, managers, accountants, etc.)
- You can update or remove recipient numbers in your workspace settings
How We Use Your Data
- Provide, maintain, and improve the service
- Send OTP and account messages via MSG91
- Process subscriptions via Razorpay
- Detect and prevent fraud or unauthorized access
- Comply with legal obligations
Automated Processing
Automated processes include fraud detection, rate limiting, malware scanning, security monitoring, and subscription checks — designed to protect users, not to make legally significant decisions without human review where required.
Analytics & Monitoring
We use internal logs and diagnostic tools (and optional error monitoring when enabled) for performance, reliability, and security. Public marketing pages may use Google Analytics as described above. We do not use these tools for third-party advertising or to sell your business data.
We Do Not Sell Your Data
We do not sell, rent, or share personal or business data with third parties for their marketing purposes.
Sub-Processors
We use trusted providers to run the service. We share only what each provider needs to perform their role:
- Cloud hosting — application servers and secure file storage
- Database — managed database services
- Payments — Razorpay
- Communications — licensed SMS/WhatsApp delivery partners (including MSG91)
- Email delivery — transactional email providers (invites, receipts, optional backups when enabled)
- Website analytics — Google Analytics on public pages only
- Backups — encrypted disaster-recovery storage
- Error monitoring — optional crash/diagnostic reporting
Third-Party Services
See sub-processors above. Third-party privacy policies: Google, MSG91, Razorpay.
Hisabchi is not responsible for privacy practices of third-party sites linked from our platform.
Cross-Border Data Processing
Data may be processed in India or other jurisdictions via trusted providers, with appropriate contractual and technical safeguards.
Security Measures
- Encryption in transit and for sensitive account fields at rest
- Workspace isolation and role-based access inside each tenant
- Protections against common web attacks and unsafe file uploads
- Activity logging and encrypted backups for disaster recovery
Your Security Responsibilities
Protect your SIM and device, never share OTP codes, log out on shared devices, revoke team access when staff leave, and report suspected unauthorized access promptly.
Children's Privacy
Hisabchi is for users 18+ operating a business. We do not knowingly collect data from minors.
Your Rights
You may request access, correction, export, or deletion of your data, subject to applicable law. We aim to respond within 30 days (grievances within 15 working days under IT Rules).
Export, Portability & Backups
Export reports (CSV, Excel, PDF) where available. Workspace owners can download a ZIP backup (Excel for reading, JSON for restore) from Settings. Optional scheduled backup emails are sent only when you opt in. Maintain your own periodic copies — platform backups are primarily for disaster recovery.
Account Deletion
Workspace owners may request account deletion from Settings. When you confirm with OTP:
- Your account enters a grace period (shown in the app, typically about three weeks) during which you can still export data or cancel the deletion request
- During grace, access may be limited to deletion-related actions and exports
- After grace ends, we permanently delete or anonymize personal and workspace data within the timelines below, except where law requires retention
We may send transactional reminders during grace so you do not lose data unintentionally.
Retention, Inactivity & Deletion
- Data retained while your account is active
- Inactive workspaces (90+ days) may be deleted after notice
- Verified deletion completed within 90 days after the grace period ends, except legally required records (billing, fraud prevention, consent logs)
Data Breach Notification
If a significant breach affects personal data, we will investigate, mitigate harm, and notify users and authorities as required by applicable law.
Legal Compliance & Law Enforcement
We may disclose limited information when required by law, court order, or lawful government request, disclosing only what is legally necessary.
Geographic Scope
Hisabchi is designed for businesses in India. Access from outside India may be restricted.
Data Protection Officer
A formal DPO under the DPDP Act is required only for Significant Data Fiduciaries. At our current stage, Hisabchi is not required to appoint one. Privacy queries: [email protected]. We will update this policy if that changes.
Changes to This Policy
We may update this policy from time to time. Material changes may be communicated via the app, email, or SMS. Continued use constitutes acceptance.
Contact Us
Privacy questions, data access, correction, export, or deletion requests.
- Legal name
- Hisabchi
- Website
- hisabchi.com
- Address
- Rajasthan, India
- GSTIN
- 08AETPN8404L1ZS
- Support
- [email protected]
- Privacy
- [email protected]
Grievance Officer (India)
Under the IT Act, 2000 and applicable rules. For privacy or data grievances, contact our nodal officer:
- Designation
- Nodal Grievance Officer — Hisabchi
- [email protected]
- Response time
- Within 15 working days