Privacy Policy

Who We Are

Hisabchi ("हिसाबची") is an accounting and inventory platform for brick kilns and small businesses in India at hisabchi.com, operated by Hisabchi, Rajasthan, India (GSTIN: 08AETPN8404L1ZS).

Use of Hisabchi is also governed by our Terms of Service. We align our practices with applicable Indian data protection and IT laws, including the Digital Personal Data Protection Act, 2023, where applicable.

Your Role & Our Role

You remain the owner and controller of business data you enter. Hisabchi acts as a service provider / data processor on your instructions. We process account and security data (mobile number, login logs) to provide and secure the service.

Team Members & Workspace Access

If you invite staff or accountants, you are responsible for ensuring they are authorized and understand how their mobile number, name, and role are processed. Team members should only access data necessary for their role.

What We Collect

• Mobile phone number — OTP login; stored encrypted (AES-256-GCM)
• Profile & team information — name, role, workspace membership
• Business data — ledgers, sales, purchases, stock, attendance, attachments
• Payment metadata — subscription status and Razorpay references (not card/UPI details for checkout)
• Referral program data — referral code, attribution to referrer, wallet/ledger history; if you request payout: account holder name, bank name, and UPI ID (for UPI transfer only)
• Legal & consent records — when you accept Terms and Privacy at signup or re-consent: timestamps, policy versions shown, optional promotional opt-in/opt-out, and basic request metadata (e.g. IP, user agent) stored with your account
• Technical & security logs — IP, timestamps, device type, sessions, audit events

Cookies & Session Tracking

We use essential cookies and session tokens for secure login, CSRF protection, and workspace context. We do not use third-party advertising trackers.

If you arrive via a referral link (?ref=), we may store a short-lived cookie (e.g. hc_ref) so the referral can be linked when you sign up. You can clear cookies in your browser; clearing may prevent attribution.

Referral Program Data

If you participate in Refer & Earn:

• As a referrer: we store your referral code, signups attributed to you, reward status (pending, approved, paid, expired), ledger entries, and payout requests
• For payouts: account holder name, bank name, and UPI ID — used only to process referral rewards you request
• As a referred user: we store which referrer (if any) was linked at signup and whether a qualifying yearly payment occurred

We use this data to operate the program, prevent fraud (including self-referrals and duplicate accounts), calculate rewards, and meet legal/tax obligations where applicable.

Subscription & payment data

For paid plans we process billing through Razorpay (or successors we designate). We store:

• Your selected plan, subscription status, billing period dates, and workspace limits
• Razorpay subscription and payment identifiers (not full card or UPI credentials)
• Payment attempt logs (success, failure, abandonment) for support, fraud prevention, and receipts
• Trial-ending and payment-failure reminder timestamps (to avoid duplicate WhatsApp notifications)
• Invoice/receipt metadata and PDF paths where generated; WhatsApp delivery status if you use billing receipts on WhatsApp

We use this data to activate your plan, enforce read-only mode when appropriate, send transactional billing messages, and operate the Refer & Earn program for qualifying yearly payments.

Communications & marketing

Transactional: We send OTP, billing, security, and account messages without a separate marketing opt-in because they are necessary to provide the service.

Promotional (opt-in only): If you tick the optional promotional consent at signup, we may use your mobile number and/or email to send product updates, offers, or tips via SMS, WhatsApp, or email. You can opt out anytime by emailing privacy@hisabchi.com — we will stop promotional messages within a reasonable time.

We store your consent choice (opt-in time, version of policy shown, and opt-out time if applicable) for compliance and audit.

How We Use Your Data

• Provide, maintain, and improve the service
• Send OTP and account messages via MSG91
• Process subscriptions via Razorpay
• Detect and prevent fraud or unauthorized access
• Comply with legal obligations

Automated Processing

Automated processes include fraud detection, rate limiting, malware scanning, security monitoring, and subscription checks — designed to protect users, not to make legally significant decisions without human review where required.

Analytics & Monitoring

We use internal logs and diagnostic tools (and optional Sentry when enabled) for performance and security. We do not use these for third-party advertising.

We Do Not Sell Your Data

We do not sell, rent, or share personal or business data with third parties for their marketing purposes.

Sub-Processors

• Cloud hosting — application servers and secure file storage
• Database — MongoDB
• Payments — Razorpay
• Communications — MSG91 (OTP SMS/WhatsApp)
• Backups — encrypted disaster-recovery storage
• Error monitoring — optional Sentry

Third-Party Services

See sub-processors above. Third-party privacy policies: MSG91, Razorpay.

Hisabchi is not responsible for privacy practices of third-party sites linked from our platform.

Cross-Border Data Processing

Data may be processed in India or other jurisdictions via trusted providers, with appropriate contractual and technical safeguards.

Security Measures

• HTTPS/TLS encryption; mobile numbers encrypted at rest
• Multi-tenant isolation and role-based access
• CSRF protection, rate limiting, malware scanning on uploads
• Audit logging and encrypted backups for disaster recovery

Your Security Responsibilities

Protect your SIM and device, never share OTP codes, log out on shared devices, revoke team access when staff leave, and report suspected unauthorized access promptly.

Children's Privacy

Hisabchi is for users 18+ operating a business. We do not knowingly collect data from minors.

Your Rights

You may request access, correction, export, or deletion of your data, subject to applicable law. We aim to respond within 30 days (grievances within 15 working days under IT Rules).

Export, Portability & Backups

Export reports (CSV, Excel, PDF) where available. Request a JSON export of business data subject to verification. Maintain your own periodic backups — our backups are for disaster recovery only.

Retention, Inactivity & Deletion

• Data retained while your account is active
• Inactive workspaces (90+ days) may be deleted after notice
• Verified deletion completed within 90 days, except legally required records

Data Breach Notification

If a significant breach affects personal data, we will investigate, mitigate harm, and notify users and authorities as required by applicable law.

Legal Compliance & Law Enforcement

We may disclose limited information when required by law, court order, or lawful government request, disclosing only what is legally necessary.

Geographic Scope

Hisabchi is designed for businesses in India. Access from outside India may be restricted.

Data Protection Officer

A formal DPO under the DPDP Act is required only for Significant Data Fiduciaries. At our current stage, Hisabchi is not required to appoint one. Privacy queries: privacy@hisabchi.com. We will update this policy if that changes.

Changes to This Policy

We may update this policy from time to time. Material changes may be communicated via the app, email, or SMS. Continued use constitutes acceptance.