BillTrack Privacy Policy
This Privacy Policy explains how BillTrack (“BillTrack”, “we”, “us”, “our”) collects, uses, shares, stores, and protects information. It applies when you visit billtrack.co.in. It applies when you request a demo. It applies when you use our cloud GST billing and accounting platform and our mobile application (together, the “Services”). BillTrack is operated by Turain Software Pvt. Ltd., the company behind BillTrack. By using the Services, you agree to the practices described in this Privacy Policy.
1) WHO THIS POLICY APPLIES TO
This policy applies to website visitors. It applies to users who register for BillTrack. It applies to business owners, staff members, and any authorized user on an account. It also applies to mobile app users and device-based features, including barcode scanning, receipt capture, printer connectivity, and notifications.
This policy does not apply to third-party websites or services that you may open through links or integrations. Those third parties follow their own privacy practices. You should review their policies before you share information with them.
2) IMPORTANT NOTE FOR BUSINESS USERS
BillTrack is a business tool. It is designed to help businesses manage billing, accounting, and finance operations in a more organized way.
You may enter customer and vendor details in BillTrack. You may also upload documents and images for your business records. You are responsible for using such information lawfully. You are also responsible for restricting staff access on shared devices and shared logins, where applicable.
3) INFORMATION WE COLLECT
3.1 Information You Provide
We collect information that you submit while using the Services. The exact data depends on the features you use.
This may include account details. It may include your name, phone number, email address, and password. It may include your business name and business type. It may include GSTIN if you choose to provide it. It may include an operating address if you choose to provide it.
This may also include business records you create. It can include invoices and quotations. It can include customer and vendor details that you enter. It can include ledger entries, product lists, inventory details, tax settings, and reports. It can include reminders you set for payments and dues.
This may also include uploads you choose to add. It can include your business logo. It can include receipt images. It can include item photos. It can include documents attached to records.
This may also include support communications. It can include messages, emails, and issue reports. It can include information you share when you request troubleshooting.
3.2 Information We Collect Automatically
When you use our website or app, we may collect some information automatically.
This can include device and technical data. It can include device model, OS version, app version, language, time zone, and network type. It can also include log data, such as IP addresses, timestamps, access events, and security events.
We may also collect diagnostics. This can include crash logs, performance signals, and error reports. We use this to improve stability and to reduce service interruptions.
3.3 Cookies and Similar Technologies (Website)
We may use cookies and similar technologies on the website. They help with session continuity. They help with basic security controls. They also help us understand which pages perform well and which pages need improvement.
You can control cookies through your browser settings. If you block cookies, some features may not work as intended.
4) DATA CATEGORIES SUMMARY
We may process account data when you register or use BillTrack. This can include your name, phone number, email address, and login credentials. We use it to create your account, verify your identity, and provide support when you ask for help. Limited parts of this data may be shared with our hosting provider and support tools, but only when required for service delivery. We typically retain it while your account remains active. In some cases, we may retain it longer to meet legal requirements or maintain backups.
We may process business records that you create inside BillTrack. This includes invoices, quotations, ledgers, inventory entries, tax settings, and business reports. We use this data to run the core billing and accounting features, and to generate outputs such as PDFs, summaries, and insights. We may store and sync these records through cloud infrastructure so you can access them across devices. If you enable optional integrations, limited data may be shared only to make that integration work. We retain business records as long as they are needed to provide the Services, and longer where compliance, audits, or dispute handling requires it.
We may process files and images you choose to upload. This can include your business logo, receipt images, and item photos used for inventory and expense tracking. We use these uploads to help you maintain records with better clarity, and to support invoice branding where you choose to apply it. These files may be stored with our cloud storage provider. Support may view them only when you request assistance and when access is needed to resolve the issue. If you delete an upload where deletion controls are available, we will remove it from active systems, although limited copies may remain in backups for a short period.
We may process technical and usage logs to keep the Services stable and secure. This can include IP address, device model, OS version, app version, feature usage signals, and crash logs. We use this data to detect suspicious activity, troubleshoot errors, and improve app performance over time. If we use analytics or crash service providers, we may share limited diagnostic signals with them, strictly for reliability and debugging purposes. We retain most logs for a limited duration, but some security-related logs may be kept longer when investigations or protective monitoring require it.
We may process approximate location, and we may process precise GPS if you explicitly allow it. Location data may be used in specific device and OS scenarios for hardware connectivity workflows, and it may also support security verification and unusual access detection. We do not require location access for features that do not depend on it, and you can revoke permission at any time from device settings. We collect location signals only when needed for the stated purposes, and we avoid continuous collection unless it is essential for a feature you are actively using.
We may process Bluetooth connectivity data to help you connect with external business hardware. This can include device identifiers used for pairing, connection status, and session-level signals needed to keep printers or scanners working smoothly. We use it to print receipts, connect barcode scanners, and manage active connections during your business operations. We do not use this data to track you for advertising, and we do not share it externally except where OS-level handling is inherent to Bluetooth operations. We keep it minimal, and it is often session-based. Some connection preferences may remain on your device to reduce repeated setup steps.
We may process notification tokens and delivery signals to send important alerts. These alerts can include end-of-day summaries, overdue payment reminders, pending vendor bill reminders, and critical security notices. We may use notification delivery providers to deliver these messages reliably, but the content and purpose remain limited to service operations and account safety. If you disable notifications in device settings, we stop sending non-essential alerts. Some security notices may still be shown inside the app when you sign in, because they protect your account.
Note: Exact retention can vary depending on legal obligations, dispute resolution, accounting needs, and backups.
5) HOW WE USE INFORMATION
We use information to provide the Services. We use it to run billing workflows. We use it to generate invoices and store ledger data. We use it to manage inventory records and tax settings. We use it to generate reports and summaries.
We use information to sync records across devices. We use it to back up data and maintain continuity, so your business records remain recoverable when needed. BillTrack positions itself as an online GST billing tool built for smoother business operations, which typically requires secure syncing and backups to function reliably.
We use information to provide support. We use it to respond to queries and resolve issues. We may use it to verify account ownership during support conversations, when security requires it. BillTrack provides multiple support contact modes on its website, including phone and support emails.
We use information to keep the Services secure. We use it to detect suspicious sign-in attempts. We use it to prevent unauthorized access. We use it to protect records against misuse, fraud, and system abuse.
We also use limited analytics and diagnostics to improve performance. We use it to fix bugs. We use it to reduce crashes and improve reliability over time.
We use information to comply with legal obligations and enforce our agreements, where required.
6) DEVICE PERMISSIONS AND DATA ACCESS (MOBILE APP)
To provide BillTrack Services and ensure smooth daily business operations, our mobile application requests specific permissions. We follow data minimization principles. We request access only when it is necessary for the function you are using.
When you use the BillTrack app, you may be prompted to grant the following permissions:
6.1 Network Access (INTERNET)
Purpose of Processing: We require internet access to connect the BillTrack app to our cloud servers. This supports data synchronization across devices. It supports secure backups. It supports real-time reporting and record updates.
6.2 Camera Access (CAMERA)
Purpose of Processing: With your explicit permission, we access your device’s camera for core operational features. We use it to scan product barcodes for fast checkout. We use it to capture images of vendor receipts for expense tracking. We use it to photograph inventory items to attach them to your digital database.
6.3 Storage and Media Access
Purpose of Processing: Storage permissions are used when you want to save locally generated files. This includes PDF invoices. It can include financial reports. It can include locally stored backups. Media access is used when you choose to upload a business logo or attach specific gallery images to records.
Note on Android 13+ and newer: Newer Android versions support more granular media access and selection-based tools such as the system photo picker. This allows users to share only selected images or videos rather than granting broad library access, when implemented.
6.4 Location Information
Purpose of Processing: We collect approximate location and, with your consent, precise location (GPS) for two main reasons.
First, hardware connectivity: Depending on the Android version and the device environment, some nearby-device workflows may require permission combinations that intersect with location-related models. Newer Android versions also support Bluetooth scanning using dedicated Bluetooth permissions without requiring location in many scenarios, and we aim to use the least intrusive option supported by your device.
Second, security and verification: We may use location signals to detect unusual account activity. We may use it to reduce fraudulent access risks. We may also use it to support business localization settings, where relevant.
You can control location permissions at any time through device settings. If you deny location, features that truly depend on it may not work, but other features should continue to work.
6.5 Bluetooth Connectivity
Purpose of Processing: We request Bluetooth permissions to scan for, pair with, and manage connections to external hardware. This is used to connect to Bluetooth thermal printers for issuing physical receipts. It is also used to connect to wireless barcode scanners at the billing counter.
On Android 12 and above, Bluetooth uses dedicated runtime permissions like BLUETOOTH_SCAN, BLUETOOTH_CONNECT, and BLUETOOTH_ADVERTISE, and the system presents this as “Nearby devices.”
We do not use Bluetooth data for advertising tracking.
6.6 Push Notifications (POST_NOTIFICATIONS)
Purpose of Processing: We request notification permission where required by your operating system. We use notifications to deliver important business alerts. This can include end-of-day summaries. This can include overdue customer payment reminders. This can include pending vendor bill reminders. It can also include critical account security notices.
You can manage or disable notifications at any time from your device settings. If you disable them, we stop sending non-essential alerts. Some important security notices may still be shown inside the app after you sign in.
6.7 Managing Permissions
You can deny or revoke permissions at any time. Some features may not function without certain permissions. Barcode scan requires camera access. Receipt printing requires Bluetooth access. File saving requires storage access. We try to keep the rest of the app usable even if you deny optional permissions.
6A) PHOTO FILES ACCESS (IMAGES ONLY)
BillTrack may request access to photo files stored on your device. This access is used only for features you actively choose to use. It is limited to business record attachments and is not used for advertising profiling.
6A.1 What Image Files We May Access
BillTrack may access image files only. This may include common formats supported by your device, such as JPG and PNG. BillTrack does not request access to video files through this feature.
6A.2 Why We Request Image Access
We request image access only for business operations inside the app, including:
- Uploading a business logo for invoice branding.
- Attaching receipt photos to expense entries and vendor bills.
- Attaching product or inventory images to item records.
- Attaching other selected images to business records where the feature supports it.
6A.3 How Access Works on Android 13 and Newer
On Android 13 and above, Android supports granular media permissions for images such as READ_MEDIA_IMAGES instead of broad storage access. Android may also provide a system photo picker allowing you to select specific images instead of granting access to the entire gallery.
We aim to use the least invasive access method supported by your Android version and device.
6A.4 What We Do Not Do With Your Images
- We do not sell your photos.
- We do not use your photos for advertising targeting.
- We do not scan your entire gallery in the background for unrelated purposes.
- We access images only when you select and upload them as part of BillTrack features.
6A.5 Where Images Are Stored After Upload
If you upload images, they may be stored on our cloud systems so they remain linked to your business records. This allows access across devices and ensures availability even after reinstalling the application.
Access to stored images is limited to service delivery and support needs.
6A.6 Sharing of Uploaded Images
We do not share your uploaded images with third parties for marketing purposes. Images may be shared only with service providers involved in storage, delivery, or support tools, and only to the extent required to provide the Services.
6A.7 User Control and Permission Management
You can deny image permissions or revoke them at any time through your device settings. If you deny access, you can still use other parts of BillTrack. Only image upload and attachment features may be limited.
6A.8 Compliance Note for Google Play Review
Google Play restricts broad photo and video access permissions. Apps should request such access only when it is necessary for core functionality. Apps with occasional attachment needs are generally expected to use selection-based access where possible.
BillTrack follows these principles and requests only what is required for the selected feature.
7) HOW WE SHARE INFORMATION
We do not sell Personal Data as a business model.
We may share limited information only in specific situations.
7.1 Service Providers (Processors)
We may share information with service providers who help us run the Services. This can include cloud hosting and storage providers. It can include customer support tooling. It can include notification delivery services. It can include analytics and crash reporting providers, if they are used in your build. These providers process data only to deliver services to us. They are expected to protect it. They should not use it for unrelated purposes.
7.2 Legal, Safety, and Compliance
We may disclose information if required by law, court order, or valid government request. We may also disclose information to investigate suspected fraud. We may do it to protect users, our systems, and our rights. We may do it to enforce agreements and prevent abuse.
7.3 Business Transfers
If BillTrack or Turain Software Pvt. Ltd. undergoes a merger, acquisition, restructuring, or asset transfer, information may be transferred as part of the transaction. We will handle it in line with applicable law and reasonable safeguards.
7.4 Integrations You Enable
If you enable third-party integrations, we may share the limited information required for that integration to function. We share only what is needed for the specific integration feature you use.
8) DATA RETENTION
We retain information only for as long as necessary. We retain it to provide the Services. We retain it for backups and continuity. We retain it for security monitoring and fraud prevention. We retain it to meet legal, tax, and accounting obligations. We also retain it to resolve disputes and enforce agreements.
If you request deletion, we review the request. We delete information where applicable. We may retain limited information if the law requires it. We may also retain limited information if it is needed for security, fraud prevention, or dispute resolution.
9) SECURITY SAFEGUARDS
We use reasonable safeguards designed to protect information. These include administrative controls. They include technical measures. They include organizational safeguards. The goal is to reduce unauthorized access, disclosure, alteration, and destruction.
No system is perfectly secure. You should keep your password confidential. You should protect shared devices with locks and access controls. You should also keep your device and app updated.
10) PERSONAL DATA BREACH RESPONSE
If we become aware of any personal data breach, we act promptly. We investigate the incident. We contain the breach. We take steps to reduce harm.
To the best of our knowledge, and where required by applicable law, we will inform each affected user without delay. We will communicate in a concise, clear, and plain manner. We will do it through your user account or through any mode of communication registered by you with us.
Our intimation will include a description of the breach. It will cover the nature of the breach. It will cover the extent of the breach. It will also cover the timing of its occurrence. It will explain the likely consequences relevant to you. It will also describe the measures we have taken, or propose to take, to mitigate risk and reduce harm.
Where required under applicable law, we will also notify the Data Protection Board and/or any other competent authority.
11) YOUR RIGHTS AND CHOICES
Subject to applicable law, you may request access to certain personal data information. You may request the correction or updating of inaccurate data. You may request deletion or erasure in appropriate cases.
We may verify your identity before fulfilling requests. We do this to protect your account. We do this to prevent unauthorized actions.
12) CHILDREN’S PRIVACY
BillTrack is intended for business users. It is not designed for children. If we learn that we collected personal data from a child in a manner not permitted by applicable law, we will take reasonable steps to delete it.
13) INTERNATIONAL DATA TRANSFERS
Your data may be processed in India. It may also be processed in other jurisdictions, depending on the infrastructure and service providers used. Where cross-border processing occurs, we take reasonable steps to apply safeguards and contractual protections, as appropriate.
14) THIRD-PARTY LINKS
Our Services may contain third-party links. Those third parties control their own privacy practices. We are not responsible for their policies. You should review them before sharing information.
15) CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. We will revise the “Last Updated” date. If you continue to use the Services after an update, you accept the revised policy.
16) CONTACT INFORMATION AND GRIEVANCE REDRESSAL
For privacy questions, rights requests, or complaints, contact:
BillTrack (Turain Software Pvt. Ltd.)
Website: billtrack.co.in
Helpline Numbers: +91 9230996919
Official Support Email: support@billtrack.co.in
Company Address: 6/12 Poddarnagar, Kolkata-700068, WB, India
We acknowledge grievances and respond within the timelines required by applicable law. We also respond as soon as reasonably possible.
17) Platform Listings and Disclosures
If BillTrack is made available through third-party distribution platforms, the information shown on those listings (including data and privacy disclosures) is intended to reflect this Privacy Policy and our actual data-handling practices. We ensure these disclosures remain accurate, and we update them if our data practices change. -- all content needed in html format
18) PAYMENTS AND PAYMENT GATEWAY (RAZORPAY)
BillTrack uses Razorpay as a payment gateway for certain paid services. Razorpay is a third-party payment service provider. Razorpay processes payments on our behalf. Razorpay may also process personal data as part of payment processing.
18.1 When This Section Applies
This section applies when you attempt a payment inside BillTrack. It also applies when you renew a plan. It also applies when you pay any fees, if such fees are enabled in your BillTrack version.
18.2 What BillTrack Shares With Razorpay
When you initiate a payment, BillTrack may share limited information required to create and process the transaction. This may include your name. This may include your phone number. This may include your email address. This may include your business name. This may include the payment amount. This may include currency. This may include order or invoice references. This may include device or technical identifiers needed for fraud prevention and security.
Razorpay’s buyer notice describes the collection of personal identifiers, transaction data, device and technical data, and regulatory or compliance data for fraud detection.
18.3 What Razorpay Collects During Payment
When you pay through Razorpay, Razorpay may collect payment and transaction information to process the payment.
Razorpay’s privacy disclosures describe storing customer information such as address, mobile number, card details, email, and other payment identifiers when payments are made through Razorpay checkouts.
Razorpay may also collect device and technical data, such as IP address and device identifiers. Razorpay describes collecting device and technical data in its buyer notice.
18.4 Card and Bank Details
BillTrack does not ask you to type card details into BillTrack screens if Razorpay checkout is used. Your card or bank details are entered on Razorpay-powered payment flows or on your UPI app flows, as applicable.
Razorpay’s privacy disclosures state that customer information can include card details when payments are made through Razorpay checkouts.
BillTrack may receive only limited transaction outputs needed to confirm payment status. This can include payment status. This can include payment reference IDs. This can include timestamps. This can include masked identifiers or method type where provided by the gateway.
18.5 Consent and Sharing With the Business
Razorpay’s policy notes that customer information may be shared with the respective business only if the customer consents to sharing it during the transaction on Razorpay-powered applications.
BillTrack uses payment information only to confirm your payment and enable paid features. We do not use payment data for advertising profiling.
18.6 Fraud Prevention and Compliance
Payments may be screened for fraud prevention and compliance. Razorpay’s buyer notice states that it may collect regulatory and compliance data for background checks and fraud detection as required under applicable law.
Razorpay uses this information to prevent fraud and enhance security.
18.7 Razorpay’s Role and Its Policies
Razorpay processes personal data in accordance with its own privacy disclosures and applicable law. Razorpay’s buyer notice states that personal data is collected by and/or controlled by Razorpay Payments Private Limited (and affiliates).
They may share data with affiliates and service providers for payment processing and related services.
If you use Razorpay payment flows, you should review Razorpay’s privacy disclosures that apply to you.
18.8 Payment Failures, Chargebacks, Refunds, and Disputes
If a payment fails, you may see a failed status in BillTrack. If your bank debits money but the payment fails, your bank or UPI provider may reverse it based on their timelines.
If a refund is applicable, we may initiate it through Razorpay rails. The time to reflect depends on banking networks and your payment method.
If there is a dispute or chargeback, we may need to use transaction records, gateway references, and logs to investigate and respond.
18.9 Data Minimization
We share only what is required for payment processing. We do not request unrelated payment data. We do not sell payment information. We do not publicly disclose financial or payment information.
Google Play’s User Data policy also expects clear disclosure for how apps handle payment and sensitive data.