Privacy Policy

Last updated: June 10, 2025

Invozen ("we", "us", "our") is a GST invoice processing SaaS. This Privacy Policy explains what data we collect when you use Invozen, how we use it, and what rights you have over it. By using Invozen you agree to the practices described here.

1. Data We Collect

Account Data

When you create an account we collect your name, email address, and a hashed password. If you sign in via Google, we receive your Google profile name and email.

Invoice and Document Data

You upload invoices (PDF or image) for processing. We store the original files and the structured data extracted from them - party names, GSTINs, invoice numbers, amounts, HSN codes, and tax breakdowns - so you can review, correct, and export them.

GST Credentials (Optional)

If you connect a cloud drive (Google Drive, Dropbox) or email inbox for automated import, we store OAuth tokens scoped only to the folders or mailbox access you authorise. We do not store your GST portal password.

Tally Integration

If you use the Tally Desktop Agent, the agent communicates from your own machine to your local Tally instance. No Tally data is stored on our servers beyond what you explicitly import into Invozen (ledger names, stock item names, voucher data).

Usage Data

We collect standard server logs (IP address, browser type, pages visited, timestamps) and in-product events (features used, errors encountered) to operate and improve the service.

2. How We Use Your Data

  • To process, extract, and store your invoice data as part of the core service
  • To generate GST reports (GSTR-1, GSTR-2B, GSTR-3B) on your behalf
  • To send transactional emails - account verification, password reset, processing notifications
  • To detect and prevent abuse, fraud, or security incidents
  • To improve OCR and AI extraction accuracy (using anonymised, aggregated data only)

We do not sell your data. We do not use your invoice data to train third-party AI models without your consent.

3. Data Sharing

We share data only with sub-processors required to operate the service:

  • Cloud infrastructure providers - for hosting, storage, and database services.
  • Email delivery providers - for transactional emails only.

We may disclose data if required by law or to protect the rights, property, or safety of Invozen or its users.

4. Data Retention

Your invoice data, extracted records, and reports are retained for as long as your account is active. If you delete your account, your data is permanently deleted within 30 days. Anonymised, aggregated analytics data may be retained indefinitely.

5. Security

All data is encrypted in transit (TLS 1.2+) and at rest. Access to production data is restricted to authorised personnel. We use JWT-based authentication with short-lived tokens for all API access.

6. Your Rights (DPDP Act, 2023)

Under India's Digital Personal Data Protection Act, 2023, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Request erasure of your personal data
  • Withdraw consent where processing is consent-based

To exercise any of these rights, email us at hello@invozen.in. We will respond within 30 days.

7. Cookies

We use essential cookies for authentication (session management). We do not use third-party advertising or tracking cookies.

8. Children

Invozen is not intended for users under 18. We do not knowingly collect data from minors.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be notified via email or an in-app banner at least 7 days before they take effect. Continued use after the effective date constitutes acceptance.

10. Contact

For any privacy-related questions, contact us at hello@invozen.in.