Privacy Policy.

Last updated: May 20, 2026

1. Who we are

BillZap is a free GST billing app for Indian small businesses, built and operated by an independent team based in Coimbatore, Tamil Nadu, India. In this policy, "BillZap," "we," "our," and "us" refer to the team that builds and distributes the BillZap mobile application.

The BillZap mobile app is distributed through the Google Play Store as com.billzap.app.

For privacy-related questions, contact us at hello@billzap.app.

2. What data BillZap stores

BillZap stores the following data on your phone only, in a local encrypted database:

• Business profile — your business name, address, GSTIN, UPI ID, phone number, state, and other details you enter during setup
• Customer records — names, phone numbers, addresses, and GSTINs of customers you've billed
• Product catalog — products you've added, with prices, HSN codes, and tax rates
• Invoices — every invoice you create, including line items, taxes, totals, and payment status
• Day Close records — daily summaries of payments received by method (Cash, UPI, Bank, etc.)
• App settings — your language preferences, festival reminder settings, PIN preferences
• Security data — your 4-digit PIN, stored only as a SHA-256 cryptographic hash with a unique salt (we cannot read your actual PIN)

This data lives in a local database on your device. It is not synced, transmitted, backed up, or shared with us, with Google, or with any third party — unless you explicitly take an action that involves sharing (described in section 5).

3. What data BillZap does NOT collect

We want to be explicit about what we don't do:

• We do not collect your name, email, or phone number
• We do not require you to create an account or sign in
• We do not use Google Analytics, Firebase Analytics, Mixpanel, Amplitude, or any analytics platform
• We do not use Facebook SDK, AppsFlyer, Adjust, Branch, or any attribution/tracking SDK
• We do not display advertisements within the app, ever
• We do not log your usage patterns, screen views, or click events on any server
• We do not have crash reporting that sends data to us (the app uses Android's built-in crash logging, which only Google sees if you opt in via Play Store settings)
• We do not access your contacts, photos, calendar, or other personal data on your phone

Because we collect no data, we have no data to sell, share, or be hacked.

4. Android permissions BillZap requests

BillZap requests the following permissions on your Android device. Each is used only for the specific purpose described:

• Microphone (RECORD_AUDIO) — used only when you tap the microphone icon for voice billing. Audio is processed by Android's built-in speech recognition (which may use Google's servers depending on your Android settings) and is not sent to BillZap.
• Storage — used to save invoice PDFs and to read/write your backup files when you choose to back up.
• Biometric (USE_BIOMETRIC) — used only if you enable fingerprint unlock in Settings. Biometric data never leaves your device's secure hardware enclave; BillZap only receives a yes/no confirmation that authentication succeeded.
• Internet — required by Android to download font assets and to enable WhatsApp/email sharing. BillZap itself does not transmit your business data over the internet.
• Notifications — used for festival greeting reminders and tax filing reminders. All notifications are generated locally on your device.

You can revoke any permission at any time in Android Settings → Apps → BillZap → Permissions. Revoking a permission will disable the feature that needs it but will not prevent the rest of the app from working.

5. When data leaves your phone (and only when you initiate it)

The only ways your BillZap data leaves your phone are:

WhatsApp sharing

When you tap "Share via WhatsApp" on an invoice, Android's standard share intent passes the invoice PDF and a short text message to WhatsApp. From that point, the data is governed by WhatsApp's privacy policy, not ours. BillZap does not send anything to a BillZap server; the share happens directly between your phone and WhatsApp.

Email sharing

If you choose to email an invoice, the same applies — Android's share intent passes data to your email app, and from there it is governed by your email provider.

Backups to Google Drive

If you create an encrypted backup (Settings → Backup & Restore), the backup file is saved to your Google Drive account. The file is encrypted using your PIN before upload, meaning even Google cannot read its contents without your PIN. Google Drive's handling of the file is governed by Google's privacy policy.

UPI payment QR codes

When you create an invoice, a UPI QR code is generated locally on your device using your UPI ID. When a customer scans this QR with a UPI app (PhonePe, GPay, Paytm, etc.), the payment is processed by their UPI app and the receiving bank — not by BillZap. BillZap is not involved in the payment transaction itself.

Voice recognition

BillZap uses Android's speech-to-text service for voice billing. Depending on your Android version and settings, this may use on-device recognition (no data leaves your phone) or Google's cloud speech service (audio is sent to Google for transcription). This is controlled by your Android system settings, not by BillZap.

6. Data retention

Because BillZap stores data only on your phone, retention is entirely under your control:

• Data persists as long as the app is installed on your phone
• You can delete individual invoices, customers, or products at any time within the app
• Uninstalling BillZap deletes all app data permanently from your phone (subject to Android's data retention behavior)
• Factory resetting your phone deletes all BillZap data
• Backup files you've created remain on Google Drive (or wherever you saved them) until you delete them

We do not have copies of your data, so we cannot restore deleted data. Always back up regularly.

7. Security

We protect your data with the following measures:

• App Lock — optional 4-digit PIN plus biometric (fingerprint) authentication. The PIN is stored as a SHA-256 hash with a unique salt, not as plain text.
• Local database encryption — your BillZap database is stored in a secure app-private directory that other apps on your phone cannot access
• Auto re-lock — the app re-locks after 60 seconds in background, so a phone left on a counter doesn't expose your data
• Encrypted backups — backup files are encrypted with your PIN before being saved or shared
• No password reset — there is no "Forgot PIN" mechanism via email or SMS, because we have no way to verify your identity. This is a deliberate security choice: a PIN reset would require us to be able to read your data, which we cannot do.

While we take reasonable measures, no security system is perfect. If your phone is compromised, your local BillZap data may be at risk. Always use a device lock screen, keep your Android OS updated, and avoid installing apps from untrusted sources.

8. Your rights

Because all your data is on your phone, you have complete control:

• Access — view all your data within the BillZap app at any time
• Export — export your invoices, customers, and products as CSV files for use in Excel, Google Sheets, or accounting software
• Backup — create encrypted backup files and store them anywhere you choose
• Correction — edit any customer, product, or invoice within the app
• Deletion — delete individual records or uninstall the app to remove all data
• Portability — restore your data on a new phone by transferring your backup file

You do not need to contact us to exercise any of these rights — they are built into the app.

9. Children's privacy

BillZap is a business productivity tool intended for use by adults running businesses in India. We do not knowingly collect any data from children under the age of 13 (or the applicable age of digital consent in your jurisdiction). Because BillZap does not collect any data from any user, this requirement is satisfied by design. If you believe a child has been using BillZap, please contact us at hello@billzap.app.

10. International users

BillZap is designed primarily for users in India. The app and this policy are governed by the laws of India. If you use BillZap from outside India, you do so at your own initiative and are responsible for compliance with local laws.

Because BillZap stores data only on your device and we do not transfer data internationally, no cross-border data transfer concerns arise from the app itself.

11. Third-party services we rely on

BillZap as installed on your phone does not call any third-party services directly. However, the broader BillZap experience may involve these third parties when you take specific actions:

• Google Play Store — for app distribution and updates. Governed by Google's privacy policy.
• Google Drive — only if you choose to back up there. Governed by Google's privacy policy.
• Android system services — speech recognition and biometric authentication are provided by Android, not BillZap.
• Google Fonts — our website (billzap.netlify.app) loads typography from Google Fonts. This involves Google receiving the IP address of website visitors, governed by Google's policy.
• Netlify — our website is hosted by Netlify, which receives basic server logs (IP address, timestamp, page URL) as standard for any web hosting. Governed by Netlify's privacy policy.
• WhatsApp, email, UPI apps — only when you explicitly share via these. Governed by their respective policies.

12. Website cookies

Our website at billzap.netlify.app does not use any tracking cookies, advertising cookies, or third-party analytics. The site uses no persistent cookies. Your browser may store standard technical cookies for the duration of your visit, but these expire when you close the browser and are not used to track you.

13. Changes to this policy

We may update this policy from time to time as BillZap evolves. When we do:

• The "Last updated" date at the top of this page will change
• For material changes (anything that affects how we handle your data), we will mention the change in the app's update notes
• Continuing to use BillZap after a policy update means you accept the updated terms

You can review the current policy at any time at billzap.netlify.app/privacy.

14. Contact us

For any privacy-related questions, concerns, or requests, contact us at:

Email: hello@billzap.app
Address: Coimbatore, Tamil Nadu, India

We aim to respond to all inquiries within 7 business days.

15. Legal disclaimers

BillZap is provided "as is" without warranty of any kind. While we strive to ensure accurate GST calculations, HSN code suggestions, and tax compliance features, you remain responsible for verifying the accuracy of your invoices and your tax compliance. BillZap is not a substitute for advice from a qualified chartered accountant.

This policy is governed by the laws of India. Any disputes shall be resolved in the courts of Coimbatore, Tamil Nadu.

Thank you for trusting BillZap. We built this app because we believe Indian small businesses deserve good software that respects their data. If you ever feel we've fallen short of that promise, please tell us at hello@billzap.app.