GSTClear
Log inStart free trial

Privacy Policy

Last updated: 21 June 2026

GSTClear ("we", "us", "our") provides GST invoicing and compliance tools to Indian businesses. This policy explains what personal and business data we collect, how it is stored, who can access it, and how you can request its deletion. It is governed by the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 ("DPDP Act").

1. What data we collect

  • Account information: name, email address, and password (stored as a one-way hash, never in plain text).
  • Business details: business/proprietor name, GSTIN, MSME/Udyam registration number, address, state, and pincode.
  • Invoice and financial data: invoices you create, including buyer details, line items, GST amounts, and any bank account details (account name, bank name, account number, IFSC code) you choose to add for display on invoices.
  • Payment data: subscription and payment records. Card and UPI details themselves are handled directly by our payment processor, Razorpay, and are never stored on our servers.
  • Usage data: login timestamps, IP address, and browser/device information, used for security purposes such as detecting suspicious logins.

2. How your data is stored

Your data is stored in an encrypted PostgreSQL database hosted on Neon, with the application itself hosted on Vercel. Data is encrypted in transit (HTTPS/TLS) and at rest. Passwords are hashed with bcrypt and are never stored or transmitted in plain text.

3. Who can access your data

Only you, as the account owner, can access your business and invoice data through your logged-in account. A small number of authorized GSTClear administrators may access account data solely to provide support or investigate security issues, never to view your data for any other purpose. We do not sell your data, and we do not share it with third parties for marketing purposes. Limited data may be shared with service providers strictly necessary to operate GSTClear (e.g., Razorpay for payments, Resend for transactional email, Neon and Vercel for hosting), each bound by their own confidentiality obligations.

4. How long we keep your data

We retain your account and invoice data for as long as your account is active, and as required to comply with Indian tax and accounting record-keeping obligations after account closure.

5. Your rights and how to request deletion

Under the DPDP Act, 2023, you have the right to access, correct, or request deletion of your personal data. To request deletion of your account and associated data, contact us via our Contact page. We will process verified deletion requests within a reasonable time, subject to any data we are legally required to retain.

6. Cookies

We use essential cookies required for authentication and session management. We do not use third-party advertising or tracking cookies.

7. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date above.

8. Governing law

This policy is governed by the laws of India. Any disputes are subject to the exclusive jurisdiction of the courts of India.

9. Contact us

For any questions about this policy or your data, please reach us via our Contact page.

Chat with us