Privacy Policy
Last updated: 19 June 2026
How the BillBasket POS App handles your information — built privacy-first
1. Introduction
Welcome to BillBasket, a point-of-sale, billing, invoicing, and reconciliation application developed and operated by BillBasket Solutions LLP ("BillBasket", "Company", "we", "our", or "us").
Protecting the privacy, confidentiality, integrity, and security of customer information is one of our highest priorities. The BillBasket POS App has been designed with a privacy-first philosophy, so that Customers retain maximum control over their information while we provide reliable, secure software.
This Privacy Policy ("Policy") explains how we collect, receive, store, process, use, disclose, transfer, and protect information in connection with the POS App, our websites, mobile applications, cloud features, customer support, licensing systems, APIs, integrations, and related services (collectively, the "Services").
The POS App supports a Desktop (Offline) Edition where operational business information is primarily maintained within the Customer's own computing environment. Unless a Customer voluntarily enables cloud sync, synchronisation, or backup features, BillBasket does not routinely transmit or retain the Customer's operational business database on Company-managed infrastructure.
BillBasket does not build its business around the commercial exploitation of Customer Data. We do not sell, rent, license, or monetize Customer Business Data for advertising or unrelated commercial purposes.
By downloading, installing, accessing, registering for, purchasing, activating, subscribing to, or otherwise using the Services, you acknowledge that you have read, understood, and agreed to this Policy.
2. Our Privacy Principles
- Customer Ownership — Customer Business Data belongs exclusively to the Customer. We do not claim ownership of records created through the Services.
- Privacy by Design — Privacy is built into how we design, develop, and maintain the POS App, minimising unnecessary collection.
- Limited Data Collection — We collect only what is reasonably necessary to provide the Services, maintain licensing, deliver support, improve quality, comply with law, and protect security.
- Transparency — We aim to clearly explain what we collect, why, and how it is used.
- Security — We implement commercially reasonable administrative, technical, organisational, and physical safeguards.
- Customer Control — Where applicable, Customers manage backups, exports, sync preferences, and account settings.
3. Definitions
- "Services" — the POS App and all related software, websites, mobile applications, cloud features, APIs, portals, updates, licensing systems, support, and integrations offered by BillBasket.
- "Customer" — any individual, sole proprietor, partnership, company, organisation, institution, or other legal entity that accesses, installs, purchases, licenses, subscribes to, evaluates, or uses the Services.
- "Customer Data" — all information, records, databases, files, transactions, reports, invoices, inventory, accounting, financial, customer, supplier, product, or tax information created, uploaded, stored, processed, or generated by the Customer using the Services.
- "Personal Information" — information relating to an identified or identifiable natural person, such as name, email, mobile number, billing address, account credentials, tax identification (where applicable), payment-related information, and business contact details, interpreted in accordance with applicable law.
- "Desktop (Offline) Edition" — the version of the POS App designed to run on desktop or laptop computers where Customer Business Data is generally stored within the Customer's own environment.
- "Cloud Services" — any hosted, synchronised, or internet-enabled functionality that stores or processes information using infrastructure operated by BillBasket or its authorised providers.
4. Scope of This Policy
This Policy applies to all information collected or processed in connection with the Services, including the POS desktop software, mobile applications, cloud features, websites, customer portals, trial and demonstration versions, licensing systems, updates, support, remote assistance, backup features, APIs, promotional campaigns, and customer communications.
5. Eligibility
The Services are intended for businesses, professionals, organisations, and individuals legally capable of entering into binding agreements. By using the Services you represent that you have authority to do so, the information you provide is accurate, you will use the Services lawfully, and — where you provide information about another person or organisation — you are authorised to do so.
6. Information We Collect
6.1 Account Information
Full name, business name, business address, email, mobile number, country/state/city/postal code, GST or tax registration number (where applicable), business registration information (where applicable), and profile information you provide — for identification, licensing, account administration, taxation, communication, fraud prevention, and support.
6.2 Subscription and Licensing Information
Product licence key, licence type, subscription plan, product edition, activation status, installation/device identifier (where reasonably required), activation and expiry dates, software version, feature availability, and configuration — for licensing, subscription management, security, compliance, and fraud prevention.
6.3 Payment Information
Billing name, billing address, email, mobile number, invoice details, transaction reference, payment status, subscription history, and tax information. BillBasket does not intentionally collect or store complete card numbers, CVV, UPI PINs, banking passwords, or other sensitive payment-authentication credentials. Online payments are processed by authorised third-party providers under their own security standards.
6.4 Customer Support Information
Support requests, communications, screenshots, diagnostic files, error logs, crash reports, configuration information, software version, remote-session information, and files you voluntarily share for issue resolution — used solely to provide support and improve service quality.
6.5 Technical Information
Operating system, device type, application version, language, time zone, system configuration, licence status, performance diagnostics, error and crash reports, and connectivity status (where applicable).
7. Information Collected Automatically
To support functionality, security, diagnostics, and user experience, the Services may automatically collect software usage information, device information, performance metrics, diagnostic information, log files, authentication events, system errors, security events, update information, session information, and network connectivity information (where applicable) — used for operational, maintenance, security, licensing, analytics, and service-improvement purposes.
8. Customer Business Data
Customer Business Data is confidential and belongs exclusively to the Customer. It may include sales and purchase transactions, inventory and stock, barcode information, customer and supplier records, ledgers, cash book, expenses, profit & loss and financial statements, tax and GST information, invoices, quotations, purchase orders, business reports, accounting information, employee information you enter, product catalogues, and images or attachments you upload. We treat such information as confidential business information.
9. Desktop (Offline) Edition
The Desktop (Offline) Edition is designed so Customers maintain primary control over their operational business information. Unless stated otherwise, Customer Business Data generated through the Desktop Edition is intended to remain within the Customer's own environment (computer, local storage, network storage, or Customer-controlled backup media).
BillBasket does not routinely collect, upload, transmit, synchronise, monitor, analyse, copy, retain, or otherwise store Customer Business Data generated within the Desktop Edition on Company-managed servers.
Customers remain solely responsible for maintaining backups, securing their local systems, implementing access controls, and protecting their environment against unauthorised access, malware, hardware failure, and other risks.
10. Mobile Applications
Where the POS App is available on Android, iOS, or other platforms, it may request device permissions needed to provide selected features, such as Camera (barcode scanning), Storage/Files (import, export, backup), Notifications (billing alerts), Internet (sync, updates), Contacts (where you choose to import business contacts), Location (where required for verification), and Bluetooth/Nearby Devices (for supported hardware such as printers or scanners). We request only the permissions reasonably necessary; you may grant, deny, or revoke them in device settings.
11. Google Drive Backup
The POS App may let you create encrypted backups within your personal Google Drive account. Where used: backup files are stored within your own Google Account; BillBasket does not assume ownership of backup files; we do not routinely access, inspect, analyse, or commercially use backup contents; and permissions requested from Google are limited to enabling backup, synchronisation, restoration, and related functionality you authorise. You remain responsible for the security of your Google Account.
12. Cloud Services
Where you voluntarily subscribe to or enable Cloud Services, Customer Data may be securely processed or stored using infrastructure operated by BillBasket or trusted providers acting on our behalf. Customer Data processed through Cloud Services is used solely to provide the Services you request. We do not sell, rent, lease, license, trade, or commercially exploit Customer Business Data stored through Cloud Services.
13. Data Ownership
All rights, title, and interest in Customer Data remain vested exclusively in the Customer. We do not acquire ownership merely because data is processed through the Services, and nothing in this Policy, the Terms of Service, or any related agreement transfers ownership of Customer Data to BillBasket.
14. How We Use Information
We process information only as reasonably necessary to provide, maintain, secure, improve, and support the Services, including for: service delivery; account administration; software licensing and misuse prevention; customer support; software improvement; security; legal compliance; business communications (account, update, security, licensing, renewal, maintenance, and support notices); and research and development using aggregated, anonymised, or de-identified information.
15. Customer Communications
We may communicate via email, telephone, SMS, WhatsApp, push and in-app notifications, customer portal, and our website, regarding service updates, security alerts, licence and billing information, support, product improvements, feedback, and regulatory or legal notices. Where promotional communications are sent, you may opt out where that option is available and permitted by law.
16. Cookies and Similar Technologies
Our websites and web-based services may use cookies and similar technologies for authentication, preferences, session management, security, performance, analytics, language, and login persistence. You can configure your browser to refuse or remove cookies, though some features may be affected. See our separate Cookie Policy for details.
17. Analytics
We may use analytics tools to understand how the Services are used and to improve them, processing information such as software version, operating system, device type, performance, feature usage, error and crash reports, session duration, and diagnostics. We do not intentionally use analytics to collect Customer Business Data for advertising or commercial profiling.
18. Payment Services
Payments may be processed through authorised third-party payment service providers. We do not intentionally store complete payment card details, banking credentials, UPI PINs, or CVV numbers. Payment transactions remain subject to the privacy and security practices of the respective providers.
19. Third-Party Services
The Services may integrate with third-party products to deliver requested features, such as cloud infrastructure, Google Drive, payment gateways, email/SMS/OTP providers, notification services, authentication providers, support and remote-assistance tools, analytics, backup infrastructure, and security services. These process information under their own privacy policies and obligations.
20. Remote Support Services
Remote support sessions are initiated only on your request, with your knowledge and authorisation. During a session, our personnel may temporarily view information on your system solely to diagnose and resolve the reported issue. We do not routinely copy, retain, disclose, or commercially use information observed during remote support unless you authorise it or the law requires it.
21. Artificial Intelligence and Automated Features
Where the POS App includes AI, machine learning, automation, or recommendation features: outputs are intended to assist you and are not professional financial, accounting, legal, or tax advice; you remain responsible for reviewing and approving business decisions; and we do not use Customer Business Data to train publicly available AI models without your explicit consent.
22. Information Sharing and Disclosure
We do not sell, rent, lease, or commercially exploit Customer Data. We disclose information only: with your consent; to service providers who are permitted to access information only as necessary and are bound by confidentiality and security obligations; in corporate transactions (merger, acquisition, restructuring, or asset sale, subject to confidentiality protections); and where required by law (to comply with laws, court orders, or lawful governmental requests, to enforce rights, to investigate fraud or unlawful activity, or to protect the rights, safety, or security of BillBasket, its Customers, or the public).
23. Confidentiality and Personnel Access
Personnel are granted access only where reasonably necessary to provide Services, deliver support, maintain security, resolve issues, comply with law, or perform authorised administrative functions, and are subject to confidentiality obligations and internal access controls.
24. Data Security
We implement commercially reasonable safeguards designed to protect information against accidental loss and unauthorised access, misuse, disclosure, alteration, or destruction. These may include encryption in transit and at rest, authentication, password protection, role-based access controls, secure licensing, monitoring and logging, backups, infrastructure controls, secure development practices, vulnerability assessment, security updates, and multi-factor authentication (where available). No method of transmission or storage is completely secure.
25. Customer Responsibilities
Customers are responsible for maintaining the confidentiality of credentials, protecting passwords and authentication, maintaining antivirus and endpoint protection, updating operating systems and software, maintaining backups, restricting unauthorised device access, safeguarding local storage, and securely managing cloud access credentials.
26. Data Retention
We retain information only as long as reasonably necessary to provide the Services, administer accounts, comply with contractual and legal obligations, resolve disputes, enforce rights, and maintain security. Retention periods vary by the nature of the information, legal obligations, and Services used.
27. Account Termination and Data Deletion
You may discontinue using the Services at any time, subject to applicable obligations. On account closure or termination, account-related information may be retained for a reasonable period where necessary for legal, accounting, taxation, fraud-prevention, security, or dispute-resolution obligations. You remain responsible for exporting and maintaining backups before closure.
28. Security Incidents
Where we become aware of a confirmed incident affecting Customer Information under our control, we may, where appropriate and as required by law, investigate, contain and mitigate, notify affected Customers where legally required or appropriate, cooperate with authorities, and implement corrective measures. Certain jurisdictions impose specific incident-reporting timelines, including CERT-In directions in India.
29. International and Cross-Border Processing; Data Localisation
We primarily provide Services to customers in India. Where the POS App handles payment data, such data is handled consistent with applicable localisation requirements — including Reserve Bank of India directions on the storage of payment system data, and applicable Nepal Rastra Bank and Bangladesh Bank requirements for customers in those countries.
30. Your Privacy Rights
Subject to applicable law and the Services used, you may have rights to access, correct, or delete eligible Personal Information; to request restriction of, or object to, certain processing; to withdraw consent where processing relies on consent; to request a copy of certain Personal Information; and to lodge complaints with applicable regulators.
31. Children's Privacy
The Services are intended exclusively for commercial, professional, institutional, and business purposes. We do not knowingly provide the Services directly to individuals under the age of eighteen (18) or knowingly collect Personal Information directly from children.
32. Changes to This Privacy Policy
We may update this Policy to reflect changes in law, new products, improved practices, enhanced security, technological developments, or operational requirements. Updated versions become effective on publication on our official website, and the "Last Updated" date reflects the latest revision.
33. Governing Law and Jurisdiction
This Policy is governed by the laws of the Republic of India. Subject to applicable law, the competent courts located in Pune, Maharashtra, India shall have jurisdiction, without prejudice to mandatory rights or remedies available to Customers in their own jurisdiction, including Nepal and Bangladesh.
34. Jurisdiction-Specific Provisions
India. We process information consistent with the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000 and rules thereunder, and — for payment data — applicable Reserve Bank of India directions.
Nepal. We process information consistent with the Individual Privacy Act, 2018 (2075) and the Electronic Transactions Act, 2008 (2063), and, for payment-related data, applicable Nepal Rastra Bank directives.
Bangladesh. We process information consistent with the Information and Communication Technology Act, 2006, the Cyber Security Act, 2023, applicable Bangladesh Bank regulations, and any data protection legislation in force from time to time.
35. Contact Us
BillBasket Solutions LLP Registered Office: 101, Shree Apartment, Ubalenagar, Wagholi, Pune – 412207, Maharashtra, India
- Privacy & Data Protection: legal@billbasket.in
- General Support: support@billbasket.in
- Phone: +91 86006 00903