Ease My Bill · Legal

Privacy Policy

Last updated: July 10, 2026

This Privacy Policy explains how Ease My Bill ("we", "us") collects, uses, and safeguards your personal and business information when you use easemybill.com and our web application ("Service"). We follow the principles of the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable Indian laws.

1. Information we collect

You provide directly

  • Account: name, email, password (stored hashed), business name, PAN, GSTIN.
  • Payment: card / UPI details are collected directly by Razorpay — we only receive transaction IDs and status.
  • Uploads: bills, invoices, ledgers, receipts, and any notes you enter.
  • Communication: emails or messages you send us at support@easemybill.com.

Collected automatically

  • Log data (IP, browser, device, pages visited, timestamps) for security and analytics.
  • Cookies and local storage for session management and preferences.

2. Why we use it

  • Provide the core Service: OCR, alerts, exports, WhatsApp ingestion.
  • Bill you correctly and manage your subscription.
  • Protect against fraud, abuse, and unauthorized access (rate limits, account lockout, audit log).
  • Communicate service updates, security notices, and (with consent) product news.
  • Improve Ease My Bill through aggregated, de-identified analytics.

3. Third parties we share limited data with

  • Google Gemini (Google LLC) — bill images/PDFs are sent for OCR processing. Google does not train on your data under our API terms.
  • Razorpay — payment processing.
  • MongoDB Atlas — encrypted database hosting (India region where available).
  • Twilio / Meta WhatsApp Business API — only if you use WhatsApp ingestion.
  • Sentry — error monitoring (may include IP address; excludes bill content).

We do not sell your data. We do not share it with advertisers.

4. Data retention

  • Bills and account data are retained for as long as your account is active.
  • Cancelled accounts: data is retained for 90 days to allow reactivation, then permanently deleted.
  • Backups are rotated on a 30-day cycle.
  • You can request immediate deletion any time (see Section 7).

5. Security

  • Passwords are hashed with bcrypt; we cannot see your password.
  • All data in transit is encrypted with TLS 1.2+.
  • Data at rest is encrypted (AES-256).
  • Rate limiting, account lockout after 10 failed login attempts, and an immutable audit log protect against abuse.
  • Optional 2FA (TOTP) is available in Settings for extra protection.

6. Your rights

Under Indian data-protection law you may:

  • Access the personal data we hold about you.
  • Correct inaccurate information.
  • Request deletion (subject to legal/tax retention obligations).
  • Request a portable export of your data.
  • Withdraw consent for optional processing (e.g. marketing emails).

7. How to reach us

For any privacy request or grievance, email support@easemybill.com. We aim to respond within 7 business days.

8. Children

The Service is not directed at children under 18. We do not knowingly collect data from minors.

9. International transfers

Some sub-processors (e.g. Google Gemini, Sentry) may process data outside India. We ensure they meet equivalent security standards and comply with applicable cross-border transfer rules.

10. Changes

We may update this Policy. Material changes will be notified 14 days in advance by email or in-app banner. The "Last updated" date above always reflects the latest revision.

Made with Emergent