Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account information: Business name, owner name, email address, and phone number collected during registration.
• Business data: Menu items, categories, pricing, tax configurations, and table layouts you create within the App.
• Transaction data: Orders, bills, payment records, and customer information entered while using the POS.
• Inventory data: Stock items, quantities, purchase orders, and supplier details.
• Staff records: Staff names, roles, PINs (stored as hashed values), and shift information.
• Customer records: Customer names, phone numbers, and loyalty/purchase history you optionally record.

1.2 Information Collected Automatically

• Device information: Device model, operating system version, and a unique device identifier used for license binding and multi-device sync.
• App usage data: Crash reports and error logs to help us diagnose and fix bugs. No personal business data is included in crash logs.
• Sync metadata: Timestamps and record identifiers used to synchronise data between your authorised devices.

1.3 Biometric Data

BillMithra offers an optional fingerprint / face-ID login feature. Biometric authentication is handled entirely by your device's operating system (Android BiometricPrompt API). We never receive, store, or transmit your biometric data. The App only receives a boolean pass/fail result from the OS.

2. App Permissions

The App requests the following Android permissions:

3. How We Use Your Information

• Provide, operate, and maintain the App and its features.
• Synchronise your business data across your authorised devices.
• Manage your subscription and process payments.
• Send essential service communications such as subscription expiry notices and security alerts.
• Diagnose technical issues and improve the App.
• Comply with applicable legal obligations.

We do not use your business or customer data for advertising, analytics profiling, or any purpose beyond operating the service you subscribed to.

4. Data Storage and Retention

4.1 Local Storage

All transactional data (orders, inventory, menu, customers) is stored in an SQLite database on your device. This data persists until you uninstall the App or manually clear app data. It is not accessible to other apps on your device.

4.2 Cloud Sync

When cloud sync is enabled, a changelog of your business data is stored in our Supabase-hosted database (hosted on AWS ap-south-1 / Mumbai, India). Data is transmitted over TLS 1.2+. Only devices linked to your account can access your sync data.

4.3 Retention

Cloud sync data is retained for the lifetime of your active subscription plus 90 days after cancellation, giving you time to export your records. After that period, cloud data is permanently deleted. Local device data is unaffected by account cancellation.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

• Service providers: Supabase (database hosting) and payment processors for subscription billing. These providers are contractually bound to use your data only to perform services on our behalf.
• Legal requirements: If required by law, court order, or governmental authority.
• Business transfer: In the event of a merger or acquisition, user data may be transferred. We will notify you before your information becomes subject to a different privacy policy.

6. Data Security

• All network communication uses TLS encryption.
• API endpoints are protected by JWT authentication with short-lived tokens.
• Devices are individually authorised; a token from one device cannot be used on another.
• Staff PINs are stored as bcrypt hashes — never in plaintext.
• Cloud database rows are protected by row-level security; only your account can read its own data.

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

7. Children's Privacy

BillMithra is a business tool intended for use by adults operating food and beverage establishments. We do not knowingly collect personal information from anyone under the age of 18. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.

8. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Ask us to correct inaccurate data.
• Deletion: Request that we delete your account and associated cloud data. Local device data must be cleared manually via Android > Settings > Apps > BillMithra > Clear Data.
• Data portability: Export your orders and reports as PDF/CSV from within the App.
• Withdraw consent: You can disable cloud sync at any time from the App's Settings screen. The App continues to work fully offline.

To exercise any of these rights, email us at support@billmithra.in with the subject line Privacy Request. We will respond within 30 days.

9. Third-Party Links

The App may integrate with third-party services such as WhatsApp for sending purchase orders. We are not responsible for the privacy practices of third-party apps or services. We encourage you to review their privacy policies before sharing any information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date above and, where appropriate, by sending a notification within the App. Your continued use of the App after changes become effective constitutes your acceptance of the revised policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact: