Privacy Policy

1. Introduction

Welcome to MyHisab ("we," "our," or "us"). MyHisab is a business management application designed to help small and medium businesses manage their finances, inventory, customer relationships, and generate invoices. We are committed to protecting your privacy and ensuring the security of your personal and business information.

This Privacy Policy explains how we collect, use, store, disclose, and safeguard your information when you use our mobile application ("App") and related services. Please read this Privacy Policy carefully. By using MyHisab, you agree to the collection and use of information in accordance with this policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use the App. We reserve the right to make changes to this Privacy Policy at any time. We will notify you of any changes by updating the "Last Updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

2. Information We Collect

2.1. Account and Registration Information

When you register and create an account, we collect:

• Email Address (required) - Used for account authentication and communication
• Business Name - Your business or personal name
• Phone Number - Including country code
• Password - Securely hashed and stored (we cannot see your actual password)
• Authentication Method - Whether you registered via email, Google Sign-In, Facebook, or Apple

2.2. Business Profile Information

To provide business management services, we may collect:

• Business Details: Business type, business category, business description
• Address Information: Business address, pincode, state
• Tax Information: GST number (GSTIN)
• Banking Information: Bank name, account number, IFSC code (optional, for invoice generation)
• Profile Image: Business logo or profile picture
• Digital Signature: Your signature for invoice generation
• Terms and Conditions: Custom terms you set for invoices

2.3. Client and Party Information

When you add clients or parties to your account, we collect:

• Client/Party name, email address (required), phone number
• Client address, GST number, PAN number (optional)
• Company name, party type, notes about the client

2.4. Inventory and Item Information

For inventory management, we collect:

• Item name, item code, HSN/SAC code
• Buy price, sell price, quantity, minimum quantity
• Item images, location, tax information
• Stock levels and inventory tracking data

2.5. Invoice and Transaction Data

When you create invoices and transactions, we collect:

• Invoice numbers, invoice dates
• Invoice content (items, quantities, prices, discounts, taxes)
• Generated invoice HTML and JSON data
• Transaction amounts, transaction types (buy/sell), payment status
• Sales records linking products, clients, and invoices

2.6. Expense and Income Data

For financial tracking, we collect:

• Expense/Income name, amount, date
• Expense type (Expense or Income)
• Related item data (if applicable)

2.7. Device and Technical Information

To provide app functionality, we may temporarily process:

• Basic device information (device type, operating system version) for compatibility and security purposes
• Network connection information (connection type) via React Native NetInfo to ensure connectivity - this information is processed temporarily and not stored permanently
• App usage data necessary for core app functionality
• Authentication tokens stored locally on your device for session management

Note: We do not permanently store IP addresses or detailed device identifiers. Network information is used only for connectivity checks and is not retained.

2.8. Local Storage Data

The App stores the following data locally on your device using secure storage:

• Authentication token (JWT) for session management
• User email address
• Cached user data for offline functionality
• Generated PDF invoices in your device's Documents folder

3. How We Use Your Information

We use the collected information for the following purposes:

3.1. Service Provision

• Create and manage your user account
• Provide business management features (inventory, invoicing, client management)
• Generate invoices, reports, and financial statements
• Process and track transactions, sales, and expenses
• Manage inventory and stock levels
• Send in-app notifications about your business activities

3.2. Authentication and Security

• Authenticate your identity when you log in
• Verify your account via OTP (One-Time Password) sent to your email
• Enable Google Sign-In authentication (if you choose this option)
• Protect against unauthorized access and fraud
• Maintain session security

3.3. Communication

• Send OTP verification emails during registration
• Send in-app notifications about invoice creation, updates, and deletions
• Respond to your support requests and inquiries
• Send important service-related communications

3.4. File Operations

• Generate PDF invoices and save them to your device
• Enable you to view, share, and export invoices
• Allow document picker functionality for importing files (if you choose to use this feature)

3.5. Real-Time Features

• Provide real-time updates using Socket.io for synchronized data across devices
• Enable live notifications and data synchronization

4. Data Storage and Location

4.1. Server Storage

All your business data, including account information, clients, items, invoices, transactions, and expenses, is stored securely on our servers using MongoDB database. This data is stored in a secure cloud environment and is accessible only through authenticated API requests.

4.2. Local Device Storage

The following data is stored locally on your device:

• Authentication Token: Stored using React Native AsyncStorage for session management
• User Email: Cached locally for quick access
• User Data Cache: Temporarily cached for offline functionality
• PDF Files: Generated invoices are saved to your device's Documents folder

Important: If you uninstall the App, locally stored data (except PDF files you've saved) will be deleted. Your server-stored data will remain unless you request account deletion.

5. Data Security

We implement appropriate technical and organizational security measures to protect your information:

• Password Security: Passwords are securely hashed before being stored. We do not store your actual password in readable form.
• Authentication: We use JWT (JSON Web Tokens) for secure authentication
• HTTPS: All data transmission between the App and our servers uses encrypted HTTPS connections
• Database Security: Our MongoDB database is secured with access controls and connection pooling
• Local Storage Security: Authentication tokens are stored securely using React Native's secure storage mechanisms
• File Permissions: The App requests storage permissions only when necessary (for PDF generation) and uses scoped storage on modern Android versions

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to improve our security measures.

6. Third-Party Services

We use the following third-party services to provide app functionality:

6.1. Google Sign-In

If you choose to sign in with Google, we use Google Sign-In SDK (@react-native-google-signin/google-signin) to authenticate your identity. Google may collect certain information as described in their Privacy Policy. We only receive your basic profile information (name, email) necessary for account creation.

Google Privacy Policy: https://policies.google.com/privacy

6.2. Email Service (Nodemailer)

We use Nodemailer to send OTP verification emails and notifications. Email service providers may process email metadata (sender, recipient, timestamp) as part of email delivery.

6.3. Real-Time Communication (Socket.io)

We use Socket.io for real-time data synchronization and notifications. Socket.io establishes a WebSocket connection between your device and our servers to provide live updates.

6.4. Firebase

Firebase is used in our App only for authentication-related purposes (Google Sign-In). We do not use Firebase Analytics, Firebase Crashlytics, or any advertising-related Firebase services.

Important: We do not use any analytics, tracking, or advertising services. We do not collect analytics data, crash reports, or user behavior tracking data through third-party services.

7. Permissions Requested

The App requests the following permissions:

7.1. Internet Permission (Required)

Required to connect to our servers for data synchronization and API calls.

7.2. Storage Permissions (Android Only - Conditional)

Storage permissions are requested only when you generate or export PDF invoices. The specific permissions requested may vary based on your Android version, as the App uses the minimum permissions required for each Android version.

Purpose: These permissions are used solely to save the PDF invoices you create to your device's Documents folder. We do not access, read, or modify any other files on your device, including your personal files, photos, or documents.

7.3. Document Picker (Optional)

If you choose to use document picker features, the App may access files you explicitly select. This is an opt-in feature, and we do not automatically access your files.

8. Data Sharing and Disclosure

8.1. We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or business data to third parties for marketing or advertising purposes.

8.2. Limited Sharing

We may share your information only in the following circumstances:

• Service Providers: With trusted service providers who assist us in operating the App (e.g., cloud hosting, email delivery). These providers are contractually obligated to protect your data.
• Legal Requirements: When required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to users.
• With Your Consent: When you explicitly authorize us to share your information.

8.3. Data Access

Your data is accessible only to you through authenticated API requests. Our administrative staff may access your data only for technical support purposes with your explicit permission or as necessary to maintain service functionality.

9. Data Retention

We retain your information for as long as necessary to provide our services:

• Active Accounts: Data is retained while your account is active and for a reasonable period after account closure to comply with legal obligations.
• Deleted Accounts: When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, tax, or regulatory purposes.
• Local Data: Data stored locally on your device (tokens, cache) is deleted when you uninstall the App. PDF files you've saved remain on your device until you delete them.
• OTP Data: OTP codes and expiration times are stored temporarily and automatically deleted after expiration.

10. Your Rights and Choices

You have the following rights regarding your personal information:

10.1. Access and Portability

• Access your personal data through the App
• Export your business data (invoices, reports) as PDF files
• Request a copy of your data in a machine-readable format

10.2. Correction and Update

• Update your account information, business profile, and settings at any time through the App
• Edit or delete clients, items, invoices, and transactions
• Modify your business details, banking information, and preferences

10.3. Deletion

• Delete individual records (clients, items, invoices) through the App
• Request complete account deletion by contacting us at myhisab.app@gmail.com
• Delete locally stored data by uninstalling the App

10.4. Opt-Out

• You can stop receiving email notifications by adjusting your account settings (note: critical service emails may still be sent)
• You can disable in-app notifications through your device settings

10.5. GDPR and CCPA Rights

If you are located in the European Economic Area (EEA) or California, you have additional rights:

• Right to Access: Request access to your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing of your data
• Right to Withdraw Consent: Withdraw consent for data processing where applicable

To exercise these rights, please contact us at myhisab.app@gmail.com. We will respond to your request within 30 days.

11. Children's Privacy (COPPA Compliance)

MyHisab is a business management application intended for use by business owners and professionals. We do not knowingly collect personal information from children under the age of 13 (or the applicable age of consent in your jurisdiction).

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at myhisab.app@gmail.com. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using MyHisab, you consent to the transfer of your information to these countries.

We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy, regardless of where it is processed or stored. Where required by law, we use industry standard data protection agreements (such as Standard Contractual Clauses) to safeguard your information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Updating the "Last Updated" date at the top of this Privacy Policy
• Posting a notice in the App
• Sending an email to the address associated with your account (for significant changes)

Your continued use of the App after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will make every effort to respond to your inquiry within 30 days.

15. Consent

By using MyHisab, you consent to the collection, use, storage, and disclosure of your information as described in this Privacy Policy. If you do not agree with any part of this Privacy Policy, please do not use the App.