Privacy Policy

We collect the following categories of information:

• Account & identity: name, mobile, email, business name, GSTIN, PAN, MSME/Udyam number, contact person, registered address.
• KYC data: Aadhaar (verified via OTP — full number is not stored, only the last-4 digits and verification timestamp), PAN, GST certificate, signature with stamp, company logo. Verification is performed via licensed third parties (UIDAI, NSDL, GSTN, Cashfree).
• Business operations: LRs, bilties, party records, supplier records, invoices, payments, and any documents you upload.
• Device & usage: IP address, browser type, device identifiers, log timestamps, pages visited.
• Communications: messages you send to support, OTP delivery logs, in-app notification interactions.

We use your information to:

• Operate the Service — create your account, verify KYC, generate LRs & invoices, run reports.
• Send transactional messages — OTPs, account notifications, payment receipts.
• Comply with legal obligations under Indian transport, KYC, GST, and consumer-protection law.
• Improve the platform — diagnose bugs, measure performance, develop new features. Analytics is performed on aggregated data wherever possible.
• Prevent fraud, abuse, and unauthorised access.

We do not sell your data to advertisers or use it for third-party ad targeting.

We only share your information with:

• Verification providers (Cashfree, UIDAI, NSDL, GSTN) — strictly to complete KYC checks you initiated.
• Infrastructure providers (hosting, email/SMS delivery, cloud storage) — under written data-processing agreements that prohibit secondary use.
• Law-enforcement & regulators — only when legally compelled by a valid order from an Indian authority.
• Successor entities — in the event of a merger, acquisition, or sale of assets, we'll notify you and require continued protection.

All BilToz data is hosted on Indian-region servers. Backups are encrypted at rest and in transit (TLS 1.2+). We retain operational data for the life of your account; after closure, identifiable data is anonymised within 90 days, except where law requires longer retention (e.g. GST/income-tax records must be retained for 6+ years per the GST Act).

You have the right to:

• Access — request a copy of all data we hold about you.
• Correct — update inaccurate profile or business information at any time from your account settings.
• Delete — close your account; we'll honour deletion within 90 days subject to legal-retention rules.
• Object — opt out of non-essential communications.
• Portability — request a machine-readable export of your business data (LRs, invoices, etc.).

To exercise any of these rights, email privacy@biltoz.com from your registered address. We respond within 30 days.

We use industry-standard safeguards: TLS encryption in transit, AES-256 encryption at rest for sensitive fields, role-based access control, audit logs on every administrative write, and 24×7 monitoring. No system is 100% secure — please use a strong password and never share OTPs.

We use essential cookies to keep you signed in and to remember your preferences. We do not use third-party advertising cookies. You can clear cookies in your browser settings at any time, but this will sign you out.

BilToz is not intended for users under 18. We do not knowingly collect information from minors. If you believe a minor has registered, contact us and we will remove their account.

We may update this Policy from time to time. Material changes will be communicated via in-app notification or email at least 14 days before they take effect.

Per the Information Technology (Reasonable Security Practices and Procedures) Rules, 2011, our grievance officer can be reached at:

Privacy & Grievance Officer
BilToz Technologies Pvt Ltd
Vadodara, Gujarat, India
Email: privacy@biltoz.com
Phone: +91 7600 667 785