Digital Personal Data Protection Act, 2023 – Compliance Notice
InvoiceBhai Technologies Pvt Ltd · Effective date: 1 March 2026
1. Introduction
This notice is issued by InvoiceBhai Technologies Pvt Ltd (CIN: U62099UP2026PTC245290), having its registered office at 1 Shivaji Marg, Hewett Road, Lucknow - 226018, Uttar Pradesh, India ("Data Fiduciary"), in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and any rules notified thereunder.
The purpose of this notice is to provide you, as a Data Principal, with clear and accessible information about how we collect, process, and protect your digital personal data when you use the InvoiceBhai platform ("Service").
2. Identity of the Data Fiduciary
| Data Fiduciary | InvoiceBhai Technologies Pvt Ltd |
|---|---|
| CIN | U62099UP2026PTC245290 |
| Registered Address | 1 Shivaji Marg, Hewett Road, Lucknow - 226018, Uttar Pradesh, India |
| Contact Email | help@invoicebhai.com |
| Contact Phone | +91 63877 68346 |
| Grievance Officer | Husain Kazim |
3. Personal Data We Process
Under Section 2(t) of the DPDP Act, "personal data" means any data about an individual who is identifiable by or in relation to such data. The following categories of personal data are processed by us:
| Category | Examples |
|---|---|
| Identity Data | Name, PAN, GSTIN |
| Contact Data | Phone number, email address, business address |
| Financial Data | Bank account details, payment transaction records, invoice data |
| Transaction Data | Client names, GSTINs, descriptions of goods/services, HSN/SAC codes, amounts |
| Technical Data | Device type, IP address, usage patterns, log data |
4. Purpose of Processing (Section 4)
We process your personal data only for lawful purposes. The specific purposes are:
- Service Delivery: To generate GST-compliant invoices, manage your account, and provide customer support.
- Contractual Performance: To fulfil our obligations under the agreement (Terms of Service) between you and the Company.
- Legal Compliance: To comply with obligations under GST law, Income Tax Act, IT Act, and other applicable legislation.
- Fraud Prevention: To detect, prevent, and investigate fraud, unauthorised access, and misuse of the Service.
- Communication: To send you transactional notifications, service updates, and respond to your queries.
- Product Improvement: To analyse usage patterns (in anonymised/aggregated form) to improve the Service.
5. Basis of Processing
5.1 Consent (Section 6)
We obtain your free, specific, informed, unconditional, and unambiguous consent before processing your personal data. Consent is obtained through a clear affirmative action at the time of registration or first use of the Service.
You may withdraw your consent at any time by contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal.
5.2 Deemed Consent (Section 7)
In certain situations, your consent may be deemed, including:
- Where processing is necessary for performance of a contract to which you are a party (i.e., the Terms of Service).
- Where processing is necessary for compliance with any law or court order.
- Where processing is necessary to respond to a medical emergency involving a threat to life.
- Where processing is in the interest of sovereignty, integrity, or security of India.
6. Rights of Data Principals
As a Data Principal, the DPDP Act grants you the following rights:
| Right | Description | How to Exercise |
|---|---|---|
| Right to Access (Sec. 11) | Obtain a summary of personal data processed and processing activities | Email help@invoicebhai.com or call +91 63877 68346 |
| Right to Correction (Sec. 12) | Request correction of inaccurate or misleading data | Email help@invoicebhai.com or call +91 63877 68346 |
| Right to Erasure (Sec. 12) | Request deletion of data no longer needed for its purpose | Email help@invoicebhai.com or call +91 63877 68346 |
| Right to Grievance Redressal (Sec. 13) | Have grievances addressed within prescribed timelines | See Grievance Redressal Policy |
| Right to Nominate (Sec. 14) | Nominate a person to exercise rights in case of death/incapacity | Email help@invoicebhai.com or call +91 63877 68346 |
We will respond to all rights requests within 30 days of receipt, or within such timeframe as may be prescribed by the DPDP Rules.
7. Duties of Data Principals (Section 15)
The DPDP Act also places certain duties on Data Principals, including:
- Complying with all applicable laws while exercising your rights.
- Not filing false or frivolous complaints with the Data Protection Board.
- Providing authentic and verifiable information when exercising your rights.
- Not impersonating another person while providing personal data.
8. Data Retention and Erasure
We retain your personal data only for as long as it is necessary to fulfil the purpose for which it was collected. Upon your request for erasure, or upon the data no longer being required for its purpose, we will erase your personal data unless retention is required by law (e.g., GST record retention requirements of 6 years).
9. Data Security (Section 8)
We implement reasonable security safeguards to protect personal data from unauthorised access, use, modification, disclosure, or destruction. These include encryption, access controls, regular security audits, and employee training.
Breach Notification: In the event of a personal data breach, we will notify the Data Protection Board of India and you, the affected Data Principal, in the manner and within the timeframe prescribed by the DPDP Act and rules made thereunder.
10. Cross-Border Transfer (Section 16)
Your personal data is primarily processed and stored in India. Any transfer of personal data outside India will only be to countries or territories that have been notified as permissible by the Central Government. We do not transfer data to restricted territories.
11. Data Processing by Data Processors
We may engage third-party Data Processors (e.g., cloud hosting providers, payment gateways) to process personal data on our behalf. All Data Processors are contractually bound to process data only as instructed by us and to implement appropriate security measures.
12. Processing of Children's Data (Section 9)
The Service is not intended for use by individuals under the age of 18 years. We do not knowingly process personal data of children. If we become aware of such processing, we will delete the data and any consent obtained will be treated as void. We do not engage in tracking, behavioural monitoring, or targeted advertising directed at children.
13. Significant Data Fiduciary
If the Company is notified as a Significant Data Fiduciary by the Central Government under Section 10 of the DPDP Act, we will comply with additional obligations including appointing a Data Protection Officer based in India, conducting periodic Data Protection Impact Assessments, and undertaking independent audits.
14. Complaints and Redressal
If you have any grievances regarding the processing of your personal data, you may contact our Grievance Officer, Husain Kazim, at help@invoicebhai.com or call +91 63877 68346. If your grievance is not resolved satisfactorily, you may file a complaint with the Data Protection Board of India (once constituted) in accordance with Section 13 of the DPDP Act.
15. Updates to This Notice
This notice may be updated from time to time to reflect changes in the DPDP Act, rules, or our data processing practices. Material changes will be communicated to you at least 15 days before they take effect.
16. Contact Us
InvoiceBhai Technologies Pvt Ltd
Registered Address: 1 Shivaji Marg, Hewett Road, Lucknow - 226018, Uttar Pradesh, India
Email: help@invoicebhai.com
Phone: +91 63877 68346
Website: www.invoicebhai.com
Grievance Officer: Husain Kazim