Legal

Privacy Policy

Effective Date: June 1, 2025

OwnStore ("we", "our", or "us") operates the website at https://ownstore.app and the OwnStore Android application (together, the "Service"). This Privacy Policy explains what information we collect, how we use it, with whom we share it, and what rights you have regarding your data.

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.


1. Information We Collect

a. Information you provide directly

  • Account information — name, email address, mobile number, and password when you register.
  • Business profile — company name, business type, GSTIN, PAN, state, and address that you enter during onboarding.
  • Business data — invoices, products, customers, vendors, inventory records, payments, expenses, and other records you create inside the app.
  • Payment information — when you subscribe to a paid plan, payment is processed by Razorpay. We do not store your card number or UPI credentials on our servers.
  • Customer and vendor data — names, phone numbers, email addresses, and GSTIN/PAN of your customers and vendors that you enter for billing purposes.

b. Information collected automatically

  • Usage data — pages visited, features used, actions taken, timestamps, and session duration.
  • Device information — device model, operating system version, app version, and unique device identifiers.
  • Log data — IP address, browser type, referring URL, and error logs.
  • Cookies and local storage — session tokens and preferences stored locally to keep you logged in and remember your settings.

c. Camera and hardware permissions (Android)

  • Camera — used only for barcode scanning and the item-counting feature. Camera feed is processed on-device and is never uploaded to our servers.
  • Biometric / fingerprint — used only for local app-lock authentication. Biometric data never leaves your device.

2. How We Use Your Information

  • Provide, operate, and improve the Service.
  • Process transactions and send billing-related notifications (SMS, email).
  • Generate GST reports and financial summaries from your business data.
  • Send account verification emails and important service announcements.
  • Diagnose technical problems and fix errors using anonymised logs.
  • Enforce our Terms of Service and prevent fraud or abuse.
  • Comply with applicable laws, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDP Act).

We do not use your business data for advertising, profiling, or sale to third parties.


3. Sharing of Information

We share your information only in the following limited circumstances:

  • Payment processor — Razorpay receives payment details when you subscribe. Their privacy policy governs data they collect: razorpay.com/privacy.
  • SMS provider — YourBulkSMS receives mobile numbers and message content when you send transactional or promotional SMS from the app.
  • Email provider — transactional emails (invoice delivery, verification) may be relayed through third-party email services.
  • Cloud infrastructure — data is stored on servers hosted at Hetzner (Germany). Hetzner is GDPR-compliant and does not access your data.
  • Law enforcement — we may disclose information if required by a court order or applicable Indian law.

We do not sell, rent, or trade your personal information to any third party.


4. Data Retention

We retain your account and business data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory compliance (e.g., GST records).

Anonymised, aggregated analytics data may be retained indefinitely as it cannot be linked back to you.


5. Data Security

  • All data is transmitted over HTTPS/TLS encryption.
  • Passwords are stored as salted hashes and are never stored in plain text.
  • JWT tokens are used for authentication with short expiry times.
  • Access to production databases is restricted to authorised personnel only.

While we implement industry-standard security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.


6. Your Rights

Under applicable Indian law (including the DPDP Act) and general data protection principles, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — update or correct inaccurate personal information from your account settings.
  • Deletion — request deletion of your account and personal data by emailing support@ownstore.app.
  • Data export — export your business data (invoices, products, customers) from the app settings at any time.
  • Withdraw consent — you may revoke camera or biometric permissions through your device settings at any time.

To exercise any of these rights, contact us at support@ownstore.app. We will respond within 30 days.


7. Cookies

The web application uses essential cookies to maintain your login session. We do not use third-party advertising cookies. We use Microsoft Clarity (a session analytics tool) to understand how users interact with our web app — this may set analytics cookies. You can disable cookies in your browser settings, but some features may not work correctly.


8. Children's Privacy

The Service is intended for use by business owners and is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with their information, contact us immediately at support@ownstore.app.


9. Third-Party Links

The Service may contain links to third-party websites (e.g., your customers' external sites, payment gateways). We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.


10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice in the app at least 7 days before the change takes effect. The "Effective Date" at the top will be updated accordingly. Continued use of the Service after the effective date constitutes acceptance of the updated policy.


11. Governing Law

This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023. Any disputes shall be subject to the exclusive jurisdiction of the courts in Pune, Maharashtra, India.


12. Contact Us

If you have any questions or concerns about this Privacy Policy or your data, please contact us: