← Back to home

Privacy Policy

Effective Date: March 2, 2026
Last Updated: March 2, 2026

Invoism is provided by Jacob Indian Technologies Private Limited ("we," "us," or "our"), an Indian company based in Thiruvananthapuram, Keralam. We operate the website and services available at https://invoism.com (the "Service")—a GST invoicing and compliance platform designed for Indian businesses, MSMEs, startups, and freelancers. This Privacy Policy explains how we collect, use, disclose, and protect your personal data in accordance with Indian law, including the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000, and applicable regulations.

1. Scope

This Privacy Policy applies to personal data we process when you:

  • Visit our website
  • Create or use an Invoism account
  • Use GST invoicing, customer management, products, payments, bank accounts, and related features
  • Contact support or interact with us

2. Personal Data We Collect

We may collect:

  • Account and profile data: name, email, password hash, business name, billing address, tax details (GSTIN, PAN), and account preferences
  • Customer and business data you upload: customer names, emails, addresses, invoice details, payment records, and GST-related information
  • Financial and transaction data: invoice amounts, payment status, bank account details (for display on invoices), and subscription/billing events
  • Payment data: payment method metadata from payment processors when you subscribe (we do not store full card numbers)
  • Usage and device data: IP address, browser/device info, pages viewed, actions taken, session/cookie identifiers, and logs
  • Communications: support messages, feedback, and survey responses

3. How We Use Personal Data

We use personal data to:

  • Provide and maintain the Service
  • Authenticate users and secure accounts (email/password, magic link, Google, Microsoft)
  • Generate GST-compliant invoices, reports, and exports
  • Process subscriptions and payments
  • Send transactional notices, reminders, and product communications
  • Provide customer support
  • Improve performance, reliability, and product features
  • Detect, prevent, and investigate fraud, abuse, or security incidents
  • Comply with legal obligations and enforce our Terms

We do not sell personal data.

4. Legal Basis for Processing (India)

Under the Digital Personal Data Protection Act, 2023 (DPDPA), we process personal data only for specified purposes and on lawful grounds, including:

  • Consent: when you voluntarily provide data for a specific purpose (e.g., creating an account, subscribing)
  • Legitimate use: to provide the Service you request, comply with legal obligations (GST, Income Tax, IT Act), and for security and fraud prevention
  • Legal obligation: tax, accounting, GST compliance, and lawful requests from Indian authorities

We follow the principles of purpose limitation, data minimisation, and storage limitation as required under Indian law.

5. Cookies and Similar Technologies

We use cookies and similar technologies for:

  • Essential functions (login/session/security)
  • Preferences
  • Analytics and performance
  • Communications and marketing (where permitted)

You can manage cookies in your browser settings and, where applicable, through our cookie banner/preferences tool.

6. How We Share Data

We may share personal data with:

  • Service providers and processors (hosting, analytics, customer support, email, infrastructure)
  • Payment providers (for example, Razorpay, Stripe, or similar providers you connect for subscriptions)
  • Professional advisors (legal, accounting, audit)
  • Authorities/law enforcement when legally required
  • Successor entities in merger, acquisition, or asset sale scenarios

We require processors to handle personal data under contractual safeguards and only for authorized purposes.

7. Data Storage and Transfers

We primarily store and process your data in India. Where we use service providers or infrastructure outside India (for example, cloud hosting), we ensure appropriate safeguards are in place as required under the DPDPA and applicable law. We do not transfer personal data outside India except where necessary for the Service and with adequate protections.

8. Data Retention

We retain personal data only for as long as necessary to provide the Service and to comply with Indian laws, including the Income Tax Act, GST regulations, and the Information Technology Act. Retention periods include:

  • Invoices, payments, audit logs: 7 years (Income Tax Act and GST record-keeping requirements)
  • Customers, vendors, bank accounts: Active + 3 years after last activity
  • User accounts: Account lifetime + 3 years after deletion
  • Magic links: 24 hours after use or expiry
  • Password reset tokens: 1 hour

After the retention period ends, we delete or anonymize data so it no longer identifies you.

9. Security and Data Breaches

We apply technical and organizational safeguards designed to protect personal data, including encryption in transit (TLS), access controls, monitoring, and secure development practices. In the event of a data breach that is likely to cause harm to you, we will notify the Data Protection Board of India and affected users as required under the DPDPA. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Your Rights Under Indian Law

Under the Digital Personal Data Protection Act, 2023 (DPDPA), you have the right to:

  • Access: Obtain a summary of your personal data and how we process it
  • Correction and completion: Correct or complete inaccurate or incomplete data
  • Erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Grievance redressal: Raise complaints with us; we will respond in accordance with the DPDPA
  • Nomination: Nominate another person to exercise these rights in the event of your death or incapacity

To exercise any of these rights, contact us at privacy@invoism.com. We will verify your identity before fulfilling requests and respond within the timeframes prescribed under applicable law. You may also approach the Data Protection Board of India if you are not satisfied with our response.

11. Grievance Officer

In compliance with the Information Technology Act, 2000 and the DPDPA, we have designated a Grievance Officer to address your concerns regarding personal data. You may contact our Grievance Officer at privacy@invoism.com. We aim to resolve grievances within 30 days.

12. Children's Privacy

The Service is intended for Indian businesses and professionals. We do not knowingly collect personal data from individuals below 18 years of age. If you believe we have inadvertently collected such data, please contact us at privacy@invoism.com and we will take steps to delete it.

13. Third-Party Services

The Service may link to or integrate with third-party services (for example, Google and Microsoft for sign-in, Razorpay or similar payment gateways for subscriptions). These providers may process data in accordance with their own privacy policies. We encourage you to review their policies when you use such features.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with a revised "Last Updated" date. Material changes will be communicated as required by law.

15. Contact Us

Invoism is provided by Jacob Indian Technologies Private Limited, an Indian company serving Indian businesses. For any privacy-related queries, rights requests, or grievances:

Data Fiduciary: Jacob Indian Technologies Private Limited
Email: privacy@invoism.com
Address: Thiruvananthapuram, Keralam, India

← Back to home