BizFlowaBizFlowa Back to Login

Privacy Policy

Effective Date: May 1, 2026

Last Updated: May 14, 2026

BizFlowa ("we," "our," or "us") is a product of Bizflowa Private Limited. We are committed to protecting your privacy and ensuring the security of your personal and business data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the BizFlowa platform.

1. Data Architecture & Separation Principle

BizFlowa operates on a strict data-minimization model that splits data processing into two distinct technical pathways:

1.1 Centralized Transactional Metadata (Stored on Our Databases)

To populate your real-time web dashboards, compute financial reports (P&L, GSTR-1 summaries), and process AI queries, we collect and retain structured numerical data, line-item values, tax percentages, HSN/SAC codes, and business registration details (GSTIN, company names) inside our secure, encrypted MongoDB databases.

1.2 Decentralized Document Storage (Stored on Your Google Drive)

All raw binary file artifacts, including uploaded receipt images, supplier PDF invoices, and purchase vouchers, are processed transiently to extract data values. Once successfully parsed, these files are routed directly to your connected private Google Drive vault. The Company does not permanently store, mirror, or back up your physical document files on its core servers.

2. How We Use Your Information

We use your data exclusively to:

  • Provide GST-compliant invoicing and accounting services
  • Generate tax reports (GSTR-1, HSN Summary, P&L, etc.)
  • Power the AI Command Center for natural-language queries
  • Scan and extract data from uploaded receipts
  • Sync documents to your Google Drive vault
  • Improve platform performance and user experience

We never sell, rent, or trade your personal or business data to third parties.

3. Data Storage & Security

3.1 Infrastructure

  • All data is stored in encrypted MongoDB databases
  • Application servers run in secure cloud environments
  • All connections use TLS/SSL encryption

3.2 Access Controls

  • Authentication via Google OAuth 2.0
  • Session tokens with automatic expiry (7 days)
  • Email whitelist system for controlled access
  • Admin portal with role-based access control (Super Admin / Admin)

3.3 AI Processing

  • Receipt scanning and Command Center queries are processed via Google Gemini AI
  • AI interactions are stateless — we do not store AI conversation logs permanently
  • Your business data is not used to train any AI models

4. Data Sharing & Third Parties

We share data only with:

  • Google APIs: For authentication (OAuth) and Drive file storage
  • Google Gemini: For AI-powered features (receipt scanning, Command Center)
  • No other third parties receive your data

We may disclose information if required by law, regulation, or legal process.

5. Your Rights

You have the right to:

  • Access your data at any time through the platform
  • Export your data via CSV export features
  • Delete your account by contacting us at privacy@bizflowa.com
  • Revoke Google Drive access at any time through your Google account settings
  • Request correction of inaccurate business information

6. Data Retention

  • Active account data is retained as long as your account exists
  • Deleted invoices, expenses, and purchases are permanently removed
  • Session data expires automatically after 7 days
  • Upon account deletion, all associated data is purged within 30 days

7. Cookies & Local Storage

BizFlowa uses:

  • Session cookies: For authentication (httpOnly, secure, SameSite=None)
  • Local storage: For UI preferences only
  • We do not use third-party tracking cookies or analytics pixels

8. Children's Privacy

BizFlowa is a business accounting platform and is not intended for use by individuals under the age of 18. We do not knowingly collect data from minors.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of BizFlowa after changes constitutes acceptance of the revised policy.

10. Data Fiduciary & Grievance Redressal

Under the Digital Personal Data Protection Act, 2023, the Data Fiduciary responsible for your information is Bizflowa Private Limited.

For any data corrections, privacy inquiries, or to exercise your right to erasure, please contact our designated Grievance Officer:

  • Attn: Grievance Redressal Officer (Data Governance Desk)
  • Email: privacy@bizflowa.com
  • Address: 21, Pocket-H, Sarita Vihar, New Delhi, India

This policy is governed by the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023.