Privacy Policy

Last updated: April 27, 2026

At BillCraft ("we", "our", "us"), your privacy matters. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our website (pybillcraft.shop) and our Android application. We have written it to reflect what the app and website actually do — not just what would be convenient to claim.

1. Information We Collect

1.1 Information you provide directly:

Email and message content if you contact us via email or our contact form.
Logo or signature images you choose to upload while creating a bill (stored on your device, and on Firebase Storage if cloud sync is enabled).

1.2 Information collected through Google Sign-In (optional):

If you choose to sign in with Google, we receive from Google: your name, email address, profile picture, and a unique account identifier. This is the only way to use cloud sync; you can use the app's bill generation features without signing in.

1.3 Account and bill data stored on our servers:

Profile: name, email, profile photo URL, sequential customer ID (e.g. #1000+), sign-in timestamps. Stored in Google Firebase Cloud Firestore under /users/{your-uid}, accessible only to you.
Bill metadata and form data: if you save a bill while signed in, the bill's structured data (fields you typed) is synced to Firestore so it is available across your devices.
Generated PDF files remain on your device. We do not upload finished PDFs to our servers.

1.4 Device identifiers and notifications:

Firebase Cloud Messaging (FCM) device token: when you allow notifications, we store your device's FCM token in Firestore so we can send you update notifications and important account messages. Tokens are removed when you sign out and rotated automatically by the OS.
Advertising ID: Google AdMob uses your device's resettable advertising ID to serve ads. You can reset or limit this from your Android device settings → Google → Ads.

1.5 Analytics and usage data:

We use Google Analytics 4 (Firebase Analytics in the Android app, gtag on the website) to understand which features are used and to fix problems. Events recorded include screens viewed, buttons tapped, bill types generated, and aggregate timings. We do not collect typed bill content or customer details for analytics.

2. How We Use the Information

To create your account, sign you in, and keep you signed in.
To sync your profile and saved bill data across your devices.
To send notifications you have opted into (app updates, account messages).
To serve advertisements through Google AdMob, which keeps the app free.
To diagnose crashes and improve performance.
To respond to support requests.

3. Information We Do NOT Collect

We do not collect your GSTIN, PAN, Aadhaar, or any other government identifier — these are typed locally into bills you generate, never read or transmitted by us.
The contents of generated invoices (customer names, item descriptions, amounts) are not analyzed, mined, or shared. The structured bill data you save is stored under your account so only you can see it.
We do not track your precise GPS location.
We do not access your contacts, SMS, call logs, microphone, or browsing history.
We do not sell your personal information to third parties.

4. Third-Party Services

We use the following Google services. Each has its own privacy policy:

Firebase Authentication: sign-in via Google. Receives your Google profile.
Firebase Cloud Firestore: stores your profile and saved bill data.
Firebase Storage: stores logo/signature images you upload.
Firebase Cloud Messaging: delivers notifications.
Firebase Analytics / Google Analytics 4: usage statistics.
Google AdMob: serves advertisements in the app.
Google AdSense: serves advertisements on the website.

These services may receive limited data as described above. Google's privacy policy: policies.google.com/privacy. AdMob's data practices: AdMob Data Disclosure.

5. Cookies & Web Tracking

The website uses cookies for essential functionality, anonymous Google Analytics, and Google AdSense personalized advertising. A consent banner appears on your first visit; you can change or revoke consent any time from your browser settings or by clearing localStorage. The Android app does not use cookies.

6. Advertising

The Android app displays ads via Google AdMob. The website displays ads via Google AdSense. Both may use your device's advertising identifier and limited interaction signals to show personalized ads.

You can opt out or limit personalized ads:

Android: Settings → Google → Ads → "Reset advertising ID" / "Opt out of Ads Personalization".
Web: Google Ad Settings, aboutads.info, NAI opt-out.

7. Data Security

All data in transit between your device and our servers is encrypted using TLS (HTTPS). Data at rest in Firebase is encrypted by Google. Firestore security rules restrict access to your data so that only your signed-in account can read or write it. The Android app blocks screenshots and screen recording by default to prevent accidental sharing of sensitive bill content (you can reach out if you need an exception).

No service can guarantee absolute security; please use a strong password on your Google account and keep your device updated.

8. Data Retention

Your profile and saved bill data are retained for as long as your account is active. If you delete your account (see Section 10), we delete your data from Firestore and remove your FCM token within 30 days. Backups may retain data for a short additional period and are then overwritten.

9. Your Rights

Regardless of where you live, you can:

Access the data we hold about you by emailing us.
Correct inaccuracies in your profile from inside the app.
Delete your account and associated data — see Section 10.
Object to processing or withdraw consent at any time.

India (DPDPA 2023): you have the right to obtain information about, correct, and erase your personal data, and to withdraw consent. The grievance officer for DPDPA requests is reachable at the email below; we respond within 30 days.

European Economic Area (GDPR): right of access, rectification, erasure, restriction, portability, and objection. Lawful basis for processing: consent (analytics, ads), contract (account/sync), legitimate interests (security, fraud prevention).

California (CCPA/CPRA): right to know, delete, correct, and opt out of "sale" or "sharing" of personal information. We do not sell your personal information. Right to non-discrimination for exercising these rights.

10. Account & Data Deletion

You can delete your account and all associated data at any time:

From inside the app: Settings → "Delete Account". Confirms twice, then permanently removes your profile, saved bill data, FCM token, and signs you out.
From the web: visit pybillcraft.shop/delete-account.html for instructions and to email a deletion request.

Deletion is irreversible. Locally generated PDFs on your device are not affected by account deletion — uninstall the app to remove them.

11. Children's Privacy

BillCraft is intended for adults running businesses or freelancing. We do not knowingly collect information from children under 13 (COPPA), under 16 (GDPR), or under 18 (DPDPA, India). If you believe a child has used the service, please contact us and we will delete the account.

12. International Transfers

Data is processed on Google's global infrastructure, primarily in regions chosen by Firebase. Google maintains appropriate safeguards (Standard Contractual Clauses, etc.) for cross-border transfers.

13. Changes to This Policy

We will update this Privacy Policy when our practices change. Material changes will be highlighted with an updated "Last updated" date and, where appropriate, an in-app or email notice.

14. Contact Us

For privacy questions, deletion requests, or to reach our grievance officer, email supportbillcraft@gmail.com. We respond within 30 days.