SaathiX Billingby SaathiX
Legal · Privacy

Privacy Policy

Your data belongs to you. This policy explains exactly what we collect, why we collect it, how we protect it, and the rights you have under India's Digital Personal Data Protection Act, 2023.

Last updated · June 28, 2026

1. Introduction

SaathiX Technologies (“SaathiX Billing”, “we”, “us”) operates a billing, POS and CRM platform for Indian retailers. We act as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDP Act) for store-owner data, and as a Data Processor for end-customer data that our merchants upload.

This policy applies to saathix.com, our web dashboard, mobile app and APIs.

2. Data we collect

Account data: name, email, phone, store name, GSTIN, address, photograph.

Operational data: products, inventory, invoices, suppliers, customer ledgers, sales analytics that you create in the app.

Payment data: subscription plan, billing address, GST invoice details. Card and UPI details are tokenised by our PCI-DSS Level 1 payment partner; we never store full card numbers.

Technical data: IP address, device, browser, crash reports, anonymised usage analytics.

3. Why we collect it

  • Run your billing, POS, inventory and CRM workflows
  • Generate GST-compliant invoices and reports
  • Detect fraud, abuse and security incidents
  • Provide customer support and product communication
  • Comply with Indian tax, accounting and audit laws

5. Who we share data with

  • Cloud hosting · AWS Mumbai (ap-south-1) and Cloudflare India edge
  • Payment processors · Razorpay, Stripe (for international)
  • Communication · WhatsApp Business API, MSG91 SMS, Resend email
  • Analytics · PostHog (self-hosted, EU region)
  • Authorities · only when compelled by a valid legal order

6. Retention

Operational data is retained for the lifetime of your subscription plus 7 years to comply with the Income Tax Act and GST record-keeping rules. You may export and delete earlier via Settings → Data, subject to statutory retention.

7. Your rights

Under the DPDP Act you can access, correct, update, erase, and port your personal data, withdraw consent, and nominate a person to exercise your rights in case of death or incapacity. Write to dpo@saathix.com · we respond within 30 days.

8. Security

AES-256 encryption at rest, TLS 1.3 in transit, daily encrypted backups, role-based access controls, SOC 2 Type II controls, annual VAPT. See our full Security page.

9. Cookies

We use first-party cookies for session, CSRF, theme and language. No third-party advertising cookies. You can clear cookies anytime from your browser.

10. Children

SaathiX Billing is a B2B service and is not directed to anyone under 18. We do not knowingly collect data of minors.

11. Changes to this policy

Material changes are notified by email and in-app banner 30 days before they take effect. The latest version always lives at saathix.com/legal/privacy.

12. Grievance Officer

Per Rule 5(9) of the IT Rules, 2021:
Ms. Anika Reddy · Grievance Officer · grievance@saathix.com · Response within 15 days.

Questions about this policy?

Write to legal@saathix.com or contact our team.