Privacy

A clear view of how product data is handled.

BillCountr uses shop data to provide enabled retail workflows, protect business history and keep authorized devices consistent.

Data boundary

Your organization

Access basis

Role, permission and enabled feature

Offline storage

Only what supported local work needs

AI changes

Explicit confirmation required

What you need to know

Clear details, without the jargon.

01 · Scope

What this page covers

This is a plain-language description of BillCountr’s current product privacy principles. It covers information processed by the mobile app, web dashboard, API, offline stores, sync flow, reports, exports and assisted features.

02 · Information

Data used to run the shop

Depending on enabled features, BillCountr may process organization profile and tax details, user accounts and roles, products and stock, customer and supplier contacts, invoices, payments, ledger allocations, settings, reports, device identity, sync operations and audit events.

  • Account and organization information
  • Product, stock and supplier records
  • Customer, invoice, payment and udhaar records
  • Device, sync, settings and audit information

03 · Purpose

Why the product uses this data

The information supports authentication, billing, invoice output, stock movement, customer settlement, reports, permissions, offline continuity, sync, audit review and features the organization chooses to enable.

04 · Local storage

Offline work requires data on the device

The Android app and offline-capable web surface keep the records, settings snapshots and pending operations needed to continue supported shop work. Local data should receive platform-appropriate protection and is reconciled through the sync process.

05 · Access

People see only authorized shop data

Access is limited by authenticated organization membership, role, specific permissions and enabled features. The same boundary applies to normal screens, API requests, reports, exports, sync and AI-assisted workflows.

06 · Sharing

Outputs are created at the user’s request

Authorized users may print or share invoices, payment receipts, due lists and reports, or export data to supported file formats. The organization is responsible for choosing recipients and handling exported copies appropriately.

07 · AI

Assisted access remains permission-aware

The assistant may read only allowed organization modules. It must fail gracefully when a module is blocked. Any action that changes data must show the intended modification and wait for explicit user confirmation.

08 · Retention

Business history is not silently rewritten

Finalized invoice snapshots, ledger entries and audit records are retained to preserve business integrity. Recoverable entities may use soft deletion and defined recycle-bin periods. Exact legal retention and deletion periods must be finalized in the public privacy notice.

09 · Protection

Security controls support privacy

The architecture requires encrypted transport, protected storage, secure authentication, tenant checks, permission enforcement, safe database access and append-only audit records for sensitive activity.

10 · Choices

The organization controls enabled complexity

Owners can manage staff access and feature toggles. Authorized users can create intended exports. Account access, correction and deletion processes that depend on legal rights will be documented with the final company contact channel before launch.

Common questions

Quick answers.

Can another shop view my sales or customer list?

No. Tenant-owned records are scoped to one organization, and organization context must be enforced across normal access, reports, exports, background jobs, sync and assisted workflows.

Why is shop data stored on my device?

Supported records and pending operations are stored locally so billing, stock lookup, ledger work and invoice output can continue without internet.

Does changing a customer delete old invoices?

No. Finalized invoice snapshots preserve historical business records. Corrections use explicit cancellation, reversal or appended ledger entries rather than silently rewriting the past.

Can AI access data my role cannot see?

No. AI access must respect the same organization scope, role, permission, feature and module boundaries as normal product access.

Pre-launch legal completion required: add the registered company and data-controller identity, privacy contact, hosting regions, subprocessors, exact retention periods, cookie and analytics practices, lawful bases, user-rights process, grievance path, effective date and applicable jurisdiction after legal review.