Privacy Policy

1Introduction

Easy Rate ("we," "us," "our," or the "Company") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, process, share, and safeguard your information when you use our mobile application and related services (the "Services").

Please read this privacy policy carefully. If you do not agree with our policies and practices, please do not use our Services.

For privacy inquiries, contact us at: support@easyrate.app or support@easyrate.app

2Information We Collect

2.1 Information You Provide Directly

Account Registration & Profile Data:

• Full name and business name
• Email address
• Phone number
• Business address and mailing address
• Username and password
• Company GST/Tax identification number (optional)
• Company VAT/Tax ID (optional)
• Company website URL (optional)
• Company size and industry (optional)
• Profile picture (optional)

Billing & Payment Information:

• Payment method details (credit/debit card, bank account information)
• Billing address
• Payment history and transaction records
• Last 4 digits of payment instruments (full details stored securely by payment processors)

Business Data (Customer Management):

• Customer names and contact information (email, phone, address)
• Customer company information
• Customer payment terms and preferences
• Customer notes and preferences
• Customer tax identification information

Invoice & Product Data (Invoice Management):

• Invoice numbers and dates
• Itemized products/services with descriptions, quantities, and prices
• Invoice amounts and payment status
• Tax rates and calculations (GST, VAT, other applicable taxes)
• Payment terms and due dates
• Customer notes on invoices
• Invoice attachments and supporting documents

Product Data (Product Management):

• Product/service names and descriptions
• Product codes and SKUs
• Product pricing and cost information
• Product images (optional)
• Product categories
• Inventory levels and quantity information

AI-Assisted Features (if applicable):

• Text prompts you provide for invoice generation or suggestions
• This may include sensitive business and financial information

Communication & Support:

• Messages you send to our support team
• Feedback and feature requests
• Survey responses
• Support tickets and correspondence

2.2 Information Automatically Collected

Device Information:

• Device type, model, and manufacturer
• Operating system and version
• Device unique identifiers
• Mobile device ID and hardware model

Usage Data:

• Log and usage analytics (pages visited, features used, time spent)
• IP address and geolocation (country/city level)
• Browser type and version
• Referring URLs and links clicked
• Date/time stamps of activities
• Error reports and crash logs
• System activity and configuration

Cookies & Tracking Technologies:

• Cookies for user preferences and session management
• Web beacons and pixels for analytics
• Local storage data
• Similar tracking technologies for performance monitoring

Location Data:

• Approximate geolocation based on IP address
• Precise location only if you grant permission
• You can opt out via device settings

3Legal Basis for Processing (GDPR & CCPA Compliance)

We process your information based on:

• Your Consent: When you agree to our terms and opt-in to specific processing
• Contract Performance: To provide the Services and fulfill your requests
• Legal Obligations: To comply with applicable laws (GST, tax regulations, data protection laws)
• Legitimate Interests: To improve Services, prevent fraud, analytics, and marketing
• Vital Interests: To protect safety and prevent harm
• Public Task: To comply with government regulations and tax requirements

For EU/EEA users: We comply with the General Data Protection Regulation (GDPR). Your data is processed only with valid legal basis as outlined above.

For California residents: We comply with the California Consumer Privacy Act (CCPA). See Section 10 for your specific rights.

4How We Use Your Information

We use your information to:

Service Delivery & Account Management:

• Create and maintain your account
• Authenticate your identity and manage login credentials
• Provide invoice generation, customer management, and product management features
• Deliver cross-device access and cloud synchronization
• Enable data backup and recovery
• Process payments and manage billing

Communication:

• Send service announcements and updates
• Respond to support inquiries
• Send invoice reminders to your customers (on your behalf)
• Notify you of policy changes or security updates
• Send marketing emails and promotional content (with opt-out option)

Analytics & Improvement:

• Analyze how you use the Services to identify trends
• Improve feature functionality and user experience
• Identify usage patterns and optimize performance
• Conduct quality assurance and testing

Security & Compliance:

• Detect and prevent fraud, abuse, and unauthorized access
• Enforce terms and conditions
• Comply with legal obligations (GST regulations, tax laws, data protection laws)
• Maintain audit trails for compliance and dispute resolution
• Monitor and protect against security threats

Marketing & Personalization:

• Send promotional communications about features and offers
• Develop and display targeted advertising
• Determine effectiveness of marketing campaigns
• Conduct surveys to understand user preferences

5Who We Share Your Information With

5.1 Third-Party Service Providers

We may share your information with:

• Cloud Storage & Hosting Providers: For data storage, backup, and infrastructure
• Payment Processors: For secure payment processing (Stripe, Razorpay, etc.)
• Email Service Providers: For sending invoices and communications
• AI/Analytics Providers: For invoice generation assistance and usage analytics
• Security & Fraud Prevention Services: For threat detection
• Integrations & APIs: Third-party apps you authorize (accounting software, email, etc.)

All third-party providers are contractually obligated to:

• Protect your data with industry-standard security
• Use data only for specified purposes
• Not share your data without authorization
• Comply with applicable data protection laws

5.2 Legal Requirements & Business Transfers

We may disclose your information when:

• Required by law, court order, or government authority
• Necessary to enforce our Terms of Service
• Necessary to protect our legal rights or someone's safety
• In connection with mergers, acquisitions, or sale of assets
• With your explicit consent

5.3 Your Customer Data

Important: Your customers' data (names, emails, phone numbers, addresses) is your responsibility. You warrant that you have obtained all necessary consents and authorization from your customers to share their information with Easy Rate. We process this data only as your data processor to deliver the Services.

We will not use customer data for marketing or any purpose other than invoice delivery and customer communication on your behalf.

6International Data Transfers

Your data may be transferred to, stored, and processed in countries outside of India, including:

• United States (cloud hosting)
• European Union (if using EU-based processors)
• Other countries where our service providers operate

Data Protection Assurances:

• We implement EU Standard Contractual Clauses for international transfers
• All transfers comply with applicable data protection regulations
• We use appropriate safeguards (encryption, access controls, contractual obligations)
• Third-party processors comply with GDPR, CCPA, and local data protection laws

7Data Security & Protection

7.1 Security Measures

We implement:

• Encryption: End-to-end encryption for data in transit and at rest
• Access Controls: Role-based access restrictions (only authorized personnel)
• Firewalls & Intrusion Detection: Network security monitoring
• Regular Security Audits: Third-party penetration testing and vulnerability assessments
• Data Minimization: Collecting only necessary information
• Secure Authentication: Password protection and multi-factor authentication options

7.2 Payment Security

• Payment card data is NOT stored on our servers
• All payments processed through PCI-DSS compliant payment gateways
• We store only last 4 digits of cards and expiration dates
• Payment processors handle full encryption and security

7.3 Limitation of Liability

DISCLAIMER: While we implement robust security measures, no system is 100% secure. We cannot guarantee:

• Protection against sophisticated hackers or cybercriminals
• Complete prevention of unauthorized data access
• Security of data transmitted over the internet
• Security of data you share with third-party integrations

You use the Services at your own risk. You are responsible for:

• Keeping your password confidential
• Protecting your device from malware
• Not sharing sensitive information unnecessarily
• Reviewing privacy policies of integrated third-party services

8Data Retention & Deletion

8.1 Retention Periods

We retain your information:

• Active Accounts: As long as your account is active
• Invoices & Business Data: Until you request deletion
• Payment Information: As required by tax/accounting regulations (typically 5-7 years in India)
• Server Backups: Up to 90 days after account termination
• Legal/Compliance: As required by law (GST records must be retained for 6 years in India)

8.2 Deletion & Data Purge

You can delete:

• Individual Data: Delete specific invoices, customers, or products from your account
• Account Data: Request deletion of all account data via Settings > Delete Account
• Customer Data: Purge individual customer records and all associated invoices

Important:

• Deletion is final and irreversible
• We may retain anonymized data for analytics
• Legal/tax records must be retained per applicable laws
• Backup copies may take up to 90 days to fully purge

To request data deletion, contact: support@easyrate.app

9Cookies & Tracking Technologies

9.1 How We Use Cookies

• Session Cookies: Keep you logged in during your session
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Track usage patterns for improvement (Google Analytics)
• Marketing Cookies: Track which features interest you (can be disabled)

9.2 Your Cookie Choices

You can:

• Configure your browser to refuse all cookies or notify you when cookies are sent
• Opt out of Google Analytics at: https://tools.google.com/dlpage/gaoptout
• Opt out of interest-based advertising at: http://optout.networkadvertising.org/
• Disable tracking in app settings

Note: Disabling cookies may affect some Service features.

10Your Privacy Rights

10.1 Rights for All Users

You have the right to:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Portability: Export your data in CSV, Excel, or JSON format
• Opt-Out: Unsubscribe from marketing communications
• Withdraw Consent: Revoke consent for specific data processing

To exercise your rights, contact: support@easyrate.app

We will respond within 30 days (or 45 days for complex requests).

10.2 GDPR Rights (EU/EEA Users)

If you're located in the EU/EEA, you additionally have the right to:

• Right to Be Informed: Clear information about data processing
• Right of Access: Obtain a copy of your data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion (right to be forgotten)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Get your data in a portable format
• Right to Object: Object to specific processing activities
• Right Against Automated Decision-Making: Not be subject to decisions based solely on automated processing
• Right to Lodge a Complaint: File a complaint with your national data protection authority

10.3 CCPA Rights (California Residents)

If you're a California resident, you have the right to:

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of "selling" or "sharing" of personal information (we do not sell your data)
• Right to Correct: Correct inaccurate information
• Right to Non-Discrimination: We will not discriminate based on privacy rights exercise
• Right to Limit: Limit use of sensitive personal information
• Right to Opt-Out of Profiling: Opt out of profiling in furtherance of decisions that produce legal/similarly significant effects

10.4 India-Specific Rights (If Applicable)

India's Digital Personal Data Protection Act (DPDP) provides:

• Right to obtain information about data processing
• Right to correction and erasure of data
• Right to data portability
• Right to grievance redressal
• Right to opt out of processing for certain purposes

11Children's Privacy

Easy Rate does NOT knowingly collect information from children under 18 years of age. The Services are intended for business use by adults.

If we learn that a child under 18 has provided personal information, we will:

• Immediately deactivate the account
• Delete the information promptly
• Contact the parent/guardian

If you're aware of a child's account, please contact: support@easyrate.app

12Third-Party Links & Services

Our app may contain links to third-party websites, integrations, and services (e.g., payment processors, accounting software, email providers).

Disclaimer:

• We are NOT responsible for third-party privacy practices
• Third-party sites have their own privacy policies
• We have no control over third-party data handling
• Review third-party privacy policies before using integrated services
• Easy Rate is not liable for data shared with third parties

Common Third Parties:

• Stripe, Razorpay (payment processing)
• Google (analytics, login, cloud storage)
• Email providers (invoice delivery)
• Accounting software (if integrated)

13Compliance with Legal Requirements

13.1 India - Goods & Services Tax (GST)

We collect GST-related information (invoice numbers, tax rates, customer tax IDs) to help you comply with GST regulations. We:

• Store invoices and tax details securely
• Enable export for GST filing (e-invoicing, IRP submission)
• Comply with GST Record-keeping Rules (6-year retention)
• Do NOT submit data to government portals on your behalf (you retain control)

13.2 India - Data Protection

We comply with:

• Information Technology Act, 2000
• Digital Personal Data Protection Act, 2023 (DPDP)
• RBI guidelines for payment processing

13.3 International Compliance

• GDPR (EU): Standard Contractual Clauses for data transfers
• CCPA (California): Data access, deletion, and opt-out rights
• PIPEDA (Canada): Consent-based data processing
• Data Localization: Customer data stored per local requirements where applicable

14Do Not Track (DNT)

Your browser may allow you to send "Do Not Track" signals. We do NOT currently respond to DNT signals. We recommend:

• Reviewing your browser privacy settings
• Using cookie controls to limit tracking
• Opting out via our settings

15Contact & Grievance Resolution

15.1 Privacy Questions

For privacy-related inquiries:

• Email: support@easyrate.app
• Support Email: support@easyrate.app
• Response Time: Within 30 days

15.2 Grievance Redressal Officer

For complaints or grievances:

• Email: grievance@easyrate.app
• Response Time: Within 30 days per DPDP Act

16Policy Updates & Changes

We may update this Privacy Policy to:

• Reflect changes in our practices
• Comply with new laws and regulations
• Improve transparency and clarity

Notification of Changes:

• We will email you at your registered email address
• Changes effective upon posting to the app
• Your continued use constitutes acceptance

Last Updated: January 2026
Effective Date: January 27, 2026

17Miscellaneous

17.1 No Guarantee of Privacy

While we implement industry-standard security, we cannot guarantee:

• 100% secure data transmission
• Protection against all unauthorized access attempts
• Absolute prevention of data breaches
• Third-party service provider's security practices

17.2 Your Responsibility

You are responsible for:

• Keeping your password confidential
• Logging out when using shared devices
• Monitoring your account for unauthorized activity
• Reporting security breaches immediately

17.3 Entire Agreement

This Privacy Policy, along with the Terms of Service, constitutes the entire agreement regarding our privacy practices. If you have questions, contact us at support@easyrate.app.