LEGAL

Privacy Policy

Last updated: May 2, 2026
๐Ÿ‡ฎ๐Ÿ‡ณ All your data is stored in India. We comply with the Digital Personal Data Protection Act, 2023 (DPDP Act).

1. What Data We Collect

Account data:

  • โ†’WhatsApp number (for authentication)
  • โ†’Name, email (optional)
  • โ†’Business name, GST registration details

Financial data (you provide):

  • โ†’Invoices, receipts, bank statements
  • โ†’Payroll, employee information
  • โ†’GST returns, TDS data
  • โ†’All accounting entries

Usage data (automatic):

  • โ†’Pages visited, features used
  • โ†’WhatsApp messages sent to OnGravy
  • โ†’Error logs for debugging
  • โ†’Device type, browser

2. How We Use Your Data

  • โ†’To provide and improve OnGravy
  • โ†’To auto-fill GST returns with your transaction data
  • โ†’To send proactive alerts (GST deadlines, fraud alerts)
  • โ†’To generate reports and insights
  • โ†’To send billing notifications
  • โ†’We do NOT use your data to train AI models
  • โ†’We do NOT sell your data to any third party

3. Where Data Is Stored

All data is stored in India:

  • โ†’Database: Supabase, Mumbai (AWS ap-south-1)
  • โ†’Cache: Upstash Redis, Mumbai
  • โ†’Files: Supabase Storage, Mumbai

We do not transfer data outside India except for payment processing via Razorpay (India-based) and WhatsApp API via Meta (messages only, not financial data).

4. Data Sharing

We share data only with:

  • โ†’GST Portal (GSTN) โ€” only when you file returns
  • โ†’Razorpay โ€” only payment amounts, never full financial data
  • โ†’WhatsApp (Meta) โ€” only the messages you send to OnGravy
  • โ†’AWS Textract โ€” OCR processing (not stored by AWS)

We never share with: Advertisers ยท Data brokers ยท Other companies for marketing

5. Data Retention

  • โ†’Active accounts: data kept as long as subscription is active
  • โ†’Cancelled accounts: 90-day export window, then permanently deleted
  • โ†’Audit logs: kept for 7 years (GST compliance requirement)
  • โ†’WhatsApp messages: not stored after processing

6. Your Rights (DPDP Act 2023)

You have the right to:

  • โ†’Access all your data (export from Settings)
  • โ†’Correct inaccurate data
  • โ†’Delete your account and all data
  • โ†’Know who we share data with
  • โ†’Withdraw consent (will terminate service)

To exercise your rights: privacy@ongravy.in

7. Security

  • โ†’AES-256-GCM encryption for sensitive fields
  • โ†’HTTPS everywhere, TLS 1.3
  • โ†’WhatsApp OTP authentication โ€” no passwords
  • โ†’Row-level security: your data is completely isolated
  • โ†’Regular security audits
  • โ†’No employee can access your financial data without your consent

8. Cookies

We use only essential cookies: authentication session and theme preference (dark/light). We do not use advertising or tracking cookies of any kind.

9. Children

OnGravy is not intended for users under 18. We do not knowingly collect data from minors.

10. Contact

Privacy Officer: Pratik Revankar
Email: privacy@ongravy.in
Address: OnGravy Technologies Pvt Ltd, Goa, India