LEGAL

Privacy Policy

Last updated: April 2026

1. Introduction

Sahaj (sahajapp.in) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our GST compliance service.

2. Information We Collect

We collect the following types of information:

Account Information

  • Email address (via Google sign-in through Firebase Authentication)
  • Business name
  • GSTIN (GST Identification Number)
  • Phone number (optional)
  • Business address (optional)

Receipt and Business Data

  • Receipt images you upload for AI scanning
  • Extracted receipt data: vendor name, GSTIN, invoice number, date, amounts, GST breakup
  • Manually entered receipt and invoice data
  • ITC (Input Tax Credit) calculations and records
  • Export history

Usage Data

  • Scan count and plan usage
  • Feature usage patterns
  • Device and browser information

3. How We Use Your Information

We use your information to:

  • Provide and operate the Sahaj service, including AI receipt scanning and ITC tracking
  • Process receipt images using AI (OpenAI GPT-4o) to extract GST-relevant data
  • Calculate and display your Input Tax Credit and GST liability
  • Generate GSTR-1 exports and CA-ready reports
  • Manage your subscription and billing through Dodo Payments
  • Send filing deadline reminders and service notifications
  • Improve the accuracy of our AI scanning

4. Data Storage and Security

Your data is stored securely using industry-standard practices:

  • Account data is stored in a PostgreSQL database hosted on Amazon RDS (Mumbai region, ap-south-1)
  • Receipt images are stored in Amazon S3 with server-side encryption
  • All data transmission uses HTTPS/TLS encryption
  • Authentication is handled by Firebase Authentication (Google)
  • API access is protected by token-based authentication and rate limiting

5. Third-Party Services

We use the following third-party services to operate Sahaj:

  • Firebase Authentication (Google): For secure sign-in
  • OpenAI (GPT-4o): For AI-powered receipt scanning. Receipt images are sent to OpenAI's API for processing. OpenAI's data usage policy applies.
  • Amazon Web Services (S3, RDS): For data and image storage
  • Dodo Payments: For subscription billing and payment processing
  • Vercel: For hosting the web application
  • Railway: For hosting the API server

Each third-party service has its own privacy policy. We encourage you to review them.

6. Data Sharing

We do not sell, rent, or trade your personal information or business data to any third party. We share data only in the following limited circumstances:

  • With third-party service providers listed above, solely to operate the service
  • If required by law, court order, or government request
  • To protect our rights, safety, or property

7. Data Retention

We retain your data for as long as your account is active. Soft-deleted receipts are permanently purged after 7 days. If you request account deletion, all your data (including receipts, images, and business information) will be permanently deleted from our systems within 30 days.

8. Your Rights

You have the right to:

  • Access: View all data we hold about you through the Sahaj dashboard
  • Export: Download your receipt data and ITC records at any time
  • Correction: Edit your business information and receipt data
  • Deletion: Request complete deletion of your account and all associated data
  • Portability: Export your data in standard formats (Excel, JSON)

9. Cookies

Sahaj uses essential cookies and local storage for authentication and user preferences (language setting, invoiced amount). We do not use advertising or tracking cookies. No third-party analytics cookies are used.

10. Children's Privacy

Sahaj is a business tool intended for GST-registered businesses and professionals. We do not knowingly collect information from children under 18. If you believe a child has provided us with personal information, please contact us for removal.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top. Continued use of Sahaj after changes constitutes acceptance of the revised policy.

12. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at: sahajappgst@gmail.com

See also our Terms of Service and Refund Policy.