Privacy Policy

At GFYBooks (operated by Genufy TechWorks), we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform at gfybooks.com.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, phone number, company name, and password when you register.
  • Business Profile: Company address, GST number, bank details, logo, and signature that you configure in settings.
  • Invoice Data: Client/vendor details, line items, amounts, tax information, and payment records.
  • Contacts & Accounts: Names, emails, phone numbers, addresses, and GST numbers of your clients and vendors.
  • Product/Service Data: Names, descriptions, prices, SKUs, and tax rates of your products.
  • Communication Content: Email subjects, messages, and WhatsApp notification content you compose.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, and actions taken within the application.
  • Device Information: Browser type, operating system, screen resolution, and device type.
  • IP Address: Used for security, fraud prevention, and approximate geolocation.
  • Cookies: HTTP-only authentication cookies for session management. We do not use third-party tracking cookies.

1.3 Information from Third Parties

  • Payment Processor (Razorpay): Transaction status, payment method, and order IDs. We do not store your credit/debit card numbers.
  • WhatsApp Business API (Meta): Message delivery status. We do not read your WhatsApp messages.
  • Exchange Rate API: Currency conversion rates from public APIs. No personal data is shared.

2. How We Use Your Information

  • Provide the Service: Create and manage invoices, generate PDFs, send notifications, and process payments.
  • Account Management: Authenticate your identity, manage subscriptions, and handle support requests.
  • Communication: Send OTPs for registration/password reset, invoice notifications via email/WhatsApp, and service updates.
  • Analytics & Improvement: Understand usage patterns to improve features and user experience.
  • Security: Detect and prevent fraud, abuse, and unauthorised access.
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes.

3. Data Storage & Security

  • Database: Your data is stored in MongoDB with encryption at rest.
  • Passwords: Stored as bcrypt hashes. We never store or have access to your plaintext password.
  • Authentication: JWT tokens in HTTP-only cookies with refresh token rotation.
  • File Uploads: Logos, signatures, and assets are stored securely and served via authenticated endpoints.
  • Infrastructure: Hosted on secure cloud infrastructure with regular backups.
  • Access Control: Business data is scoped by business ID. Team members can only access their business's data.

4. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share data only in these circumstances:

  • Service Providers: Razorpay (payments), Meta WhatsApp Business API (notifications), Amazon SES (email sending) — only the minimum data required for the service.
  • Public Invoice Links: When you share an invoice via a public link, the recipient can view the invoice details without logging in. You control when to generate and share these links.
  • Legal Requirements: If required by law, court order, or government authority.
  • Business Transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before this occurs.

5. Your Rights

Under applicable Indian data protection laws, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update or correct inaccurate personal data via your account settings.
  • Deletion: Request deletion of your account and associated data. Contact us at support@gfybooks.com.
  • Data Export: Export your invoices, contacts, products, and other data in CSV/PDF format.
  • Withdraw Consent: You may stop using the Service at any time. For email/WhatsApp notifications, you control these settings per invoice.
  • Restriction: Request that we restrict processing of your data in certain circumstances.

6. Data Retention

  • Active Accounts: We retain your data for as long as your account is active.
  • Deleted Accounts: After account deletion, we retain data for 30 days for recovery purposes, then permanently delete it.
  • Payment Records: Retained for 7 years as required by Indian tax and accounting regulations.
  • Server Logs: Automatically deleted after 90 days.

7. Cookies & Tracking

  • We use HTTP-only cookies solely for authentication (access token and refresh token). These are essential for the Service to function.
  • We do not use third-party tracking cookies, advertising cookies, or analytics cookies that track you across websites.
  • We do not use Google Analytics, Facebook Pixel, or similar tracking services.

8. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided personal information to us, please contact us at support@gfybooks.com.

9. International Data Transfers

Your data is primarily stored and processed in India. If we use cloud services that process data outside India, we ensure appropriate safeguards are in place. By using the Service, you consent to the transfer of your data as described in this policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notification at least 15 days before the changes take effect. The "Effective Date" at the top indicates when this policy was last updated. Continued use of the Service after changes constitutes acceptance.

11. Grievance Officer

In accordance with the Information Technology Act, 2000 and applicable rules, the Grievance Officer for GFYBooks is:

  • Name: Genufy TechWorks Support Team
  • Email: support@gfybooks.com
  • Address: Salem, Tamil Nadu, India
  • Response Time: We will acknowledge your complaint within 48 hours and resolve it within 30 days.

12. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us: