GSTShield

Legal

Privacy Policy

Last updated: May 2026

1. Who we are

GSTShield is a product of Aurum Digital, a company registered in India. We build automated GSTR-2B reconciliation and vendor follow-up tools for Indian Chartered Accountant firms. For any privacy-related queries, contact us at support@gstshield.in.

2. Information we collect

We collect the following information when you use GSTShield: • Account information — your name, email address, firm name, and phone number provided at signup. • Client data — GSTINs, business names, and contact details of your GST clients that you add to the platform. • GSTR-2B data — GST return data fetched from the GSTN via a licensed GST Suvidha Provider (MasterGST) on your behalf. • Purchase register data — Excel files you upload containing your clients' purchase entries. • Payment information — billing and subscription details processed by Razorpay. We do not store card numbers; all payment data is handled directly by Razorpay. • Usage data — logs of actions taken within the platform (syncs, reconciliations, messages sent) for debugging and product improvement.

3. How we use your information

We use the information we collect to: • Provide and operate the GSTShield service, including fetching GSTR-2B data, running reconciliation, and sending WhatsApp vendor reminders. • Process subscription payments and send billing confirmations. • Send transactional emails (welcome, payment confirmation, contact form responses). • Detect and prevent abuse or unauthorised access. • Improve the product based on aggregate usage patterns. We do not use your data or your clients' data for advertising. We do not sell data to third parties.

4. How we share your information

We share data only with the third-party services required to operate the platform: • Supabase — database and authentication infrastructure, hosted on Indian servers. • MasterGST / Whitebooks — Government-licensed GSP used to fetch GSTR-2B data from GSTN. • Razorpay — payment processing for subscriptions. • AiSensy — WhatsApp Business API for sending vendor reminder messages (Pro and Firm plans only). • Resend — transactional email delivery. Each of these providers is bound by their own privacy policies and data processing agreements. We do not share your data with any other third parties.

5. Data storage and security

All data is stored exclusively on Indian servers. We apply the following security measures: • Encryption at rest using AES-256. • Encryption in transit using TLS 1.3. • Row-level security (RLS) in our database ensures each account can only access its own data. • No GSTShield employee accesses your client data unless you explicitly request support that requires it.

6. Data retention

We retain your account data for as long as your account is active. If you cancel your subscription and delete your account, we will delete your data within 30 days, except where retention is required by law (for example, payment records for tax compliance).

7. Your rights

You have the right to: • Access the personal data we hold about you. • Correct inaccurate data. • Request deletion of your data (subject to legal retention requirements). • Export your client data. To exercise any of these rights, contact us at support@gstshield.in.

8. Cookies

GSTShield uses only essential cookies required for authentication (session tokens). We do not use advertising or tracking cookies. No third-party analytics scripts are loaded on the platform.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will notify you by email and update the "Last updated" date at the top of this page. Continued use of GSTShield after changes are posted constitutes acceptance of the updated policy.

10. Contact

For any questions about this Privacy Policy or how we handle your data, contact: Aurum Digital support@gstshield.in