Privacy Policy
AUN Bizznes is a mobile invoice and business-management application. This Privacy Policy explains how AUN Creations (“we,” “our,” or “us”) collects, uses, stores, discloses, and protects information when you use the AUN Bizznes mobile app and related backend services (the “Services”).
1. Who We Are
AUN Creations develops and operates AUN Bizznes, a professional GST invoice application for businesses and freelancers. For the purposes of applicable privacy laws, AUN Creations acts as the data controller (or equivalent role) for personal data processed through the Services, except where we process data solely on behalf of infrastructure providers under their own terms.
2. Scope
This Privacy Policy applies to:
- the AUN Bizznes mobile application (iOS and Android);
- the AUN Bizznes backend API and related cloud infrastructure;
- customer support interactions related to the product; and
- this legal website and other official product communications.
It does not govern third-party websites, app stores, payment processors, or services you access outside AUN Bizznes. Those providers are governed by their own privacy policies.
3. Summary
4. Information We Collect
Depending on how you use AUN Bizznes, we may process the following categories of data:
4.1 Information you provide in the app
- Account information: name, email address, phone number (where enabled), profile photo or avatar selection, preferred language, and authentication method (Google, Apple, email OTP, or phone OTP).
- Business profile: business name, contact details, address, GSTIN, PAN, bank and UPI details, invoice numbering preferences, and branding assets such as logos and signatures.
- Clients and invoices: client names and contact details, invoice line items, amounts, tax and GST details, dates, status, notes, and related business records you create in the app.
- Files and attachments: images and documents you upload (for example business logos, signatures, or invoice attachments), including file metadata such as MIME type and size.
- Support communications: information you send when contacting us for help.
4.2 Information collected automatically
- Session and security data: hashed refresh tokens, authentication events, and request metadata needed to secure your account (for example IP-derived rate-limit signals and request identifiers). We do not store plaintext passwords for social sign-in flows.
- Subscription and trial metadata: plan identifier, entitlement status, trial end date, and subscription expiry information received from our payment platform partner.
- Operational diagnostics: limited technical logs and error reports used to keep the Services reliable. These logs are structured to avoid unnecessary personal or business content.
4.3 Information we do not intentionally collect
- Payment card numbers, UPI PINs, or full payment credentials (handled by app stores and payment partners).
- Contacts from your address book, unless you explicitly choose to use a feature that requires them.
- Precise location data.
| Category | Examples | When collected |
|---|---|---|
| Account | Email, name, auth provider ID | When you register or sign in |
| Business data | Invoices, clients, GST details | When you create or update records while signed in |
| Files | Logo, signature, attachments | When you upload branding or invoice files |
| Subscription | Plan status, trial dates | When you start a trial or purchase premium |
| Security logs | Request ID, route, status, latency | During API use |
5. How We Use Information
We use the information described above to:
- provide core app functionality, including creating, storing, and exporting invoices;
- authenticate you and maintain secure sessions;
- store, maintain, and make available your business data on our secure servers;
- deliver invoices to your clients when you use supported sharing channels (for example email or WhatsApp);
- personalize and customize your experience, including settings, defaults, templates, and product recommendations;
- analyze usage and business-data patterns to understand product performance, prioritize improvements, and develop insights;
- research, test, and develop new features, services, and product capabilities;
- create aggregated, de-identified, or statistical reports that do not reasonably identify you or your clients;
- manage trials, subscriptions, and premium entitlements;
- send transactional messages such as email verification and sign-in codes;
- detect abuse, enforce rate limits, and protect the Services;
- monitor reliability, diagnose errors, and improve performance;
- comply with law and respond to lawful requests; and
- communicate important product or policy updates.
We do not use your invoice or client data for third-party behavioral advertising or to build advertising profiles for unrelated third-party marketers.
6. Data Storage
AUN Bizznes requires you to sign in to use core features. When you create or update invoices, clients, business profiles, templates, and related records, that information is transmitted to and stored on our secure servers under your account.
Your business data is scoped to your account. We apply access controls so one user cannot access another user’s business records. There is no separate control for you to choose which categories of business data are stored with your account; data you enter through the Services is stored to provide the features you use.
If you delete your account (where available) or request deletion, we process deletion in line with our retention practices and applicable law, including removal of associated business records and uploaded files from our systems, subject to limited legal or security exceptions.
7. Legal Bases for Processing
Where applicable law requires a legal basis, we rely on:
- Contract / performance: to provide the Services you request, maintain your account, and deliver product features.
- Consent: where you opt in to optional features or communications that require consent under local law.
- Legitimate interests: to secure the Services, prevent fraud and abuse, improve reliability, personalize product experiences, and analyze usage and trends to develop insights and new features — balanced against your rights.
- Legal obligation: to comply with applicable laws, tax or regulatory requirements, and lawful government requests.
9. Security
We implement technical and organizational measures appropriate to the nature of the data we process, including:
- encryption in transit (TLS) for API and web traffic;
- hashed storage of refresh tokens and one-time codes (OTPs);
- backend-issued JWT access tokens with short expiry and refresh-token rotation;
- server-side authorization checks on every protected API request;
- rate limiting on authentication and sensitive endpoints;
- structured logging with redaction of secrets, tokens, and unnecessary personal data; and
- monitoring for unexpected errors and service health.
No method of transmission or storage is completely secure. We encourage you to use device lock, keep your app updated, and protect your account credentials.
10. Data Retention
- Account and business data: retained on our servers while your account is active and as needed to provide the Services.
- Session tokens: retained only for the duration required for authentication and rotation policies.
- Email OTP records: retained only for verification windows and security purposes, then removed or invalidated.
- Operational logs: retained for a limited period appropriate for security, debugging, and compliance, then deleted or aggregated.
When you request account deletion or when retention is no longer necessary, we delete or irreversibly anonymize relevant data within a reasonable timeframe, except where retention is required by law or for legitimate security and dispute-resolution purposes.
11. International Data Transfers
AUN Creations is based in India. If you use the Services from another country, your data may be transferred to and processed in India or other countries where our service providers operate (for example the United States for certain cloud infrastructure). Where required, we apply appropriate safeguards such as contractual protections consistent with applicable data-protection law.
12. Your Rights and Choices
Depending on your location, you may have rights to:
- access the personal data we hold about you;
- correct inaccurate or incomplete data;
- delete your data or close your account;
- export or port your data where technically feasible;
- object to or restrict certain processing;
- withdraw consent where processing is consent-based; and
- lodge a complaint with a supervisory authority.
EEA / UK (GDPR): Where GDPR or UK GDPR applies, you may exercise the rights listed above and contact us for data-protection inquiries.
California (CCPA / CPRA): We do not sell personal information for cross-context behavioral advertising. California residents may request access to or deletion of personal information we hold, subject to legal exceptions.
To exercise your rights, contact us at aun.bizznes@gmail.com. We may need to verify your identity before fulfilling requests.
13. Children’s Privacy
AUN Bizznes is a business application and is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us and we will take steps to delete it promptly.
14. Advertising
AUN Bizznes does not display third-party behavioral advertising in the app and does not sell your data to advertisers. Optional PDF export may include a document watermark for non-premium use; this is a product feature, not personalized advertising.
15. Third-Party Services
The Services may integrate with or rely on the following categories of third parties:
| Provider / category | Purpose | Privacy information |
|---|---|---|
| Google Firebase Authentication | Verify Google, Apple, and phone sign-in tokens server-side | Firebase Privacy |
| Google / Apple sign-in SDKs | Initiate social authentication on device | Google Privacy; Apple Privacy |
| RevenueCat (or equivalent) | Subscription and trial entitlement management | RevenueCat Privacy |
| Email delivery (SMTP) | Transactional email (verification, sign-in codes) | Provider depends on deployment configuration |
| Meta WhatsApp Cloud API | Deliver invoices to clients when you choose WhatsApp sharing | WhatsApp Privacy |
| Sentry | Backend error monitoring (no intentional PII or business secrets) | Sentry Privacy |
| Cloud hosting | API, database, and file storage infrastructure | Provider depends on deployment configuration |
We encourage you to review the privacy policies of third-party services you interact with directly.
16. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or product features. When we make material changes, we will update the “Last updated” date at the top of this page and, where required, provide additional notice through the app or other appropriate channels before changes take effect.
17. Contact Us
For privacy questions, rights requests, or complaints, contact:
We aim to respond to verified privacy requests within the timelines required by applicable law.