Sign inRegister

Privacy Policy

Effective Date: May 26, 2026

1. Introduction

Billin Space Pvt. Ltd. ("Billin," "we," "our," or "us") is committed to protecting the privacy and security of your personal and corporate data. This Privacy Policy outlines our practices regarding the collection, use, processing, and disclosure of information when you use our enterprise resource planning (ERP) platform, related services, applications, and our website (collectively, the "Services").

By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you are using the Services on behalf of an organization, you are agreeing to this Privacy Policy for that organization and representing that you have the authority to bind that organization to this policy.

2. Information We Collect

We collect information in the following categories to provide and improve our Services:

A. Information You Provide Directly

  • Account & Registration Data: Name, email address, corporate entity details, billing address, phone number, and account credentials.
  • Financial & Operational Data (Customer Data): Information submitted through our modules, including accounting ledgers, invoices, inventory tracking data, point-of-sale (POS) records, and manufacturing work orders.
  • Human Resources & Payroll Data: Employee names, contact information, tax identification numbers, salaries, bank account details, and performance records entered into the HR & Payroll modules.

B. Information Collected Automatically

  • Log & Usage Data: IP addresses, browser type, operating system, pages viewed, API calls, and system activity logs.
  • Device Information: Hardware models, operating systems, unique device identifiers, and mobile network data when accessing POS or mobile applications.
  • Cookies & Tracking Technologies: We use cookies and similar technologies to maintain session state, analyze platform usage, and enhance security.

3. How We Use Your Information

We act as a data processor for the Customer Data you input into our ERP, and as a data controller for your Account Data. We use your information to:

  • Provide & Maintain Services: Authenticate users, process transactions, generate financial reports, and ensure the core functionality of the ERP platform.
  • Improve & Optimize: Analyze usage trends to enhance user experience, debug software issues, and develop new features.
  • Drishya AI Processing: For users utilizing Drishya AI, we process uploaded documents (e.g., bills, receipts) using optical character recognition (OCR) and machine learning models to extract structured data. We do not use your proprietary financial data to train base models shared across other tenants without explicit, anonymized opt-in consent.
  • Security & Compliance: Detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities to comply with legal and regulatory obligations.
  • Communication: Send administrative messages, technical notices, security alerts, and billing-related communications.

4. Data Sharing and Disclosure

We treat your corporate and personal data with strict confidentiality. We do not sell your personal information. We may share information under the following circumstances:

  • Infrastructure & Service Providers: Our primary server infrastructure is hosted locally on our own secure servers in Nepal, ensuring data sovereignty and tight access control. We engage trusted third-party vendors strictly for ancillary services, such as payment processing and transactional email delivery. All external providers are bound by rigorous data processing agreements.
  • Legal Requirements: We may disclose information if required to do so by law, court order, or governmental request, or to protect the rights, property, or safety of Billin, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, customer information may be transferred as part of the business assets, subject to continued protection under this Privacy Policy.

5. Data Security

We implement robust technical and organizational measures to safeguard your data. This includes AES-256 encryption for data at rest and TLS 1.3 for data in transit. We maintain strict role-based access controls (RBAC), multi-factor authentication (MFA) protocols for internal administration, and conduct regular third-party penetration testing and vulnerability assessments. However, no internet-based service can be 100% secure, and we advise users to maintain strong password hygiene and secure their internal networks.

6. Data Retention

We retain your Account Data for as long as your account is active or as needed to provide you the Services. Customer Data entered into the ERP (such as financial ledgers and HR records) is retained according to your subscription tier and administrative configurations. Upon account termination, we provide a 30-day grace period for data export, after which your Customer Data is securely and permanently deleted from our primary servers and subsequently from our backups in accordance with our disaster recovery retention schedule.

7. Your Privacy Rights

Depending on your jurisdiction (e.g., GDPR, CCPA, CPRA), you may have the following rights regarding your personal data:

  • Access & Portability: The right to request copies of your personal data in a structured, machine-readable format.
  • Correction: The right to request that we correct inaccurate or incomplete personal information.
  • Deletion (Right to be Forgotten): The right to request the deletion of your personal data, subject to certain legal and regulatory exceptions (e.g., financial record-keeping laws).
  • Restriction of Processing: The right to request the limitation of data processing under certain conditions.

To exercise these rights, please contact our Data Protection Officer at the email provided below. We will respond to your request within the timeframe mandated by applicable law.

8. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, sending an email notification to the primary contact associated with your account. Your continued use of the Services after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.