Privacy Policy

Last updated: April 2025 · Applies to waybillgo.in and the WaybillGo WhatsApp bot

1. Who We Are

WaybillGo (“we”, “us”, “our”) operates the waybillgo.in platform and WhatsApp bot for e-Way Bill generation. This Privacy Policy explains how we collect, use, store, and protect your personal and business data.

2. Data We Collect

  • Account data: Mobile number, business trade name, GSTIN(s).
  • GSP credentials: Your GSP sub-user username and password are encrypted and stored in Google Secret Manager — never in plain text in our database.
  • Invoice data: Images and extracted fields (supplier GSTIN, recipient GSTIN, HSN codes, invoice number, values) processed by AI for EWB generation.
  • Transaction data: EWB numbers, vehicle numbers, generated PDFs, and audit logs of all API calls made on your behalf.
  • Payment data: Razorpay subscription IDs. We do not store card numbers or UPI credentials.
  • Usage data: Session logs, message timestamps, and error logs for debugging and service improvement.

3. How We Use Your Data

  • To authenticate with the NIC EWB API via your GSP on your behalf.
  • To generate, store, and deliver e-Way Bill PDFs.
  • To send OTP verification messages via WhatsApp.
  • To process subscription payments via Razorpay.
  • To detect fraud, abuse, or API misuse.
  • To improve AI extraction accuracy using anonymised invoice data.

4. Third-Party Services

We share minimal required data with these third-party providers:

  • Google Vertex AI (Gemini): Invoice images are sent to Gemini Vision for field extraction. Images are not retained by Google for model training under our enterprise agreement.
  • TaxPro GSP: Your GSTIN and encrypted GSP credentials are used to authenticate and submit EWB API requests.
  • Twilio / Meta WhatsApp Business API: Used to send and receive WhatsApp messages. Twilio's data processing agreement applies.
  • Razorpay: Handles all payment processing. Subject to Razorpay's Privacy Policy.
  • Google Cloud Platform: All infrastructure (Cloud Run, Cloud SQL, Cloud Storage, Firestore) is hosted in asia-south1 (Mumbai) to ensure data residency within India.

5. Data Retention

  • EWB records: Retained permanently as required for GST audit trails.
  • Portal-sync data: Soft-deleted after 90 days post validity end.
  • Invoice images: Deleted from processing queue after EWB generation is complete.
  • Session logs: Retained for 30 days for debugging, then purged.
  • Account data: Retained while your account is active. Deleted within 30 days of account closure on request.

6. Data Security

GSP credentials are AES-256 encrypted before storage. All API communications use TLS 1.2+. Access to production infrastructure is restricted by IAM roles. We conduct periodic security reviews.

7. Your Rights

Under applicable Indian data protection law and GDPR (where applicable), you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your account and associated data.
  • Port your EWB records in a machine-readable format.

To exercise these rights, email support@waybillgo.in.

8. Cookies

We use only essential session cookies for authentication (NextAuth.js). No third-party tracking cookies are set unless you opt in to analytics. Google Analytics (GA4) may be enabled with your consent for product improvement.

9. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification. Continued use of the Service after the effective date constitutes acceptance.

10. Contact

For privacy-related queries, contact our Data Officer at support@waybillgo.in.