← Back to Home

Privacy Policy

Last Updated: February 19, 2026

This Privacy Policy describes how GSTR-1 Filing Tool ("we", "our", or "us") collects, uses, stores, and protects your personal and business information when you use our GSTR-1 computation service. We are committed to protecting your privacy and ensuring the security of your sensitive business data.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name and email address
  • GSTIN (Goods and Services Tax Identification Number)
  • Business name and contact details
  • Authentication credentials (encrypted passwords)

1.2 Business and Transaction Data

When you use our service, we process:

  • Sales reports from Amazon, Flipkart, and Meesho platforms
  • Transaction records (invoice numbers, dates, amounts, tax details)
  • Customer state information for tax computation
  • Product HSN codes and taxable values
  • TCS (Tax Collected at Source) calculations
  • Generated GSTR-1 reports and computation history

1.3 Technical Information

We automatically collect:

  • IP address and browser type
  • Device information and operating system
  • Session cookies for authentication
  • Usage analytics and error logs
  • File upload timestamps and processing metrics

2. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: Process sales data and generate accurate GSTR-1 reports
  • Account Management: Create, maintain, and secure your user account
  • Computation Accuracy: Calculate TCS, segregate B2B/B2CL/B2CS transactions, and apply GST rules
  • Report Generation: Create Excel and JSON files for GST filing
  • Data Validation: Verify file formats and data integrity before processing
  • Service Improvement: Analyze usage patterns to enhance functionality and user experience
  • Security: Detect and prevent fraudulent activities and unauthorized access
  • Communication: Send service-related notifications, updates, and support responses
  • Legal Compliance: Comply with Indian tax laws, GST regulations, and legal obligations

3. Data Storage and Security

3.1 Storage Infrastructure

  • Data stored using Supabase (industry-standard cloud database)
  • Servers located in secure, certified data centers
  • Database encrypted at rest using AES-256 encryption
  • Regular automated backups with encryption

3.2 Security Measures

  • Encryption: All data transmitted using TLS/SSL encryption (HTTPS)
  • Authentication: Secure password hashing using bcrypt algorithm
  • Access Control: Role-based access with service-level keys
  • API Security: API keys and authentication tokens for protected endpoints
  • Data Isolation: Each user's data is isolated and accessible only to authorized accounts
  • Regular Audits: Periodic security assessments and vulnerability scanning

3.3 Data Retention

We retain your data for as long as your account is active. Upload history and generated reports are stored to provide historical access. You can request deletion of specific reports or your entire account data at any time.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal or business data. We may share information only in the following circumstances:

  • Service Providers: Third-party services (Supabase, hosting providers) under strict confidentiality agreements
  • Legal Requirements: When required by Indian law, court order, or government authority
  • Business Transfer: In case of merger, acquisition, or sale of assets (with notice to users)
  • Consent: With your explicit permission for specific purposes

Important: We never share your GSTIN, business data, or transaction details with e-commerce platforms or third parties for marketing purposes.

5. Your Rights and Choices

You have the following rights regarding your data:

  • Access: View and download all your stored data and reports
  • Correction: Update or correct your account information and GSTIN
  • Deletion: Request deletion of specific reports or your entire account
  • Data Portability: Download your data in Excel/JSON format
  • Opt-Out: Unsubscribe from non-essential communications
  • Access Restriction: Request temporary account suspension

To exercise these rights, contact us at the details provided below. We will respond within 30 days of receiving your request.

6. Cookies and Tracking Technologies

We use the following cookies and tracking technologies:

  • Essential Cookies: Required for authentication and session management
  • Authentication Tokens: Secure tokens to maintain your login session
  • Analytics: Basic usage statistics to improve service (no personally identifiable information)

You can control cookies through your browser settings, but disabling essential cookies may affect service functionality.

7. Third-Party Services

Our service uses the following third-party providers:

  • Supabase: Database and authentication (Privacy Policy: supabase.com/privacy)
  • Vercel: Hosting and deployment (Privacy Policy: vercel.com/legal/privacy-policy)

These providers have their own privacy policies. We recommend reviewing them to understand how they handle your data.

8. Data Processing for GST Filing

Important Notes:

  • We process data solely for GSTR-1 computation as per Section 37 of the CGST Act, 2017
  • Generated reports are your property and responsibility for filing with GST portal
  • We do not file returns on your behalf or interact with the GST portal
  • You retain full control and ownership of your business data
  • We are not tax consultants; users are responsible for accuracy verification

9. Children's Privacy

Our service is intended for businesses and individuals registered under GST (typically 18+ years). We do not knowingly collect information from individuals under 18. If we become aware of such data collection, we will delete it promptly.

10. International Users

This service is designed for businesses registered under Indian GST. If you access our service from outside India, your data may be transferred to, stored, and processed in India. By using our service, you consent to this transfer and agree to comply with Indian data protection laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be notified via email or prominent notice on our website at least 30 days before taking effect. Continued use of the service after changes indicates acceptance of the updated policy.

12. Data Breach Notification

In the unlikely event of a data breach affecting your personal or business information, we will notify you within 72 hours via email and provide details about the breach, affected data, and remedial actions. We maintain incident response procedures to minimize impact and prevent future occurrences.

13. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

GSTR-1 Filing Tool

Ritu Raj Singh

Email: support@gstr1-filing.com

Response Time: Within 48 hours for privacy requests

14. Legal Compliance

This Privacy Policy complies with:

  • Information Technology Act, 2000
  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
  • Goods and Services Tax Act, 2017
  • Digital Personal Data Protection Act, 2023 (when applicable)

By using our service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Return to Home