Data Policy

This Data Policy describes how FlashBooks handles your business and financial data — the invoices, payments, contacts, products, expenses, and reports you create and manage within the platform.

For information about how we handle your personal data (account information, authentication, cookies), please refer to our Privacy Policy.

2.1 Invoice Data

Sale invoices, purchase invoices, credit notes, and debit notes. This includes party details, line items, quantities, rates, amounts, tax breakdowns (CGST, SGST, IGST, Cess), HSN/SAC codes, invoice numbers, and dates.

2.2 Payment Data

Inward and outward payment records, payment methods (cash, bank transfer, cheque, UPI, TDS), amounts, dates, and linked invoice references.

2.3 Contact Data

Customer and vendor records including business names, GSTIN, PAN, addresses, phone numbers, email addresses, bank account details (account numbers, IFSC codes, bank names), and credit terms.

2.4 Product Data

Product and service catalogue entries including names, descriptions, HSN/SAC codes, GST rates, units of measurement, rates, and stock levels.

2.5 Expense Data

Expense records with amounts, categories, dates, descriptions, and associated organisation.

2.6 Report Data

Generated reports including GSTR-1, HSN Summary, sales reports, purchase reports, payment aging, tax summaries, and receivable/payable reports. Reports are derived from the data you enter and are not stored separately.

• Storage: All business data is stored in encrypted databases in Indian data centres. Data is encrypted at rest using AES-256.
• Computation: We process your data to perform calculations (GST amounts, payment outstanding, report aggregations) and to render your invoices, reports, and dashboards.
• PDF Generation: When you export an invoice as PDF, your data is processed server-side to generate the document, which is then delivered to your browser.
• Sharing (at your instruction): When you share an invoice via email or WhatsApp, the invoice data (including party details, amounts, and tax information) is transmitted to the recipient you specify. You control when and with whom your data is shared.
• No AI Training: Your business data is never used to train machine learning models, generate analytics for third parties, or any purpose other than providing the FlashBooks service to you.
• No Selling: We never sell, rent, licence, or trade your business data to any third party.

You retain full ownership of all business data you enter into FlashBooks. We process your data solely to provide the service. You can export your data at any time in standard formats (JSON, CSV) through Settings > Data & Privacy. You can delete your organisation and all associated data at any time.

• Active Data: Retained for as long as your account and organisation are active.
• Deleted Organisation Data: Permanently and irreversibly deleted upon your request through Settings > Data & Privacy.
• Financial Records Caveat: Under GST regulations (Section 35 of the CGST Act, 2017), businesses must maintain records for a minimum of seventy-two (72) months from the due date of filing the annual return. While FlashBooks allows you to delete your data at any time, we recommend you export and retain copies for your compliance obligations before deletion.
• Technical Logs: Server access logs and error logs are retained for up to ninety (90) days for security and debugging purposes, then permanently deleted.
• Backups: Encrypted backups are maintained for disaster recovery. Backup copies are purged within thirty (30) days of data deletion from the primary system.

FlashBooks supports data export through Settings > Data & Privacy. You can export:

• Invoices and financial documents
• Contact records
• Product catalogue
• Payment records
• Expense records

Available formats include JSON and CSV, allowing you to import your data into other accounting software or maintain offline records.

You can delete your data at two levels:

• Organisation deletion: Permanently removes all invoices, contacts, products, payments, expenses, and reports for that organisation.
• Account deletion: Permanently removes your user profile and all associated organisations.

Both actions are irreversible. Deleted data cannot be recovered. We recommend exporting your data before deletion.

FlashBooks uses the following categories of third-party services to process your data:

• Cloud Infrastructure: Indian data centre providers for hosting and database services.
• Email Delivery: For sending invoices, payment reminders, and OTP codes.
• SMS Services: For mobile OTP verification.

All third-party processors are contractually bound to protect your data, use it only for the specified purpose, and comply with applicable Indian data protection laws. We do not share your business data with any processor that is not essential for service delivery.

This Data Policy should be read in conjunction with our Privacy Policy (personal data handling) and Terms of Service (service usage conditions). In case of any conflict between these documents regarding data handling, the most protective provision for your data shall apply.

For questions about how your business data is handled, contact us at support@flashbooks.in.