Last updated: June 2025
We collect your name, email address, CA firm name, phone number, and GST-related data you upload for reconciliation. We do not collect financial account details or passwords.
All GSTR-2B, GSTR-2A, and Purchase Register files are processed entirely inside your browser. No GST invoice data is ever uploaded to our servers. Your financial data never leaves your device.
We store your subscription details, client names and GSTINs (not invoice data), monthly reconciliation status summaries, and account information in our secure database hosted on Supabase (hosted in the EU).
We use Google OAuth for authentication. We receive your name and email address from Google. We do not receive or store your Google password.
We do not sell, rent, or share your personal data with any third parties for marketing purposes. Data may be shared only as required by Indian law or court order.
GSTAgent is designed to comply with the Digital Personal Data Protection Act 2023. You have the right to access, correct, and request deletion of your personal data.
We retain your account data for the duration of your subscription and up to 12 months after cancellation, unless you request earlier deletion.
For any privacy concerns, email us at privacy@gstagent.com. We will respond within 72 hours.
Under the Digital Personal Data Protection Act 2023 you have the right to: (1) Access your personal data. (2) Correct inaccurate data. (3) Request erasure. (4) Withdraw consent at any time. Email privacy@gstagent.com with subject "Data Rights Request". We will respond within 30 days.
Email privacy@gstagent.com with subject "Delete My Data" to request removal of your personal data (name, email, phone, firm). We will process within 7 working days and confirm. GST invoice data is processed on your device only and is never stored on our servers.
We use only functional cookies required for login (Supabase session). No advertising, tracking, or analytics cookies. No third-party cookies. Clear browser cookies at any time to log out.
Lead enquiry data: 24 months. Reconciliation results: 36 months. Subscription records: 7 years (Indian financial regulations). All data deleted on request.