Legal

Privacy Policy

Effective date: April 20, 2026Last updated: April 20, 2026
Terms of ServiceSupportHelp

Use the table of contents to jump to a section. For product questions, see Help first.

  • Anchored sections
  • Print-friendly layout
  • India (QalbIT Infotech)

PocketGST Privacy Policy

Effective Date: April 20, 2026 Last Updated: April 20, 2026

1. Introduction

Welcome to PocketGST, a mobile application for GST calculation and invoice management ("App" or "Service"). This Privacy Policy explains how QalbIT Infotech Private Limited ("QalbIT," "we," "us," or "our") collects, uses, stores, shares, and protects your personal information when you use PocketGST.

QalbIT Infotech Private Limited is a company incorporated under the Companies Act, 2013, with its registered office at:

C-109, Siddhi Vinayak Towers, Near Kataria Arcade, Opp. S.G. Highway, Makarba, Ahmedabad, Gujarat, India 380051

GST Number: 24AAACQ8356Q1ZS CIN: U72900GJ2022PTC132898

By using PocketGST, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the App.

2. Information We Collect

The information we collect depends on whether you use the Free tier (offline-only) or Pro tier (with optional Google Drive backup).

2.1 Information You Provide Directly

Free Tier Users:

  • No account creation required: You can use PocketGST Free tier without creating an account or providing any personal information.
  • Business data you create: Invoices, GST calculations, customer records, business profile information, and notes you enter into the App. This data is stored locally on your device only and is not transmitted to QalbIT's servers.

Pro Tier Users:

  • Google Account information: When you authenticate for Google Drive backup, we receive your Google account email address for authentication purposes only.
  • Payment information: We do not collect or store your payment details (credit card, debit card, UPI, bank account). All payments are processed by Google Play Billing or Apple App Store. We receive only transaction receipts and subscription status information.
  • Business data you create: Same as Free tier, but with the option to back up to your own Google Drive.

2.2 Information Collected Automatically

Device Information:

  • Device model and manufacturer
  • Operating system type and version (Android/iOS)
  • App version number
  • Unique device identifiers (Android ID, IDFA - used for crash reporting and analytics only if you opt-in)
  • Screen resolution and device language settings

Usage Information (Only if you opt-in to analytics):

  • Features you use within the App
  • Frequency and duration of App usage
  • Crash logs and error reports
  • Performance metrics (app load time, calculation speed)

Important: Usage analytics are opt-in only. By default, we do NOT collect usage data. You can enable or disable analytics at any time in the App's Settings.

2.3 Information We Do NOT Collect

We do NOT collect:

  • Your exact location (GPS coordinates)
  • Contacts from your phone
  • Photos or media files (except invoice templates you explicitly select)
  • SMS or call logs
  • Biometric data
  • Your invoices, calculations, or business data (unless you use Pro tier Google Drive backup, which stores data in YOUR Google Drive, not ours)

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide and Maintain the Service

  • Enable GST calculations and invoice generation
  • Store your business data locally on your device (Free tier)
  • Facilitate Google Drive backup and sync (Pro tier, user-controlled)
  • Process subscription payments through Google Play/Apple App Store
  • Verify your Pro tier subscription status

3.2 To Improve the Service (Opt-In Only)

  • Analyze app usage patterns to identify and fix bugs
  • Improve app performance and user experience
  • Develop new features based on user behavior
  • Generate crash reports to fix technical issues

3.3 To Communicate With You

  • Send important service announcements (e.g., Terms updates, scheduled maintenance)
  • Respond to your support requests
  • Send subscription renewal reminders (Pro users)
  • Notify you about new features or updates (you can opt-out)

3.4 To Comply With Legal Obligations

  • Comply with Indian laws, including GST Act, Income Tax Act, and Digital Personal Data Protection Act, 2023
  • Respond to legal requests from government authorities or courts
  • Prevent fraud, abuse, or violations of our Terms of Service
  • Maintain transaction records for tax and accounting purposes

4. How We Store and Protect Your Data

4.1 Data Storage Architecture

Free Tier (Offline-Only Model):

  • All data is stored locally on your device using SQLite database with AES-256 encryption (optional encryption enabled in Settings)
  • Your invoices, calculations, customer records, and business profile are stored in the App's private storage directory
  • QalbIT does not have access to your data
  • No data is transmitted to QalbIT's servers
  • Data remains on your device until you manually delete it or uninstall the App

Pro Tier (User-Controlled Google Drive Backup):

  • Data is stored in YOUR Google Drive account, not QalbIT's servers
  • When you enable cloud backup, the App encrypts your data and uploads it to a dedicated folder in your Google Drive
  • Encryption is performed on your device before upload (AES-256 encryption)
  • QalbIT does not have access to your Google Drive data
  • You control backup, sync, and deletion of data in your Google Drive
  • Data stored in Google Drive is subject to Google's security practices and Privacy Policy

Important: QalbIT does not operate cloud servers to store your business data. We use an offline-first architecture for Free tier, and user-controlled Google Drive storage for Pro tier.

4.2 Data Security Measures

We implement industry-standard security measures to protect your information:

Technical Safeguards:

  • AES-256 encryption for local data storage (optional, user-enabled)
  • TLS/SSL encryption for data transmission (when connecting to Google Drive or Play Store)
  • Secure authentication via Google OAuth 2.0 (Pro tier)
  • Regular security updates and patches
  • Code obfuscation to prevent reverse engineering

Administrative Safeguards:

  • Limited employee access to any user data (only authorized support staff, only when necessary for support requests)
  • Regular security training for employees
  • Data handling policies and procedures
  • Third-party security audits (when applicable)

Physical Safeguards:

  • Your device security (screen lock, biometric authentication) protects locally stored data
  • Your Google account security (2FA, strong password) protects Google Drive backups

4.3 Data Security Limitations

No system is 100% secure. You acknowledge that:

  • Data stored on your device is subject to your device's security (if your device is compromised, data may be accessed)
  • Data stored in your Google Drive is subject to Google's security practices and your Google account security
  • If you share your device or Google account credentials, others may access your data
  • QalbIT cannot guarantee absolute security and is not liable for unauthorized access due to factors beyond our control

Your Responsibility:

  • Use a strong screen lock (PIN, password, biometric) on your device
  • Enable Google 2-Factor Authentication for your Google account (Pro tier)
  • Do not share your device or Google account credentials
  • Regularly update your device OS and the PocketGST App
  • Report any suspected security issues to support@pocketgst.com immediately

5. Data Sharing and Disclosure

5.1 We Do NOT Sell Your Data

QalbIT does not sell, rent, or trade your personal information or business data to third parties for marketing purposes. Your invoices, calculations, and customer records are private and are never shared with advertisers or data brokers.

5.2 When We Share Information

We may share limited information in the following circumstances:

With Service Providers:

  • Google Play / Apple App Store: For payment processing and subscription management. They receive transaction details but not your business data.
  • Google Drive: When you enable cloud backup (Pro tier), your encrypted data is stored in your Google Drive account. Google's Privacy Policy applies to this data.
  • Crash Reporting Services: If you opt-in to analytics, anonymized crash logs may be sent to Firebase Crashlytics or similar services to help us fix bugs.

With Your Consent:

  • If you explicitly authorize us to share information (e.g., when contacting support, you may share invoice samples for troubleshooting)

For Legal Compliance:

  • To comply with applicable laws, regulations, or legal processes (court orders, government requests)
  • To detect, prevent, or address fraud, security issues, or violations of our Terms
  • To protect the rights, property, or safety of QalbIT, our users, or the public
  • In connection with a merger, acquisition, or sale of assets (users will be notified)

Important: When sharing data for legal compliance, we will:

  • Verify the legitimacy of the request
  • Share only the minimum information necessary
  • Notify you if permitted by law (unless notification would compromise an investigation)

5.3 Third-Party Services We Use

PocketGST integrates with the following third-party services:

ServicePurposeData SharedPrivacy Policy
Google Play BillingPayment processingTransaction details, subscription statushttps://policies.google.com/privacy
Apple App StorePayment processing (iOS)Transaction details, subscription statushttps://www.apple.com/legal/privacy/
Google Drive APICloud backup (Pro, opt-in)Encrypted business data (in YOUR Google Drive)https://policies.google.com/privacy
Google OAuth 2.0Authentication (Pro)Google account emailhttps://policies.google.com/privacy
Firebase CrashlyticsCrash reporting (opt-in)Anonymized crash logs, device infohttps://firebase.google.com/support/privacy

We do not control third-party services. Their privacy practices are governed by their own privacy policies. We recommend reviewing them.

6. Your Rights and Choices

Under the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable laws, you have the following rights regarding your personal data:

6.1 Right to Access

You have the right to request a copy of the personal information we hold about you. To request access:

  • Email us at support@pocketgst.com with subject "Data Access Request"
  • Provide your registered email address (if Pro user) or device details (if Free user)
  • We will respond within 30 days with a copy of your data (if any)

Note: Since Free tier data is stored locally on your device only, you already have full access to it within the App.

6.2 Right to Rectification

If your personal information is inaccurate or incomplete, you have the right to correct it:

  • Free Tier: Edit your business profile, customer records, or invoices directly in the App
  • Pro Tier: Edit information in the App; changes will sync to your Google Drive backup

6.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data:

  • Free Tier: Uninstall the App or use in-app data deletion options. All local data will be deleted.
  • Pro Tier:
    • Cancel your subscription
    • Revoke PocketGST's access to Google Drive in your Google Account settings
    • Manually delete the PocketGST backup folder from your Google Drive
    • Email us at support@pocketgst.com to request deletion of transaction records (we will retain only what's legally required)

6.4 Right to Data Portability

You have the right to receive your data in a structured, commonly used format:

  • Free Tier: Export your data as CSV/Excel (Pro feature required) or manually screenshot/save invoices as PDF
  • Pro Tier: Your Google Drive backups are already in a portable format. You can download your PocketGST backup folder from Google Drive at any time.

6.5 Right to Restrict or Object to Processing

You can restrict how we process your data:

  • Opt-out of analytics: Disable "Share usage data" in Settings (disabled by default)
  • Opt-out of marketing emails: Unsubscribe using the link in emails (support and transactional emails cannot be opted out)
  • Disable Google Drive backup: Revoke access in Settings or Google Account settings

6.6 Right to Withdraw Consent

If we process your data based on consent (e.g., analytics, Google Drive access), you can withdraw consent at any time:

  • Disable analytics in Settings
  • Revoke Google Drive access in Settings or Google Account settings
  • Withdrawing consent does not affect the lawfulness of processing before withdrawal

6.7 Right to Lodge a Complaint

If you believe we have violated your privacy rights, you have the right to lodge a complaint with:

  • Data Protection Board of India (when established under DPDP Act)
  • Consumer Forums under the Consumer Protection Act, 2019
  • Email us first: support@pocketgst.com – we will work to resolve your concerns

7. Data Retention

7.1 How Long We Keep Your Data

Free Tier:

  • Business data (invoices, calculations, customers): Stored on your device indefinitely until you manually delete it or uninstall the App
  • No automatic deletion: We do not delete your data (because it's on your device, not our servers)

Pro Tier:

  • Google Drive backups: Stored in your Google Drive indefinitely until you delete them
  • Transaction records: We retain subscription purchase receipts and transaction logs for 7 years as required by Indian Income Tax Act and GST Act
  • Account email: Retained as long as your subscription is active, plus 90 days after cancellation

Analytics Data (Opt-In Only):

  • Anonymized usage data and crash logs are retained for 12 months, then automatically deleted

7.2 Deletion After Subscription Cancellation (Pro Users)

When you cancel your Pro subscription:

  • You retain Pro access until the end of the current paid period
  • Your Google Drive backups remain in your Google Drive (we do not delete them)
  • Your transaction records are retained for 7 years (legal requirement)
  • Your Google account email is retained for 90 days (for support purposes), then deleted

7.3 Deletion After App Uninstall

When you uninstall PocketGST:

  • Local data: All data stored on your device is deleted by the OS
  • Google Drive backups (Pro users): Remain in your Google Drive until you manually delete them
  • QalbIT's records: Transaction records are retained for 7 years (legal requirement)

7.4 Legal Retention Requirements

We may retain certain data longer if:

  • Required by Indian tax laws (Income Tax Act, GST Act) – typically 7 years
  • Required by a court order, legal proceeding, or government investigation
  • Necessary to enforce our Terms of Service or protect our legal rights

8. Children's Privacy

PocketGST is not intended for use by children under the age of 18. We do not knowingly collect personal information from children.

If you are under 18, you may only use PocketGST under the supervision of a parent or legal guardian who agrees to these Terms and this Privacy Policy.

If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information as soon as possible. If you believe a child has provided us with personal information, please contact us at support@pocketgst.com.

9. International Data Transfers

PocketGST is designed for users in India. Your data is stored:

  • Free Tier: Locally on your device (no data transfer)
  • Pro Tier: In your Google Drive account (Google's data centers may be located in India or other countries)

Cross-Border Data Transfers: If you are located outside India and use PocketGST, your data may be transferred to and processed in India. By using the App, you consent to such transfers.

Google Drive may store data in data centers located in various countries. Google complies with applicable data protection laws. For details, see Google's Privacy Policy.

10. Changes to This Privacy Policy

10.1 Right to Modify

QalbIT reserves the right to modify this Privacy Policy at any time. When we make changes, we will:

  • Update the "Last Updated" date at the top of this document
  • Post the revised Privacy Policy in the App and on our website at https://pocketgst.com/privacy
  • Notify you via in-app notification or email (if you have provided an email)

10.2 Acceptance of Changes

Material changes (e.g., changes to data collection practices, sharing policies) will take effect 14 days after notice. By continuing to use PocketGST after the notice period, you accept the revised Privacy Policy.

Non-material changes (e.g., clarifications, formatting, contact information updates) take effect immediately upon posting.

If you do not agree to the revised Privacy Policy, you must stop using the App and delete your data.

10.3 Version History

Previous versions of this Privacy Policy are available upon request at support@pocketgst.com.

11. Third-Party Links and Services

PocketGST may contain links to third-party websites, services, or resources (e.g., GST portal, Google Drive, payment gateways). This Privacy Policy does not apply to third-party services.

We are not responsible for:

  • The privacy practices of third-party services
  • Data collection by third-party websites you visit through links in the App
  • Security breaches or data loss at third-party services

We recommend:

  • Reviewing the privacy policies of any third-party services you use
  • Understanding how Google Drive handles your data (see Google's Privacy Policy)
  • Using strong security practices for your Google account

12. California Privacy Rights (CCPA) - If Applicable

Although PocketGST is designed for users in India, if you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request details about the personal information we collect, use, and disclose
  • Right to Delete: Request deletion of your personal information (subject to legal exceptions)
  • Right to Opt-Out: Opt-out of the "sale" of personal information (Note: We do NOT sell personal information)
  • Right to Non-Discrimination: You will not be discriminated against for exercising your CCPA rights

To exercise these rights, contact us at support@pocketgst.com with subject "CCPA Request".

13. European Privacy Rights (GDPR) - If Applicable

Although PocketGST is designed for users in India, if you are a resident of the European Economic Area (EEA), you may have additional rights under the General Data Protection Regulation (GDPR):

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we process your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing of your personal data
  • Right to Withdraw Consent: Withdraw consent for data processing

To exercise these rights, contact us at support@pocketgst.com with subject "GDPR Request".

Legal Basis for Processing:

  • Contract Performance: To provide PocketGST services (Terms of Service)
  • Legitimate Interests: To improve the App and prevent fraud
  • Consent: For optional features like analytics and Google Drive backup
  • Legal Obligation: To comply with Indian laws

14. Security Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

  • Investigate the breach immediately
  • Take steps to contain and remediate the breach
  • Notify affected users within 72 hours of becoming aware of the breach (as required by DPDP Act)
  • Notify relevant authorities (Data Protection Board of India, Cyber Crime Cell) if required by law
  • Provide information about the breach, data affected, and steps you can take to protect yourself

Your Actions: If you suspect a security breach:

  • Change your Google account password immediately (Pro users)
  • Enable 2-Factor Authentication on your Google account
  • Review your Google Drive permissions and revoke suspicious apps
  • Contact us at support@pocketgst.com with details

15. Cookies and Tracking Technologies

PocketGST does not use cookies because it is a native mobile app, not a website.

Analytics and Tracking (Opt-In Only): If you opt-in to "Share usage data" in Settings, we use Firebase Analytics to collect:

  • App usage patterns (anonymized)
  • Crash reports and error logs
  • Device information (model, OS version)

You can disable analytics at any time in Settings > Privacy > Share usage data (toggle OFF).

Third-Party Tracking: Google Play Services and Apple App Store may use their own tracking technologies for payment processing and app distribution. We do not control their tracking practices.

16. Do Not Track (DNT) Signals

PocketGST does not respond to "Do Not Track" (DNT) browser signals because:

  • It is a mobile app, not a website
  • Analytics are opt-in by default (disabled unless you enable them)
  • We do not track users across apps or websites

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

QalbIT Infotech Private Limited

Privacy Officer / Data Protection Officer: Email: support@pocketgst.com Subject Line: "Privacy Policy Inquiry"

Registered Office: C-109, Siddhi Vinayak Towers, Near Kataria Arcade, Opp. S.G. Highway, Makarba, Ahmedabad, Gujarat, India 380051

App Support: https://pocketgst.com/support Website: https://qalbit.com

GST Number: 24AAACQ8356Q1ZS CIN: U72900GJ2022PTC132898

Response Time: We will respond to your inquiries within 30 days (or sooner when possible).

18. Consent and Acknowledgment

BY USING POCKETGST, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THIS PRIVACY POLICY.

You specifically acknowledge and consent to:

  • The collection and use of information as described in this Privacy Policy
  • Storage of your business data locally on your device (Free tier) or in your Google Drive (Pro tier)
  • Processing of transaction data by Google Play Billing or Apple App Store for payment purposes
  • Optional sharing of usage data if you opt-in to analytics
  • Data retention as described in Section 7
  • Cross-border data transfers if you use the App outside India

IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, PLEASE DO NOT USE POCKETGST.

End of Privacy Policy

Document Control

VersionDateChanges
1.0April 20, 2026Initial publication

Compliance Statement:

This Privacy Policy is designed to comply with:

  • Digital Personal Data Protection Act, 2023 (DPDP Act) - India
  • Information Technology Act, 2000 - India
  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 - India
  • General Data Protection Regulation (GDPR) - European Union (if applicable)
  • California Consumer Privacy Act (CCPA) - United States (if applicable)

Legal Review Recommended: While this Privacy Policy is comprehensive, we recommend having it reviewed by a privacy lawyer licensed in India to ensure full compliance with evolving regulations and specific business circumstances.

Related

These documents work together with how you use PocketGST on Google Play.

Terms of ServiceDownloadSupport