AUN Bizznes

AUN Bizznes

AUN Bizznes — Legal Privacy-first invoicing

Privacy Policy

AUN Bizznes is a mobile invoice and business-management application. This Privacy Policy explains how AUN Creations (“we,” “our,” or “us”) collects, uses, stores, discloses, and protects information when you use the AUN Bizznes mobile app and related backend services (the “Services”).

Effective date: July 9, 2026
Last updated: July 9, 2026

1. Who We Are

AUN Creations develops and operates AUN Bizznes, a professional GST invoice application for businesses and freelancers. For the purposes of applicable privacy laws, AUN Creations acts as the data controller (or equivalent role) for personal data processed through the Services, except where we process data solely on behalf of infrastructure providers under their own terms.

2. Scope

This Privacy Policy applies to:

  • the AUN Bizznes mobile application (iOS and Android);
  • the AUN Bizznes backend API and related cloud infrastructure;
  • customer support interactions related to the product; and
  • this legal website and other official product communications.

It does not govern third-party websites, app stores, payment processors, or services you access outside AUN Bizznes. Those providers are governed by their own privacy policies.

3. Summary

Key points: AUN Bizznes requires you to sign in to use the Services. Your invoices, clients, and other business records are stored on our secure servers and linked to your account. We use this information to operate, personalize, and improve the product, including analytics and aggregated insights. We may share data with trusted service providers who process it on our behalf under contractual safeguards. We do not sell your identifiable personal or business data to third parties for their independent marketing purposes.

4. Information We Collect

Depending on how you use AUN Bizznes, we may process the following categories of data:

4.1 Information you provide in the app

  • Account information: name, email address, phone number (where enabled), profile photo or avatar selection, preferred language, and authentication method (Google, Apple, email OTP, or phone OTP).
  • Business profile: business name, contact details, address, GSTIN, PAN, bank and UPI details, invoice numbering preferences, and branding assets such as logos and signatures.
  • Clients and invoices: client names and contact details, invoice line items, amounts, tax and GST details, dates, status, notes, and related business records you create in the app.
  • Files and attachments: images and documents you upload (for example business logos, signatures, or invoice attachments), including file metadata such as MIME type and size.
  • Support communications: information you send when contacting us for help.

4.2 Information collected automatically

  • Session and security data: hashed refresh tokens, authentication events, and request metadata needed to secure your account (for example IP-derived rate-limit signals and request identifiers). We do not store plaintext passwords for social sign-in flows.
  • Subscription and trial metadata: plan identifier, entitlement status, trial end date, and subscription expiry information received from our payment platform partner.
  • Operational diagnostics: limited technical logs and error reports used to keep the Services reliable. These logs are structured to avoid unnecessary personal or business content.

4.3 Information we do not intentionally collect

  • Payment card numbers, UPI PINs, or full payment credentials (handled by app stores and payment partners).
  • Contacts from your address book, unless you explicitly choose to use a feature that requires them.
  • Precise location data.
Category Examples When collected
Account Email, name, auth provider ID When you register or sign in
Business data Invoices, clients, GST details When you create or update records while signed in
Files Logo, signature, attachments When you upload branding or invoice files
Subscription Plan status, trial dates When you start a trial or purchase premium
Security logs Request ID, route, status, latency During API use

5. How We Use Information

We use the information described above to:

  • provide core app functionality, including creating, storing, and exporting invoices;
  • authenticate you and maintain secure sessions;
  • store, maintain, and make available your business data on our secure servers;
  • deliver invoices to your clients when you use supported sharing channels (for example email or WhatsApp);
  • personalize and customize your experience, including settings, defaults, templates, and product recommendations;
  • analyze usage and business-data patterns to understand product performance, prioritize improvements, and develop insights;
  • research, test, and develop new features, services, and product capabilities;
  • create aggregated, de-identified, or statistical reports that do not reasonably identify you or your clients;
  • manage trials, subscriptions, and premium entitlements;
  • send transactional messages such as email verification and sign-in codes;
  • detect abuse, enforce rate limits, and protect the Services;
  • monitor reliability, diagnose errors, and improve performance;
  • comply with law and respond to lawful requests; and
  • communicate important product or policy updates.

We do not use your invoice or client data for third-party behavioral advertising or to build advertising profiles for unrelated third-party marketers.

6. Data Storage

AUN Bizznes requires you to sign in to use core features. When you create or update invoices, clients, business profiles, templates, and related records, that information is transmitted to and stored on our secure servers under your account.

Your business data is scoped to your account. We apply access controls so one user cannot access another user’s business records. There is no separate control for you to choose which categories of business data are stored with your account; data you enter through the Services is stored to provide the features you use.

If you delete your account (where available) or request deletion, we process deletion in line with our retention practices and applicable law, including removal of associated business records and uploaded files from our systems, subject to limited legal or security exceptions.

8. How We Share Information

We do not sell, rent, or trade your identifiable personal or business data to third parties for their independent marketing purposes. We may share information in these circumstances:

  • Service providers and partners: trusted processors that help us operate, secure, analyze, personalize, and improve the Services (for example cloud hosting, authentication verification, email delivery, error monitoring, subscription management, analytics, product research, or invoice delivery channels). They may access data only to perform services for us under contractual confidentiality and security obligations.
  • Aggregated or de-identified information: we may use or share insights, statistics, or other information that does not reasonably identify you or your clients for product improvement, reporting, or business planning.
  • When you direct sharing: for example when you send an invoice PDF or message to a client via email or WhatsApp.
  • Legal and safety: when required by law, court order, or to protect rights, safety, and security of users and the Services.
  • Business transfers: in connection with a merger, acquisition, or asset sale, subject to continued protection of your data and notice where required by law.

9. Security

We implement technical and organizational measures appropriate to the nature of the data we process, including:

  • encryption in transit (TLS) for API and web traffic;
  • hashed storage of refresh tokens and one-time codes (OTPs);
  • backend-issued JWT access tokens with short expiry and refresh-token rotation;
  • server-side authorization checks on every protected API request;
  • rate limiting on authentication and sensitive endpoints;
  • structured logging with redaction of secrets, tokens, and unnecessary personal data; and
  • monitoring for unexpected errors and service health.

No method of transmission or storage is completely secure. We encourage you to use device lock, keep your app updated, and protect your account credentials.

10. Data Retention

  • Account and business data: retained on our servers while your account is active and as needed to provide the Services.
  • Session tokens: retained only for the duration required for authentication and rotation policies.
  • Email OTP records: retained only for verification windows and security purposes, then removed or invalidated.
  • Operational logs: retained for a limited period appropriate for security, debugging, and compliance, then deleted or aggregated.

When you request account deletion or when retention is no longer necessary, we delete or irreversibly anonymize relevant data within a reasonable timeframe, except where retention is required by law or for legitimate security and dispute-resolution purposes.

11. International Data Transfers

AUN Creations is based in India. If you use the Services from another country, your data may be transferred to and processed in India or other countries where our service providers operate (for example the United States for certain cloud infrastructure). Where required, we apply appropriate safeguards such as contractual protections consistent with applicable data-protection law.

12. Your Rights and Choices

Depending on your location, you may have rights to:

  • access the personal data we hold about you;
  • correct inaccurate or incomplete data;
  • delete your data or close your account;
  • export or port your data where technically feasible;
  • object to or restrict certain processing;
  • withdraw consent where processing is consent-based; and
  • lodge a complaint with a supervisory authority.
India (DPDP Act 2023): You may exercise rights available under India’s digital personal data protection framework, including access, correction, erasure, and grievance redressal, subject to applicable exceptions.

EEA / UK (GDPR): Where GDPR or UK GDPR applies, you may exercise the rights listed above and contact us for data-protection inquiries.

California (CCPA / CPRA): We do not sell personal information for cross-context behavioral advertising. California residents may request access to or deletion of personal information we hold, subject to legal exceptions.

To exercise your rights, contact us at aun.bizznes@gmail.com. We may need to verify your identity before fulfilling requests.

13. Children’s Privacy

AUN Bizznes is a business application and is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us and we will take steps to delete it promptly.

14. Advertising

AUN Bizznes does not display third-party behavioral advertising in the app and does not sell your data to advertisers. Optional PDF export may include a document watermark for non-premium use; this is a product feature, not personalized advertising.

15. Third-Party Services

The Services may integrate with or rely on the following categories of third parties:

Provider / category Purpose Privacy information
Google Firebase Authentication Verify Google, Apple, and phone sign-in tokens server-side Firebase Privacy
Google / Apple sign-in SDKs Initiate social authentication on device Google Privacy; Apple Privacy
RevenueCat (or equivalent) Subscription and trial entitlement management RevenueCat Privacy
Email delivery (SMTP) Transactional email (verification, sign-in codes) Provider depends on deployment configuration
Meta WhatsApp Cloud API Deliver invoices to clients when you choose WhatsApp sharing WhatsApp Privacy
Sentry Backend error monitoring (no intentional PII or business secrets) Sentry Privacy
Cloud hosting API, database, and file storage infrastructure Provider depends on deployment configuration

We encourage you to review the privacy policies of third-party services you interact with directly.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or product features. When we make material changes, we will update the “Last updated” date at the top of this page and, where required, provide additional notice through the app or other appropriate channels before changes take effect.

17. Contact Us

For privacy questions, rights requests, or complaints, contact:

AUN Creations
Product: AUN Bizznes
Email: aun.bizznes@gmail.com

We aim to respond to verified privacy requests within the timelines required by applicable law.