Legal

Privacy Policy

Last updated: 1 April 2026

1. Introduction

Welcome to Credwik ("we", "our", or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at credwik.com and our mobile applications (collectively, the "Service").

Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

2. Information We Collect

Information you provide directly

  • Account information: Name, email address, phone number, and business name when you register.
  • Business data: Invoices, customer and vendor details, inventory records, and transaction data that you enter into Credwik.
  • GST information: Your GSTIN and related tax data required for GST compliance features.
  • Communications: Messages you send us via contact forms, email, or support channels.

Information collected automatically

  • Usage data: Pages visited, features used, time spent, and actions taken within the Service.
  • Device data: Device type, operating system, browser type, and IP address.
  • Cookies and similar technologies: Session cookies for authentication; analytics cookies to understand how the Service is used. You can disable cookies in your browser, but some features may not function correctly.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process your transactions and invoices
  • Enable GST filing and compliance features
  • Send you transactional notifications (invoice confirmations, sync alerts)
  • Respond to your support requests
  • Improve and develop new features based on usage patterns
  • Detect and prevent fraud, abuse, or security incidents
  • Comply with applicable laws and regulations

We do not sell your personal data to third parties. We do not use your business data for advertising purposes.

4. How We Share Your Information

We share your information only in the following circumstances:

  • Service providers: We use trusted third-party providers (cloud hosting, payment processors, analytics) who are contractually bound to protect your data and may not use it for their own purposes.
  • CA/Accountant access: If you grant CA read-only access, that user can view your data as configured by you. You control and can revoke this access at any time.
  • Legal requirements: If required by law, court order, or governmental authority, we may disclose information as necessary.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is subject to a different privacy policy.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Business and financial data is retained for a minimum of 7 years to comply with accounting and tax law requirements, unless you request deletion and legal obligations permit it.

You may request deletion of your account and personal data at any time by contacting us. Note that some data may need to be retained for legal compliance even after account deletion.

6. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • TLS/HTTPS encryption for all data in transit
  • AES-256 encryption for data at rest
  • Role-based access controls for our internal team
  • Regular security audits and penetration testing
  • Daily encrypted backups

No method of transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to certain processing activities.

To exercise any of these rights, please contact us using the form on our Contact page.

8. Children's Privacy

Credwik is a business tool intended for adults (18 years and older). We do not knowingly collect personal information from anyone under 18. If we discover we have collected data from a minor, we will promptly delete it.

9. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice in the app or sending you an email at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please reach out to us via our Contact page. We will respond within 5 business days.