Privacy Policy
Last updated: 6 May 2026
Aaroora Software Pvt. Ltd. ("Aaroora", "we", "us") operates the website aaroora.com and the billing application at books.aaroora.com. This policy explains what data we collect, why we collect it, and your rights over it. It applies to all users in India and elsewhere.
1. Data we collect
Account data
When you sign up we collect your name, email address, mobile number, and business details (business name, GSTIN, address, PAN). This is necessary to provide the service.
Invoice and transaction data
Invoice data you create — customer names, GST numbers, line items, amounts — is stored on our servers to deliver the core product. This data belongs to you.
Usage data
We collect logs of actions you take within the app (pages visited, features used, errors) to improve the product and diagnose issues. This data is not sold.
Payment data
Subscription payments are processed by Razorpay. We store only the transaction ID and plan details — we never see or store your full card or bank account details.
Device and browser data
We collect standard server logs: IP address, browser type, operating system, and referring URL. This is used for security monitoring and aggregate analytics only.
2. How we use your data
- To provide, maintain, and improve the Aaroora service
- To send transactional emails (invoices, receipts, password resets)
- To send product updates and billing notifications — you can opt out at any time
- To respond to support requests
- To comply with applicable law, including GST regulations
We do not sell, rent, or share your personal data with third parties for marketing purposes.
3. Data storage and security
Your data is stored on servers located in India (AWS Mumbai region). We use AES-256 encryption at rest and TLS 1.2+ in transit. Access to production data is restricted to authorised engineers and logged.
No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you within 72 hours as required under the Digital Personal Data Protection Act, 2023.
4. Data retention
We retain your account and invoice data for as long as your account is active, plus 7 years after closure (as required for GST compliance under the GST Act). You may request deletion of non-statutory data at any time.
5. Your rights (DPDP Act 2023)
Under India's Digital Personal Data Protection Act, 2023, you have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — ask us to correct inaccurate data
- Erasure — ask us to delete your data (subject to statutory retention requirements)
- Grievance redressal — lodge a complaint with our Data Protection Officer
To exercise any of these rights, email hello@aaroora.com. We will respond within 30 days.
6. Cookies
We use essential cookies to keep you logged in and remember your preferences. We use analytics cookies (first-party only) to understand how the product is used. We do not use third-party advertising cookies.
7. Third-party services
We use the following sub-processors:
- AWS (Amazon Web Services) — cloud infrastructure, India region
- Razorpay — payment processing
- MSG91 / Twilio — transactional SMS and WhatsApp delivery
- Google Fonts — typeface delivery (no tracking)
Each of these services has their own privacy policy. We share only the minimum data necessary for them to perform their function.
8. Children's privacy
Aaroora is a business tool intended for users 18 years and older. We do not knowingly collect data from minors.
9. Changes to this policy
We may update this policy from time to time. If we make material changes, we will notify you by email or an in-app notice at least 14 days before the change takes effect.
10. Contact
For any privacy questions or to exercise your rights, contact our Data Protection Officer:
Aaroora Software Pvt. Ltd.
Email: hello@aaroora.com
Address: Bengaluru, Karnataka, India