This Privacy Policy describes how TheWealthBuddy (“TheWealthBuddy”, “we”, “us”, “our”) collects, uses, processes, shares and safeguards information about you when you visit thewealthbuddy.org, register for our webinars, use the BillBuddy application, contact us, or otherwise engage with our services.
1. Who we are
TheWealthBuddy is a brand operated from the registered office of Megha Bhansali Classes, Jaipur, India. We provide AI-assisted accounting and finance tools (most notably BillBuddy), educational webinars, and related services for accountants, finance professionals, students and small businesses.
For the purposes of the DPDP Act, 2023 we act as a Data Fiduciary in respect of personal data we collect directly from you, and as a Data Processor when we process information on behalf of our business customers.
Registered office:
TheWealthBuddy
c/o Megha Bhansali Classes,
Shanti Nagar, Mahaveer Nagar, Durgapura,
Jaipur, Rajasthan 302018, India
Email: contact@thewealthbuddy.org
Phone / WhatsApp: +91 97994 20844
2. Your consent & this policy as a contract
By accessing the website, registering for any service, completing any payment, uploading any document or otherwise interacting with us, you confirm that:
- You have read, understood and accepted this Privacy Policy in full;
- You provide free, specific, informed and unambiguous consent to the collection, use, processing, sharing, transfer and storage of your personal data as described in this Policy;
- This Policy, together with our Terms & Conditions and Refund Policy, forms a binding agreement between you and us; and
- If you do not agree to any part of this Policy, you must immediately cease using the services.
Where you provide personal data of any third party (for example, your client’s data uploaded to BillBuddy), you represent and warrant that you have obtained all necessary consents from that third party before sharing their data with us, and you shall indemnify us against any claim arising from a lack of such consent.
3. What information we collect
The categories of information we collect depend on how you interact with us. The categories listed below are illustrative and not exhaustive; we may collect any other information reasonably required to deliver the services or to comply with law.
3.1 Information you provide directly
- Webinar / lead-form registrations: name, email, mobile (used as WhatsApp contact), professional role, city, and any other information you submit.
- Account & profile data (BillBuddy users): name, email, mobile, business name, GSTIN, professional details, billing address, password (stored as a salted hash).
- Communications: the content of emails, WhatsApp messages, support tickets, feedback or any other communications you send us.
- Payment information: when you make payment, our payment processor collects card / UPI / netbanking details. We retain transaction IDs, last four digits and metadata required for invoicing, refunds and audit.
- Identity / verification documents where reasonably required by law (e.g. PAN, GSTIN for tax invoicing; KYC documents where applicable).
3.2 Information collected automatically
- Device and log data: IP address, browser type and version, OS, device type, referring URL, pages visited, time and duration of visit, click patterns, mouse movements, error logs.
- Cookies and similar technologies: see section 9.
- Analytics data: anonymised, pseudonymised or hashed behavioural data collected via Meta Pixel, Google Analytics, Microsoft Clarity, Hotjar or similar tools.
- Any other technical metadata required for security, troubleshooting or analytics.
3.3 Information you upload to BillBuddy
- Bills, invoices, vouchers, cheques, bank statements, salary registers, GST returns and other financial documents.
- Tally ledger exports and ingestion files generated by our system.
- Notes, comments, instructions or metadata you add inside the app.
4. How we collect information
- Directly from you when you fill a form, register, sign up, contact us, or upload documents.
- Automatically through cookies and similar tracking technologies on our website and app.
- From third-party platforms when you connect your account or where they pass us information about you (e.g. Meta lead-form responses, payment-gateway transaction confirmations).
- From your authorised representatives, employer, firm or agent.
- From publicly available sources such as professional directories, ICAI member lists, GSTIN portals or business registries.
5. Why we collect it (purposes)
| Purpose | Examples |
|---|---|
| Service delivery | Run BillBuddy, host webinars, send Zoom links, deliver content and recordings. |
| Customer communication | Reply to queries, send transaction notifications, service updates and reminders. |
| Marketing & education | Send newsletters, notify you about new products, services, webinars, courses, partner offers and educational content. Marketing may continue based on legitimate uses; you may opt out of marketing emails at any time. |
| Personalisation & profiling | Tailor content recommendations, in-app experience, audience targeting and ad delivery, including by combining data from multiple sources. |
| Payments & billing | Process payments, generate GST-compliant invoices, handle refunds, manage chargebacks. |
| Analytics & product improvement | Analyse usage at individual and aggregate levels to improve features, fix bugs and develop new products. Train and refine our in-house AI classifiers using de-identified data. |
| Security, fraud prevention & legal protection | Detect abuse, prevent unauthorised access, comply with anti-fraud requirements, exercise or defend our legal rights. |
| Legal compliance & tax | Meet our obligations under the DPDP Act, IT Act, GST law, Companies Act, tax law and respond to lawful requests. |
| Business transfers | Evaluate, negotiate and execute mergers, acquisitions, restructurings or asset transfers. |
| Any other reasonable purpose | Any purpose disclosed at the point of collection or otherwise reasonably necessary to operate, protect and grow our business. |
6. Legal basis for processing
We process your personal data on one or more of the following bases under the DPDP Act:
- Your consent — the primary basis. By using the services and accepting this Policy, you consent to all processing described in this Policy. You may withdraw consent for future processing as described in section 12; withdrawal does not affect the lawfulness of past processing.
- Performance of a contract — to deliver the services you have requested.
- Legitimate uses permitted by Section 7 of the DPDP Act, including (without limitation) responding to medical emergencies, complying with judgements, employment-related processing and certain other purposes prescribed by law.
- Compliance with law — tax, statutory, regulatory and court obligations.
- Our legitimate business interests — to operate, secure, improve and grow our services, as permitted by law.
7. Who we share information with
We do not sell your personal data. We share it in the following circumstances. By using the services you specifically consent to all such sharing:
- Service providers (Data Processors): hosting providers, cloud infrastructure (India / Singapore), email delivery, WhatsApp Business API providers, SMS gateways, payment gateways, customer-support tools, analytics providers (Meta, Google, Microsoft Clarity, etc.), CRM platforms, data-warehousing tools.
- AI model providers: third-party model providers used inside BillBuddy and elsewhere (including providers based outside India). Where required, data-processing agreements are in place restricting use to providing services to us.
- Marketing & advertising partners: Meta (Facebook / Instagram), Google, LinkedIn and similar platforms for ad targeting, retargeting, lookalike audience building and campaign measurement, including via hashed identifiers.
- Affiliates, partners and resellers: entities that distribute, co-market or integrate with our services.
- Professional advisors: auditors, lawyers, accountants and consultants.
- Authorities: when required by law, regulator, court or government order, or to protect our rights, the rights of users, or the public.
- Business transfers: in connection with any actual or potential merger, acquisition, financing, restructuring, asset sale, bankruptcy or similar transaction, your information may transfer to the successor or acquirer subject to substantially similar protections.
- Other parties with your consent or where reasonably required to fulfil the purposes set out in this Policy.
8. Financial & accounting data (BillBuddy)
Because BillBuddy processes accounting and financial documents, we apply additional safeguards to that data:
- Uploads are transmitted over TLS 1.2 or higher.
- Files are stored in encrypted form on India-hosted infrastructure (or Singapore for backup) using AES-256.
- Access is restricted to authorised personnel under role-based permissions; access events are logged.
- You retain ownership of the data you upload, subject to the licence granted to us in our Terms & Conditions. You can request export or deletion subject to verification.
- We do not use your raw, identifiable financial documents to train foundation AI models. We may use de-identified, aggregated data to improve our in-house classifiers, develop new products, generate benchmarks, market our services and for any other lawful purpose, in perpetuity, without further notice or compensation.
- If you are a CA firm using BillBuddy on behalf of clients, you act as the Data Fiduciary for that client data; we act as your Data Processor and shall handle the data on your documented instructions consistent with this Policy and our Terms & Conditions.
You acknowledge that uploading financial data inherently carries risk and that, despite our security measures, no system is impenetrable. Our liability for any unauthorised access is limited as described in our Terms & Conditions.
9. Cookies, tracking & advertising
We use cookies and similar technologies (pixels, web beacons, local storage, fingerprinting) for the following purposes:
- Strictly necessary — required for log-in, session management, security; cannot be disabled.
- Functional — remember preferences such as language and last-used settings.
- Analytics — understand how visitors use the site (Google Analytics, Meta Pixel, Microsoft Clarity, etc.).
- Advertising & retargeting — measure and optimise our advertising on Meta, Google and similar platforms; serve you relevant ads, including across devices and platforms.
Meta Pixel & advertising cookies
We use the Meta Pixel and similar advertising tools to measure conversions, build retargeting audiences, build lookalike audiences and serve you relevant content across Meta, Google and similar platforms. These tools may set cookies, collect device identifiers, and pass hashed identifiers (such as hashed email or phone) to the relevant ad platform.
By continuing to use our website, you consent to the use of all categories of cookies described above, including advertising cookies. You can manage cookies in your browser settings; you can manage Meta ad preferences inside your Facebook or Instagram settings; and you can opt out of personalised Google ads at adssettings.google.com. Disabling certain cookies may break or limit website functionality.
10. How long we keep data
We retain personal data for as long as we determine necessary for the purposes described in this Policy or as required by law. Indicative periods (subject to extension or shortening at our reasonable discretion):
- Webinar registrations & marketing leads: retained for as long as relationship-building, marketing or analytical purposes continue, typically up to 24 months from the last interaction. We may extend this period at our discretion.
- Active BillBuddy account data: for as long as your account is active, plus up to 90 days after closure to allow account recovery.
- Financial documents you upload to BillBuddy: retained as long as your account is active. After deletion, files are removed from primary storage promptly and from backups within 90 days.
- Billing & tax records: retained for at least 8 years as required under the GST Act, the Income Tax Act and the Companies Act, and longer where reasonably required to defend any potential claim.
- Communications with you: retained as long as necessary to deliver services, defend any claim, or comply with law.
- Aggregated, de-identified or anonymised data: retained indefinitely — this data does not identify you and is not subject to your deletion right.
- Data may be retained longer where reasonably required to protect or defend our legal rights.
11. How we protect your data
- Encryption in transit (TLS 1.2+) and at rest (AES-256).
- Bank-grade infrastructure with role-based access controls and audit logging.
- Regular vulnerability scans and an internal security review (most recent: 20 April 2026).
- Strict employee confidentiality agreements; access on a need-to-know basis only.
- Backups stored in geographically separated zones.
No system can guarantee 100% security. We disclaim all liability for any unauthorised access, hacking, data breach, leak or other incident that occurs despite our taking reasonable security measures, except where such liability cannot be excluded under Indian law. If a breach occurs that is likely to result in significant harm to you, we will notify you and the Data Protection Board of India only to the extent and within the timelines required by Section 8(6) of the DPDP Act.
12. Your rights under the DPDP Act
Subject to applicable law and to verification of your identity, you have the following rights:
- Right to access: request a summary of the personal data we hold about you and the processing carried out.
- Right to correction and erasure: ask us to correct inaccurate data or to delete data that is no longer needed for a lawful purpose. We may decline a deletion request where retention is required by law, where the data is necessary for the establishment, exercise or defence of legal claims, or where it relates to billing, audit, tax records or aggregated/de-identified data.
- Right of grievance redressal: raise a complaint with our Grievance Officer (section 17).
- Right to nominate: nominate another individual to exercise your rights in case of your death or incapacity.
- Right to withdraw consent: withdraw consent for any future processing based on consent. Withdrawal does not affect lawfulness of past processing or processing on other lawful bases.
- Right to opt out of marketing: click “unsubscribe” in any email or reply STOP to a WhatsApp message.
To exercise any right, email contact@thewealthbuddy.org with the subject line “DPDP Request — [Your Right]” from the email address registered with us. We may require additional information to verify your identity. We will respond within the timeline required by law (typically 30 days). We may charge a reasonable fee for repeated, manifestly unfounded or excessive requests, or refuse to act on such requests, to the extent permitted by law.
13. Children’s data
Our services are not directed at children under 18. We do not knowingly collect personal data from anyone under 18 without verifiable parental or lawful-guardian consent as required by Section 9 of the DPDP Act. If you believe a child has provided us with personal data, contact us and we will delete it promptly subject to legal requirements.
14. International data transfers
Our primary infrastructure is in India. Some service providers (cloud backups, email, AI providers, analytics) may process data outside India. By using the services, you consent to international transfer of your personal data to such jurisdi