Privacy Policy
Effective date: June 16, 2026 · Last updated: June 16, 2026
1. Introduction
BookWise ("BookWise," "we," "us," or "our") provides custom invoice, quote, and order management software for small businesses. This Privacy Policy explains what personal data we collect when you use BookWise, why we collect it, how we protect it, how long we keep it, and the rights you have over it.
This policy is written to comply with India's Digital Personal Data Protection Act, 2023 ("DPDP Act") and its associated rules. If you access BookWise from outside India, additional local laws may also apply to you, and we describe how we approach that in Section 12.
By creating a BookWise account or using our services, you agree to the practices described in this policy. If you do not agree, please do not use BookWise.
2. Data we collect
We collect the following categories of personal data:
Account data
Your name, email address, password (stored as a salted hash, never in plain text), business name, and any business details you choose to add to your profile.
Customer and business data you create
Information you enter into BookWise to run your business, including your customers' names, contact details, addresses, and any custom fields you configure on your quotes, orders, and invoices (for example, event dates, site addresses, or dietary notes). This data belongs to you and is treated as confidential business information.
Technical and device data
IP address, browser type, device type, operating system, and log data such as access times and pages viewed, collected automatically when you use BookWise.
Communications
Records of support requests, feedback, and correspondence you send to us.
3. How we use your data
We use personal data for the following purposes, and no others:
- To create and operate your BookWise account, including authentication and login.
- To provide the core functionality of the service: building custom forms, generating quotes, orders, and invoices, and powering your calendar.
- To send you service-related communications, such as account notices, security alerts, and responses to support requests.
- To maintain the security, integrity, and reliability of the platform, including detecting fraud, abuse, or technical issues.
- To improve BookWise through aggregated, non-identifying analysis of how the product is used (see Section 5).
- To comply with applicable law, including responding to lawful requests from government or regulatory authorities (see Section 6).
We do not sell your personal data or your customers' data to third parties, and we do not use your business data to train external advertising profiles.
4. Encryption & security
We know that handing over your customer list, quotes, and invoices to a third-party platform requires trust. We take the security of this data seriously and apply the following safeguards:
- Encryption. Customer records, quotes, invoices, and other business data you store in BookWise are encrypted and tied to your account, so your business data stays private and protected.
- Encryption in transit. All data sent between your device and BookWise is encrypted using industry-standard transport security (HTTPS/TLS).
- Access controls. Access to production systems and data is restricted to authorized personnel on a need-to-know basis, and is logged and monitored.
- Reasonable security safeguards. We maintain technical and organizational measures appropriate to the sensitivity of the data we hold, consistent with the security obligations under the DPDP Act.
We do not publicly disclose the specific technical architecture or implementation details of our encryption and security systems. This is a deliberate security practice, not an attempt to limit your rights: you remain entitled to all the rights and protections described elsewhere in this policy regardless of the technical implementation.
5. Aggregated & usage data
In addition to the data described in Section 2, we may store and analyze aggregated, statistical, or count-based data about how your account uses BookWise. This includes, for example:
- The total number of invoices, quotes, and orders your account has created.
- The total monetary value (sum) of invoices and quotes generated through your account.
- The number of customer records stored in your account.
- General feature usage patterns, such as which tools or form types are used most often.
We use this aggregated data to operate, maintain, and improve BookWise, for example to understand product usage, plan infrastructure capacity, calculate plan or billing thresholds, and identify which features to invest in. This data is used internally and is not sold to third parties.
Where this aggregated data is used for analytics or reporting purposes, we take reasonable steps to use it in a form that does not identify you or your customers individually wherever practicable.
6. Legal & government requests
BookWise may access, decrypt, preserve, or disclose your account information or business data, including customer and invoice data, where we have a good-faith belief that doing so is required or permitted by law. This includes situations such as:
- Responding to a valid court order, summons, warrant, or other legally binding request from a court, government authority, or law enforcement agency, in India or another jurisdiction with proper legal authority over us.
- Complying with a request from the Data Protection Board of India or another competent regulatory authority under the DPDP Act or other applicable law.
- Investigating or responding to claims of fraud, security incidents, or violations of our Terms of Service.
- Protecting the rights, property, or safety of BookWise, our users, or the public, where required by law.
- Establishing or exercising our legal rights, or defending against legal claims.
We evaluate every government or legal request individually and disclose only the data we are legally required to provide, only to the extent necessary to satisfy that specific request. Where legally permitted, we will attempt to notify the affected account holder before disclosing data in response to such a request.
We do not provide any government, agency, or third party with standing or unrestricted access to user data, and we do not build "back doors" for routine or non-legal access.
7. Data retention
We retain personal data only for as long as necessary to fulfil the purposes described in this policy, including:
- For as long as your account remains active, so that you can continue to access your quotes, invoices, and customer records.
- For a reasonable period after account closure or a period of inactivity, to allow you to reactivate your account or recover your data, after which it is deleted or anonymized unless a longer period is required by law (for example, tax or accounting record-keeping obligations).
- For as long as required to comply with our legal obligations, resolve disputes, or enforce our agreements.
You can request deletion of your account and associated personal data at any time, as described in Section 9, subject to any legal retention requirements that may apply.
9. Your rights
Under the DPDP Act, as a Data Principal you have the following rights in relation to your personal data:
- Right to access: request a summary of the personal data we hold about you and how it is being processed.
- Right to correction: request that we correct inaccurate or incomplete personal data.
- Right to erasure: request that we delete personal data that is no longer necessary for the purpose it was collected, subject to our legal retention obligations.
- Right to grievance redressal: raise a complaint about how we have handled your personal data and receive a response within a reasonable time.
- Right to nominate: nominate another individual to exercise your rights under the DPDP Act on your behalf in the event of your death or incapacity.
- Right to withdraw consent: withdraw consent for processing that is based on consent, at any time, as easily as it was given.
To exercise any of these rights, contact us using the details in Section 14. We will respond within the timeframes required under applicable law.
10. Children's data
BookWise is intended for use by businesses and individuals who are at least 18 years old. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child without verifiable parental or guardian consent, we will take steps to delete that information promptly.
11. Breach notification
If we become aware of a personal data breach that affects your account, we will notify you and, where required, the Data Protection Board of India, in accordance with the timelines and requirements of the DPDP Act and its rules. Notifications will describe the nature of the breach, the data affected, and the steps we are taking in response.
12. International users
BookWise is operated from India, and this policy is primarily governed by the DPDP Act. If you access BookWise from outside India, you understand that your personal data may be processed and stored in India or other locations where our service providers operate, and that data protection laws there may differ from those in your home country. By using BookWise, you consent to this processing as described in this policy.
13. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. If we make material changes, we will notify you by email or through a notice within BookWise before the changes take effect. The "Last updated" date at the top of this page indicates when this policy was last revised.
14. Contact & grievance officer
If you have questions about this Privacy Policy, want to exercise any of your rights, or wish to file a grievance, please contact us
BookWise
Email: contact@bookwise.work
We aim to acknowledge all privacy-related requests promptly and resolve them within the timeframe required under the DPDP Act.