Privacy Policy

Last updated: 13 April 2026

Vasuli (“we”, “our”, “us”) is an accounts-receivable recovery platform operated from India, built for Micro, Small, and Medium Enterprises (MSMEs). This policy explains what personal data we collect when you use the Vasuli website, dashboard, or mobile app (collectively, the “Service”), how we use it, and the choices you have.

1. Who we are

Vasuli is operated by the business entity registered in India that you create an account with. For any privacy question, write to us at support@vasuli.io.

2. Information we collect

Account & identity: phone number, name, business name, GSTIN/PAN, business address, bank/UPI details you enter for collecting payments.
Invoice & buyer data: invoice numbers, amounts, due dates, buyer name, buyer phone, buyer email, buyer GSTIN, payment status, and notes you record.
Communication content: reminder and escalation messages that you generate through the platform, and delivery receipts from WhatsApp/SMS/email providers.
Device & usage: device identifiers, push notification tokens (FCM/APNs), IP address, browser/app version, and activity logs needed for security and troubleshooting.
Payment metadata: when you subscribe to a paid plan, our payment processor (Razorpay) shares the transaction outcome with us. We do not store your card or UPI credentials.

3. How we use your data

To operate the Service: create invoices, send reminders, generate payment links, track escalations, file Samadhaan complaints you initiate.
To authenticate you via phone OTP and keep your account secure.
To compute anonymised buyer-payment scores, always with k-anonymity (minimum 3 businesses) before showing aggregates.
To send you transactional messages about your account (e.g., subscription renewal, billing failures, security alerts).
To comply with lawful requests from Indian courts, tax authorities, or MSME Samadhaan proceedings you file.

We do not sell your data. We do not use your invoice or buyer information for advertising.

4. Third-party processors

We share the minimum data needed with the following service providers, each of which is contractually bound to process data only for Vasuli’s purposes:

Supabase (ap-northeast-1 region) — primary database and file storage.
Vercel — web hosting and edge compute.
Razorpay — subscription billing and payment collection.
Wati — WhatsApp Business API delivery.
MSG91 — SMS and email delivery (when enabled).
Firebase Cloud Messaging (Google) — push notifications for the mobile app.

5. Data retention

We retain invoices, buyer records, and communication logs for as long as your Vasuli account is active, plus up to 7 years thereafter to satisfy Indian tax and MSME record-keeping obligations. You may request earlier deletion; some data may be retained in backups for up to 90 days after deletion for disaster recovery.

6. Your rights

You can:

Access the personal data in your account via the dashboard.
Correct any inaccurate information directly in the Service.
Export your invoices and buyer list as CSV from the dashboard.
Request deletion of your account and associated data by writing to support@vasuli.io. We will action this within 30 days, subject to legal retention above.

7. Children

Vasuli is a B2B service. It is not directed at individuals under 18. Do not use the Service if you are below the age of majority in your jurisdiction.

8. Security

We use TLS for all data in transit, encrypted database storage at rest via our hosting provider, and JWT-based session authentication with httpOnly cookies. No system is perfectly secure; you are responsible for keeping your phone, OTP, and device secure.

9. Changes to this policy

We may update this policy as the Service evolves or as law requires. Material changes will be announced via an in-app notice or email to the registered phone/email on record. The “Last updated” date above always reflects the current version.

10. Contact

Questions or grievances: support@vasuli.io. We aim to respond within 7 working days.