Privacy Policy — ZeroBill

Privacy Policy

Last Updated: December 07, 2025

Privacy Policy

ZeroBill — ZBT Innovations Private Limited Last Updated: December 07, 2025

1. Introduction & Scope

ZBT Innovations Private Limited, a company incorporated under the Companies Act, 2013, with its registered office at JP Nagar, Bengaluru, Karnataka, India (hereinafter referred to as the "Company," "We," "Us," "Our," or "Data Fiduciary"), operates the mobile application ZeroBill (hereinafter referred to as the "Platform" or "App") — India's first Privacy-First Digital Receipts & Cashbacks app for offline retail.

We are deeply committed to protecting the privacy and security of your personal data. This Privacy Policy ("Policy") describes how we collect, use, process, store, share, and delete your personal data when you use our Platform.

This Policy has been drafted in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

By downloading, installing, or using the ZeroBill App, you ("User," "Customer," or "Data Principal") explicitly consent to the data practices described in this Policy. If you have any questions or concerns, please contact us at support@zerobill.app.

The terms used in this Privacy Policy carry the same meanings as in our Terms and Conditions unless otherwise defined herein.

2. Definitions

For the purposes of this Policy, the following terms shall have the meanings set out below:

  • "Personal Data" means any data about an individual who is identifiable by or in relation to such data.
  • "Processing" means any wholly or partly automated operation or set of operations performed on digital personal data. This includes collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment, combination, indexing, sharing, disclosure by transmission, dissemination, restriction, erasure, or destruction.
  • "Data Fiduciary" means ZBT Innovations Private Limited, the entity that determines the purpose and means of processing personal data.
  • "Data Principal" means the individual to whom the personal data relates — that is, You, the Customer.

3. Our Privacy-First Architecture

ZeroBill is built on a foundational privacy principle: your phone number and personal identity are never shared with the Merchant as a condition of receiving a digital receipt or rewards.

When you scan a ZeroBill QR code and pay via UPI, the Merchant's system receives confirmation that a payment occurred. It does not receive your name, phone number, or any personal identifier — unless you explicitly choose to share more. Your digital receipt and rewards are linked to your UPI payment identity, which is managed entirely within the ZeroBill ecosystem.

This is not just a feature — it is a deliberate architectural decision. You are entitled to shop at any ZeroBill-enabled store, collect receipts, and earn cashbacks without your contact information being disclosed to the store or its staff.

Merchant Promotional Communications: While your phone number is never disclosed to the Merchant directly, ZeroBill may, on a Merchant's behalf, send you promotional messages via WhatsApp or SMS — such as offers, cashback campaigns, or re-engagement notifications for stores you have visited. These messages are sent by ZeroBill; your contact details remain within ZeroBill's systems at all times and are never passed to the Merchant. You may opt out of these communications at any time through the notification preferences in your App settings.

4. Personal Data We Collect

We collect Personal Data solely for the purpose of providing our Services, which include generating digital receipts, facilitating rewards and cashbacks, and enabling UPI transactions. The categories of data we collect are as follows:

4.1 Identity & Contact Data

  • Customer Name: Used to identify you within the App and to personalise your experience.
  • Phone Number: Used for account creation, OTP verification (Two-Factor Authentication), and unique user identification. This is held securely within ZeroBill and is not shared with Merchants.

4.2 Transaction & Billing Data

  • Billing Details: Date of purchase, items purchased, quantity, price per unit, total amount, applicable taxes, and discounts.
  • Shop / Merchant Name: The identity of the offline retail store where the transaction took place.
  • Digital Receipt Data: The digitised version of the physical invoice generated at the Point of Sale (POS). Receipts are stored both on your device and on ZeroBill's servers so you can access them at any time.

4.3 Financial & Payment Data

  • UPI Transaction Details: Transaction reference numbers (UPI Ref ID), masked Virtual Payment Address (VPA), payment timestamp, and payment status (Success/Failure). All UPI transactions are processed through NPCI infrastructure and regulated third-party banking and payment partners.
  • Note: We do not store your bank account passwords, UPI MPIN, or full credit/debit card numbers.

4.4 Technical & Device Data

  • Device Information: Device model, operating system (OS) version, unique device identifiers (IMEI/UUID), IP address, browser and device characteristics, and mobile network information — collected to ensure App compatibility and security.
  • Location Data: Precise or approximate location (GPS/network-based) — collected to identify nearby merchants, verify the authenticity of store visits for fraud prevention, and deliver location-relevant offers. You may change our access to location permissions at any time through your device settings.

4.5 Push Notifications

We may request permission to send you push notifications regarding your account, transactions, or certain features of the App. If you wish to opt out from receiving these communications, you may turn them off at any time through your device settings.

5. Purpose of Processing

We process your Personal Data only for lawful purposes as defined under the DPDP Act, 2023:

  1. Service Delivery: To generate and store digital receipts for your purchases, thereby eliminating the need for paper receipts.
  2. Transaction Verification: To verify that a legitimate transaction has taken place at a partner merchant via UPI before issuing any rewards.
  3. Rewards & Cashbacks: To calculate and disburse cashbacks, loyalty points, or rewards based on your purchase history and transaction value.
  4. Customer Support: To resolve disputes concerning receipts, payments, or technical issues, and to respond to your enquiries.
  5. Fraud Prevention: To detect and prevent fraudulent receipts, duplicate claims, or location spoofing, and to keep the App safe and secure.
  6. Account Management: To manage your account and keep it in proper working order.
  7. Administrative Communications: To send you product, service, and new feature information, as well as updates regarding changes to our terms, conditions, and policies.
  8. Prize Draws & Competitions: To administer prize draws and competitions where you have elected to participate.
  9. Targeted Advertising & Marketing Promotions: To develop and display personalised content and advertising — including working with third parties who do so — tailored to your interests and/or location, and to measure its effectiveness.
  10. Anonymised Analytics: We use Cluster Anonymised Data — where direct identifiers such as your Name and Phone Number have been removed — to analyse consumption patterns, identify usage trends, and evaluate the effectiveness of our promotional campaigns. This aggregated data may be used to present relevant offers to user segments (e.g., "Frequent Coffee Buyers") without disclosing your personal identity to advertisers.

6. Data Sharing & Disclosure

WE DO NOT SELL YOUR PERSONAL DATA. We strictly adhere to a non-selling policy with regard to your personally identifiable information (PII). We will not use identifiable personal information without your consent.

We may share your data only in the following limited circumstances:

6.1 No Sale to Third Parties

We do not sell, rent, or trade your Name, Phone Number, or Email Address to data brokers or third-party marketing agencies for their independent use. We do not share your personal details or receipt details with Merchants or other third parties in a manner that would allow them to be linked back to you.

6.2 Payment Infrastructure Partners

Payment transactions processed through the App are handled by regulated third-party banking and payment partners operating on NPCI's UPI infrastructure. These partners process transaction data in accordance with RBI regulations and their own privacy policies. ZeroBill shares only the minimum data necessary for payment processing and settlement.

6.3 Service Providers

We may share data with other trusted third-party service providers (Data Processors) who assist us in operating the App — for example, cloud hosting providers (such as AWS or Google Cloud) and OTP service providers. These processors are bound by strict contractual obligations to process data only on our instructions and to maintain appropriate security standards.

6.4 Cluster Anonymised Data

We may share aggregated, anonymised statistical data with merchant partners or advertisers. For example: "500 users purchased chocolate in JP Nagar today." Such data cannot be used to re-identify you personally.

6.5 Legal Compliance

We may disclose Personal Data where required by law, court order, or government authority — for instance, in the context of tax audits or criminal investigations — as mandated under applicable Indian law.

7. Links to Other Sites

The App may contain links to third-party websites or services. If you click on a third-party link, you will be directed to that site. Please note that these external sites are not operated by us. We therefore strongly advise you to review the Privacy Policy of any third-party website you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

8. Consent & Withdrawal

By using the App, you provide consent for the collection and processing of your data as described in this Policy.

  • Withdrawal of Consent: You have the right to withdraw your consent at any time. However, as the core functionality of ZeroBill — including digital receipts and cashbacks — is dependent on this data, withdrawing your consent will result in your inability to continue using the App.
  • Account Deletion: You may delete your account via the "Delete Account" option in the App settings. Upon confirmation, your Personal Data (including your Name, Phone Number, and Transaction History) will be permanently deleted from our active databases, subject to any retention obligations imposed by law (for example, the requirement to retain transaction records for tax purposes during the applicable statutory period).

9. Data Retention

We retain your Personal Data only for as long as is necessary to fulfil the purposes set out in this Policy:

  • Active Accounts: Data is retained while your account remains active, in order to maintain your complete receipt history.
  • Deleted Accounts: Upon account deletion, your data is securely erased — with the exception of anonymised transaction data used for historical analytics, and any data required to be retained under the Income Tax Act or the Prevention of Money Laundering Act (PMLA).

10. Children's Privacy

The ZeroBill App and its Services are not directed at anyone under the age of 18. We do not knowingly collect personally identifiable information from children under 18. If we discover that a child under 18 has provided us with personal information, we will immediately delete it from our servers. If you are a parent or guardian and are aware that your child has provided us with personal information, please contact us immediately at support@zerobill.app so that we can take the necessary action.

11. Your Rights as a Data Principal

Under the DPDP Act, 2023, you are entitled to exercise the following rights:

  1. Right to Access: Request a summary of the personal data being processed by us and an overview of the associated processing activities.
  2. Right to Correction: Request the correction of any inaccurate or misleading personal data, or the completion of any incomplete data.
  3. Right to Erasure: Request the deletion of your personal data (exercisable via the Account Deletion feature in the App).
  4. Right to Grievance Redressal: Have any grievances relating to your data addressed by our Grievance Officer.

12. Security Measures

We implement reasonable security practices and procedures as required under ISO/IEC 27001 standards and the Information Technology Act Rules. Our security measures include encryption of data in transit (using SSL/TLS protocols) and at rest, strict access controls, and regular security audits. We strive to use commercially acceptable means of protecting your information.

Please note that no method of transmission over the internet or electronic storage is 100% secure. While we take every reasonable precaution, we cannot guarantee complete protection against sophisticated cyber-attacks or absolute security.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. You are advised to review this page periodically for any changes. We will notify you of any significant changes by posting the updated Policy within the App and revising the date at the top of this document.

14. Grievance Redressal Mechanism

In accordance with the DPDP Act and the Information Technology Act, if you have any complaints, concerns, or questions regarding your privacy, please contact our Grievance Officer:

Grievance Officer ZBT Innovations Private Limited JP Nagar-7, Bengaluru, Karnataka, India — 560078 Email: support@zerobill.app Hours: Monday to Saturday, 10:00 AM to 6:00 PM IST

We shall respond to your grievance within the timeline prescribed by applicable laws.