1 Introduction

Billexa is committed to protecting your privacy across Billing, Marketplace, KYC, Telegram Bot, Admin Bot, Support Tickets, Analytics, Expense Tracking, Profile, Order Tracking, Two-Factor Authentication (2FA), Rate Limiting, and Account Deletion. By using Billexa, you consent to this policy.

🔒 We never sell your data. No ad trackers. Your data is yours.

2 Data We Collect

  • Account: Name, email, mobile, DOB
  • Billing: Products, invoices, sales, barcodes
  • Marketplace: Listings, images, videos, payment proofs
  • Orders: Name, mobile, address, status history
  • KYC: Aadhar (F/B), PAN, Shop Photo, Selfie, Business info
  • Telegram: Bot Token (encrypted), Chat ID, Username, command logs (30d)
  • Analytics: Views (IP), clicks, conversions, revenue, demographics (anonymized)
  • Support: Ticket content, category, status
  • Expense Data: When you use the Expense Tracker, we collect information about your business expenses including the amount spent, expense category (Shop Rent, Electricity, Staff Salary, Internet, Transport, Raw Material, Marketing, Maintenance, Other), description, date of expense, and payment mode. If you upload bill or receipt images, those are securely stored to help you maintain financial records.
  • Profile Data: When you update your profile, we collect your full name, date of birth, gender, and optional business details (business name, GST number, business address). Your email and mobile number are collected during registration and cannot be changed later for security reasons.

✍️ Invoice & Signature Data

When you use the optional signature feature on invoices (photo upload or digital draw), the signature image is stored securely in your invoice records. You are solely responsible for the authenticity and lawful use of all signatures and invoices generated from your account. Billexa does not use your signature data for any purpose other than displaying it on your invoices. Signature data is deleted when you delete your account.

📸 Uploaded Content

Expense Bill Images: When you upload bill or receipt images for your expenses, these are stored on secure cloud servers (Cloudinary). Only you can view these images through your account. When you delete an expense record, the associated bill image is permanently removed.

Profile Photos: When you upload a profile photo, it is stored on secure cloud servers (Cloudinary). Only you can view and manage your profile photo. You can remove your photo anytime, which permanently deletes it from our servers. Photos must be JPG, PNG, or WebP format and under 5MB.

3 How We Use Data

  • Provide Platform services, process orders, facilitate delivery
  • Verify seller identity (KYC), assign Verified badge
  • Generate invoices, reports, analytics
  • Send Telegram Bot alerts
  • Manage support tickets
  • Improve Platform, prevent fraud, comply with law
  • Financial Reports: Your expense data combined with invoice data allows us to provide accurate profit/loss calculations, expense summaries, and downloadable PDF reports. This helps you understand your business performance at a glance.
  • Profile Personalization: Your profile information is used to personalize your experience, display your identity in chats and marketplace, and pre-fill business details on invoices. Your GST number helps generate tax-compliant invoices for your business.

4 Data Sharing

NEVER sell data. Shared only: with consent (bot, delivery), legal orders, trusted providers (MongoDB, Cloudinary, Telegram API, PDFKit). Seller sees buyer name/mobile/address for delivery. KYC docs: admin only. Expense records and bill images are never shared with anyone. Profile photos and business details are never shared with third parties.

5 Security Measures

  • bcrypt password hashing (10 rounds)
  • HTTPS/SSL encryption for all connections
  • MongoDB Atlas encryption at rest
  • Cloudinary enterprise security (KYC docs, expense bills, profile photos)
  • Bot Token encryption for Telegram bots
  • Helmet.js security headers (CSP, XSS protection)
  • Rate limiting on all routes (prevents brute force & DDoS)
  • 24-hour session timeout with MongoDB session store
  • IP logging for suspicious activity
  • CORS protection
  • Two-Factor Authentication (2FA) with encrypted secrets
  • Account deletion requires password + 2FA verification
  • Login lockout after 5 failed attempts (15 minutes)

Your expense records and bill images are encrypted and stored securely. No third party has access to your financial data. We never share your expense information with anyone. Your personal information including profile photos, business details, and GST number are encrypted and stored securely. We never share your personal or business information with third parties.

6 🛡️ KYC & Seller Verification Privacy

What We Collect SENSITIVE

  • Aadhar Card (Front & Back), PAN Card, Shop Photo, Selfie, Business name & type, City & State

How We Use It

  • Verify seller identity only. Assign 🟢 Verified badge. Fraud prevention.

Storage & Access

  • Cloudinary enterprise security. Only admin can view. Never shared with buyers/sellers. Encrypted in transit & at rest.

Retention & Control

  • Until account deletion. Deleted within 30 days. Withdraw anytime. Re-submit up to 3 times.
🔐 Your KYC, Your Control: Withdraw anytime. Badge removed on withdrawal.

7 📊 Seller Dashboard & Analytics Privacy

What We Track

  • Product views (IP-based, anonymous), clicks, conversions, revenue, customer locations (city/state only), peak times

What We DON'T Track

  • Individual buyer identities, other sellers' data, personal browsing history

Data Isolation

  • Each seller sees ONLY own analytics. No cross-seller sharing. Buyers anonymous.

Retention

  • Views/Clicks: 12 months. Revenue: 7 years (legal). Aggregated: Indefinitely (anonymized).

Your Control

  • View: Dashboard → Analytics. Export CSV/PDF. Opt-out via support. Deleted on account closure.

8 🛒 Marketplace Data Privacy

📋 Buyer Data (Visible to Seller)

  • Name, Mobile, Address shared for delivery purposes only.
  • Optional fields: Alternate Mobile, Landmark, Pincode also visible to seller for delivery.
  • NOT shared after order completion or cancellation.
  • Quantity ordered by buyer and total amount calculated (Price × Quantity) visible to seller. Stock automatically decreases when order is placed and restores on cancellation or delivery (Auto Restock feature).
  • Buyer identity protected — seller cannot contact after order completion.
  • Buyer email never shared with seller.
  • Phone Number Access: Buyer must click "Show Contact Number" button to reveal seller's phone. Seller's number is never auto-displayed.
  • Pincode Search: Buyers can filter products by pincode to find nearby sellers. Pincode shown on product details for location reference.

🏪 Seller Data (Visible to Buyer)

  • Shop/Seller name, Verified/Unverified badge, Product listings, Ratings & Reviews.
  • KYC Signature (if verified) displayed on products & invoices.
  • Trust Score visible to help buyers make informed decisions.
  • NOT visible: Email, Phone, Address, Aadhar, PAN, Bank details.
  • Phone Number (Seller Controlled): Seller can optionally add a contact number per product. Hidden by default — buyer clicks "Show Contact Number" to reveal. Only visible for KYC verified sellers. Seller can use different numbers for different products.
  • Pincode (Optional): Seller can add area pincode per product. Visible on product detail and QR page. Helps buyers search products by location.
  • Seller location (if provided) visible on product cards.

⭐ Reviews & Ratings Data

  • Reviews are public — visible to all marketplace users.
  • Review includes: Buyer name, Rating (1-5), Review text, Images (max 2).
  • Review images stored on Cloudinary secure servers.
  • Seller can view all reviews on their products via "Reviews" button.
  • Buyer can delete their own review anytime from My Reviews.
  • Review data used for product sorting (Top Rated, Most Reviewed).
  • Average rating calculated from all verified reviews.

📦 Order & Transaction Data

  • Order history stored for both buyer and seller reference.
  • Cancellation records maintained for fraud prevention (Terms 17.8).
  • Delivery status tracked and visible to both parties.
  • Dispute data retained for resolution purposes.
  • Order invoices (PDF) generated and stored securely.
  • Order data exportable by both buyer and seller (CSV/PDF).

💬 Chat & Communication

  • Chat messages stored for 90 days for dispute resolution.
  • Chat includes: Text messages, Images, Payment proofs.
  • Chat automatically deleted after 90 days.
  • Voice/Video calls are peer-to-peer (WebRTC) — not recorded or stored.
  • No call logs or recordings maintained.

💳 Payment Data

  • Cash on Delivery (COD) only — no financial data (bank/card/UPI) stored.
  • Payment proof images uploaded by buyer stored on Cloudinary.
  • No online payment processing — all payments handled directly.
  • Transaction amounts visible to both parties for order verification.

🔄 Return & Refund Data UPDATED

  • 📸 Return Proof Images: Buyer can upload up to 3 images (JPG, PNG, WebP, max 5MB each) showing product damage/defect as proof.
  • Images stored on Cloudinary secure servers temporarily during return process.
  • Images visible to seller only for return request verification.
  • Images auto-deleted permanently from Cloudinary when: ✅ Refund completed or ❌ Return rejected.
  • Images are not retained after return resolution — protecting buyer privacy.
  • Images are never shared publicly or with third parties.
  • 📦 Pickup Address: Buyer provides pickup address during return request. Visible to seller only for item pickup. Not shared with third parties.
  • 📅 Expected Dates: Seller provides Expected Pickup Date and Expected Refund Date on acceptance. Visible to both parties.
  • Bank Details Collected: When buyer requests return, Account Holder Name, Account Number, IFSC Code, and Bank Name are collected for refund processing.
  • Bank details are visible to seller only for the purpose of processing refund via UTR/Transaction ID.
  • Last used bank details are auto-saved for buyer convenience. Buyer can update anytime.
  • Bank details stored securely in encrypted database. Not shared with third parties.
  • UTR/Transaction ID: Recorded when seller marks item as received and processes refund. Visible to both buyer and seller.
  • Return reason and description visible to seller for evaluation.
  • Return status history maintained for dispute resolution.
  • Return data retained as long as order data is retained (active account).
  • Bank details deleted on account closure along with all other personal data.
  • Copy feature available for seller to easily copy account number and IFSC for payment apps.

🖼️ Product Images

  • All product images stored on Cloudinary secure cloud servers.
  • Only images allowed (no videos) for product listings.
  • Max 10 images per product, 10MB each.
  • Images deleted when product is deleted.
  • Review images: Max 2 per review, 5MB each.
  • KYC document images stored separately with enterprise security.

🛡️ Fraud Prevention Data

  • Cancellation count tracked for penalty enforcement (Terms 17.8).
  • 3+ cancellations in 30 days = KYC review/revocation.
  • 5+ cancellations = Possible account ban.
  • Delivery performance monitored for Trust Score calculation.
  • Fraud reports stored for investigation.
  • Banned users' Aadhar/PAN permanently blocked from reuse.
  • Multiple accounts detection and prevention systems active.

🔍 Search & Analytics

  • Product search covers: Title, Description, Product ID, Seller name, Location, Category.
  • Sort options: Newest, Oldest, Price, Views, Rating, Reviews, Orders.
  • Product views tracked for analytics (seller dashboard).
  • Impressions and clicks tracked for seller analytics.
  • Aggregated data used for marketplace trends (anonymized).

❤️ Wishlist Data

  • Wishlist is private — only the logged-in user can view their own wishlist.
  • Wishlist stores: Product ID and date added. No personal data shared.
  • Wishlist data is not visible to sellers or other users.
  • Removing item from wishlist permanently deletes the record.
  • Clearing wishlist removes all saved items at once.
  • Wishlist data retained until user removes items or deletes account.
  • Wishlist count badge shown in navbar for quick access.
  • No third-party access to wishlist data.

🏪 Seller Store Data

  • Each seller's product page (/marketplace/seller-products) shows public product listings only.
  • Seller avatar and name are visible (same as marketplace listings).
  • KYC verification status and Trust Score are publicly visible.
  • Seller's email, phone, and address are never exposed on the store page.
  • Product search and filters available for browsing seller's catalog.
  • Access via "View All Products" button on any product detail modal.
  • Store page data is read-only and cached for performance.

🔗 QR Code & Sharing

  • Each product has a unique QR code for easy sharing.
  • QR page (`/p/PRODUCT-ID`) shows: Product images, Details, Reviews, Order form.
  • QR page is public — anyone with the link can view.
  • Ordering requires login for buyer protection.

📤 Data Export & Portability

  • Sellers can export: Products (CSV/PDF), Orders (CSV/PDF), Analytics reports.
  • Buyers can export: Order history, Invoices (PDF).
  • Complete account data export available via admin request.
  • Export includes: Profile, Products, Invoices, KYC, Marketplace, Orders, Reviews.

⏱️ Data Retention

  • Active account data: Retained indefinitely while account is active.
  • Chat messages: 90 days, then auto-deleted.
  • Deleted products: Images removed from Cloudinary immediately.
  • Deleted account: All data permanently deleted within 30 days.
  • Banned users: Aadhar/PAN permanently retained to prevent re-registration.
  • KYC documents: Deleted on account closure or KYC revocation.

🔐 Third-Party Services

  • Cloudinary: Image storage (Products, Reviews, KYC). Enterprise-grade security.
  • MongoDB Atlas: Database hosting with encryption at rest.
  • Socket.io: Real-time chat (messages not stored by third party).
  • WebRTC: Peer-to-peer calls (no server storage).
  • No data sold or shared with advertisers or analytics companies.

9 🤖 Telegram Bot Data Privacy

What We Store MINIMAL

  • Bot Token (encrypted), Chat ID, Username (optional), Alert preferences, Command logs (30 days)

What We DON'T Access

  • Your Telegram messages, contacts, groups, or other bots

Security

  • Token encrypted. Chat ID verified. Commands access only your data. No cross-user access.

Control

  • Connect/disconnect anytime. /disconnect instant. All bot data deleted on disconnect. Alert settings customizable.

10 👑 Admin Bot & Support Privacy

Admin Access RESTRICTED

  • Admin views platform-level stats only. Can view KYC docs for verification.
  • Cannot view your invoices, product details, expense records, profile photos, or personal messages.
  • All admin actions logged and auditable.

Support Tickets DATA

  • Ticket content, category, status stored securely.
  • Used for issue resolution only. Retained for 1 year.
  • Admin replies visible to ticket creator only.

11 💰 Expense Tracking Privacy

Information We Collect

Expense Data: When you use the Expense Tracker, we collect information about your business expenses including the amount spent, expense category (Shop Rent, Electricity, Staff Salary, Internet, Transport, Raw Material, Marketing, Maintenance, Other), description, date of expense, and payment mode. If you upload bill or receipt images, those are securely stored to help you maintain financial records.

Uploaded Content

Expense Bill Images: When you upload bill or receipt images for your expenses, these are stored on secure cloud servers (Cloudinary). Only you can view these images through your account. When you delete an expense record, the associated bill image is permanently removed.

How We Use Your Data

Financial Reports: Your expense data combined with invoice data allows us to provide accurate profit/loss calculations, expense summaries, and downloadable PDF reports. This helps you understand your business performance at a glance.

Data Security

Your expense records and bill images are encrypted and stored securely. No third party has access to your financial data. We never share your expense information with anyone.

Your Control

You can view, edit, or delete any expense record anytime from your Expenses page. Deleting an expense permanently removes it along with any uploaded bill image. You can also export your expense data as a PDF report.

12 👤 Profile & Account Privacy

Information We Collect

Profile Data: When you update your profile, we collect your full name, date of birth, gender, and optional business details (business name, GST number, business address). Your email and mobile number are collected during registration and cannot be changed later for security reasons.

Uploaded Content

Profile Photos: When you upload a profile photo, it is stored on secure cloud servers (Cloudinary). Only you can view and manage your profile photo. You can remove your photo anytime, which permanently deletes it from our servers. Photos must be JPG, PNG, or WebP format and under 5MB.

How We Use Your Data

Your profile information is used to personalize your experience, display your identity in chats and marketplace, and pre-fill business details on invoices. Your GST number helps generate tax-compliant invoices for your business.

Data Security

Your personal information including profile photos, business details, and GST number are encrypted and stored securely. We never share your personal or business information with third parties.

Two-Factor Authentication (2FA)

You can enable 2FA from /setup-2fa for extra account security. When enabled, we store your encrypted secret key and hashed backup codes. 2FA codes are never stored. You can disable 2FA anytime. All 2FA data is deleted on account deletion.

Account Deletion

You can permanently delete your account from /delete-account. Your identity is auto-verified from your session - only your password is required. If 2FA is enabled, you must provide a valid 2FA code or backup code. Upon deletion, all your data including profile, products, invoices, KYC documents, chats, orders, and expenses are permanently removed. This action cannot be undone.

Your Control

You can view and edit your profile anytime from the Profile page. Click the Edit button to update your name, date of birth, gender, and business details. Email and mobile number are locked for security. You can upload or remove your profile photo anytime. For complete data removal, use the Delete Account option in the Danger Zone section.

Business Logo

Business Logo: When you upload a business logo from your Profile page, it is stored on secure cloud servers (Cloudinary). Your logo appears on your invoice PDFs, marketplace store, and seller dashboard. Only you can upload, change, or remove your logo. Removed logos are permanently deleted from our servers. Logos must be JPG, PNG, or WebP format and under 5MB. If no logo is uploaded, default Billexa branding appears on your invoices. We never share your business logo with third parties.

13 📄 Data Retention

Data TypeRetentionDeletion
Account InfoUntil deletionOn request
ProductsUntil deletionOn request
Invoices7 years (legal)After 7 years
KYC DocumentsUntil deletionOn request / 30d
Ban RecordsPermanentFor platform security
Trust ScoreUntil KYC withdrawalOn KYC withdrawal/deletion
Analytics12 monthsRolling deletion
Chat Messages90 daysRolling deletion
Bot TokensUntil disconnectOn disconnect
Bot Logs30 daysRolling deletion
Support Tickets1 yearRolling deletion
IP Logs90 daysRolling deletion
Expense RecordsUntil deletionOn request
Expense Bill ImagesUntil expense deletedOn expense deletion
Profile PhotosUntil removalOn removal
Profile DataUntil account deletionOn account deletion

14 🔒 Your Rights under DPDP Act 2023

Under the Digital Personal Data Protection Act (DPDP Act) 2023, you have the following rights:

  • Right to Access: You can request a copy of all personal data Billexa holds about you. Contact admin@covexa.in.
  • Right to Correction: You can update inaccurate data anytime from your Profile page.
  • Right to Erasure (Right to be Forgotten): You can request deletion of your personal data by deleting your account or emailing us. Data is permanently removed within 30 days.
  • Right to Withdraw Consent: You can withdraw your consent anytime. Withdrawing consent will delete your account and all associated data within 30 days.
  • Right to Grievance Redressal: You can file a complaint with our Grievance Officer at admin@covexa.in. Response within 48 hours.
  • Right to Nominate: You have the right to nominate another person to exercise your rights in case of death or incapacity.
📌 Data Protection Board of India: If you are not satisfied with our response, you can file a complaint with the Data Protection Board of India.

15 🔗 Third-Party Services & Backup

Billexa uses the following third-party services to store and process data:

  • MongoDB Atlas – Primary database storage (India region). Data encrypted at rest and in transit.
  • Cloudinary – Storage for KYC documents, product images, expense bills, and profile photos. Enterprise-grade encryption.
  • GitHub – Automated encrypted backups of database dumps. Backups stored in private repositories.
  • MEGA (mega.nz) – Encrypted cloud backup storage for database dumps. End-to-end encryption. Backups are automatically deleted after 90 days. MEGA Privacy Policy.
  • Render – Web application hosting platform.

Billexa does not sell or share your personal data with any third party for marketing purposes.

16 📊 Privacy Comparison

FeatureBillingMarketplaceOrdersTelegramKYCAnalyticsExpensesProfileBan/LockTrust Score
Data Stored✅ Token✅ Docs✅ Stats✅ Records✅ Info✅ Locked✅ Score
Encrypted
Exportable✅ CSV✅ CSV✅ CSV/PDF✅ PDF✅ CSV/PDF✅ PDF
Deletable❌ Permanent
Shared?Listing publicSeller sees addressAdmin onlyBuyer visible
Self-ManageN/AN/AN/A✅ Disconnect✅ WithdrawN/AN/A✅ Delete❌ Appeal only✅ Auto

17 📞 Contact for Privacy Concerns

Grievance Officer (IT Act 2000 & GDPR)

  • Name: Shiv Kumar
  • Email: admin@covexa.in
  • Phone: +91 9351256357
  • Address: Arwar, Ajmer, Rajasthan

⏱️ Response: 24-48 hours. Urgent: "URGENT: Privacy Concern" in subject or /support on Telegram.

18 🔨 Ban & Document Lock Privacy

18.1 What Happens When Banned

  • 🚫 Immediate account suspension - cannot login
  • 🔒 All KYC documents (Aadhar, PAN, photos) permanently locked
  • 🚫 Aadhar & PAN numbers blocked from future use
  • 📦 Marketplace products removed
  • 💬 All active chats & orders terminated

18.2 Document Locking PERMANENT

When banned for valid reasons, your Aadhar and PAN numbers are permanently locked in our system. This means:

  • No other account can register with the same Aadhar number
  • No other account can use the same PAN number
  • Document images are flagged and cannot be re-uploaded
  • This prevents banned users from creating new accounts

18.3 Data After Ban

  • KYC documents retained for legal/compliance purposes
  • Document numbers stored in locked state
  • Personal data handled as per Data Retention policy (Section 13)

18.4 Unban & Data Recovery

If unbanned after appeal, documents are unlocked and account restored. Contact admin@covexa.in for ban appeals.

🔒 Privacy Note: Document locking protects the platform from fraud. Locked documents are never shared or reused.

19 ⭐ Trust Score Privacy

19.1 What We Calculate

Trust Score is calculated automatically based on:

  • 🔒 KYC verification status (+30 points)
  • 📦 Number of products listed (+3 to +10)
  • 💰 Total sales completed (+3 to +10)
  • 🚚 Delivery performance ratio (+5 to +15)

19.2 Data Used

Only your own marketplace data is used. We do NOT access:

  • Other sellers' data for comparison
  • Your personal browsing history
  • External credit scores or financial data

19.3 Score Visibility

  • ✅ Visible to buyers on product detail pages
  • ✅ Visible to you on your KYC page
  • ❌ NOT shared with third parties
  • ❌ NOT used for any purpose other than marketplace trust

19.4 Auto-Update Schedule

Trust scores update automatically every midnight. No manual intervention. Scores reflect real-time product, sales, and delivery data.

19.5 Score Deletion

Trust score is deleted when you delete your account or withdraw KYC verification.

🔄 Transparency: Score calculation formula is public (see Terms Section 26). No hidden factors.

20 🤖 AI Assistant Privacy

20.1 What We Collect

  • Query Content: Your questions/messages sent to the AI assistant
  • Usage Data: Daily query count for rate limiting (10 guest, 30 registered, unlimited admin)
  • Response Data: AI-generated replies (not stored long-term)

20.2 What We DON'T Collect

  • ❌ Your personal identity is NOT sent to AI providers
  • ❌ Your business data (invoices, products, expenses) is NOT shared
  • ❌ Your account password or sensitive details
  • ❌ Chat history is NOT stored permanently

20.3 Third-Party AI Providers

Queries are processed through OpenRouter API, which routes to these models:

  • Google Gemini (2.0 Flash, 1.5 Flash)
  • Meta Llama (3.2, 3.1)
  • Mistral AI (7B)

These providers do NOT use your queries for training. Data is transmitted securely via HTTPS.

20.4 Data Storage & Security

  • Query count stored in MongoDB for rate limiting
  • Query content NOT stored after response is generated
  • All AI API calls encrypted via HTTPS
  • Rate limit resets daily at midnight IST

20.5 Your Control

  • AI assistant is optional - use it only when needed
  • No personal data tied to AI queries
  • Query logs purged daily

20.6 Data Retention

  • Query Count: 24 hours (resets midnight)
  • Query Content: Not stored
  • AI Responses: Not stored
🔒 Privacy Guarantee: Your questions to Billexa AI are private. We don't store, share, or use them for training. No personal or business data leaves your account.

21 📝 Login History Privacy

21.1 What We Track

Billexa maintains a login history for account security. Each login attempt records:

  • 🌐 IP Address - For location and device identification
  • 💻 Browser & OS - Chrome, Firefox, Windows, Mac, etc.
  • 📱 Device Type - Desktop, Mobile, Tablet
  • 🕐 Timestamp - Date and time of login
  • ✅/❌ Success/Failure - Whether login was successful
  • 🆕 New Device Flag - First time from this device

21.2 What We DON'T Track

  • ❌ Your exact physical location (GPS)
  • ❌ Your browsing activity outside Billexa
  • ❌ Your device's unique ID or serial number
  • ❌ Your screen resolution or other fingerprinting data

21.3 Purpose

  • 🔍 Help you monitor account activity
  • 🚨 Detect suspicious or unauthorized access
  • 🛡️ Protect against hacking attempts
  • 📊 Provide security insights

21.4 Your Control

  • ✅ View your login history anytime at /login-history
  • ✅ Clear your history with one click
  • ✅ Last 50 records retained (max)
  • ✅ Failed attempts highlighted for your awareness

21.5 Data Retention

  • Maximum 50 login records stored
  • Older records automatically removed
  • Cleared history is permanently deleted
  • Deleted data cannot be recovered

21.6 Admin Alerts

For admin accounts only, Telegram alerts are sent for:

  • 🆕 Login from unrecognized device
  • 🔒 Account lockout after failed attempts
  • ✅ Successful admin login

Normal users do NOT receive these alerts.

🔐 Privacy Note: Login history is private to your account. No one else can view it. Admin cannot view normal user login history without permission.

22 🔐 Two-Factor Authentication Privacy

22.1 What is 2FA?

Two-Factor Authentication adds extra security to your account. After entering your password, a 6-digit code from an authenticator app (Google Authenticator, Authy, Microsoft Authenticator) is required based on your configured login threshold.

22.2 What We Store

  • 🔑 Encrypted Secret Key — Used to verify 6-digit codes
  • 🎫 Backup Codes — 8 one-time use codes (securely stored)
  • 📅 Setup Date — When 2FA was enabled on your account
  • 📊 Daily Login Count — For Smart 2FA threshold tracking
  • ⚙️ Threshold Setting — Your configured login limit (default: 3)

22.3 What We DON'T Store

  • ❌ Your authenticator app data — stored only on your device
  • ❌ Your phone's other 2FA codes — we only have Billexa's secret
  • ❌ Screenshots or QR code images after setup — QR shown once
  • ❌ Your 6-digit codes — these are one-time, never stored
  • ❌ Login timestamps linked to 2FA — only daily count, not exact times

22.4 Available for ALL Users UPDATED

  • ✅ 2FA is available for ALL users — Admin + Normal Users
  • 👤 Any logged-in user can enable 2FA from /setup-2fa
  • 🛡️ 2FA data stored only for users who enable it
  • 🔒 No 2FA data collected for users who haven't enabled it

22.5 Smart 2FA System

Billexa uses Smart 2FA — flexible login security:

  • 📊 Daily login counter tracks logins per day
  • 🔄 Counter resets automatically at midnight IST
  • 🔢 Default threshold: 3 free logins (4th login needs 2FA)
  • ⚙️ Users can change threshold: 1-20 logins
  • 🔐 Set to 1 for maximum security (2FA on every login)
  • 📊 Only login count stored, not individual login times

22.6 Data Security

  • 🔐 Secret key stored securely in database
  • 🔐 Backup codes stored with one-way protection
  • 🔐 All 2FA data permanently deleted when you disable 2FA
  • 🔐 Daily counter reset on 2FA disable
  • 🔐 All 2FA data deleted on account deletion
  • 🔐 HTTPS encryption for all API calls

22.7 Backup Codes

  • 🎫 8 backup codes generated during setup
  • 🔢 Format: XXXX-XXXX (e.g., AB12-CD34)
  • ✅ Each code works only once
  • 🗑️ Used codes are permanently removed
  • ⚠️ Lost backup codes cannot be recovered
  • 🔄 Disabling and re-enabling 2FA generates new backup codes

22.8 Your Control

  • ✅ Enable/disable 2FA anytime at /setup-2fa
  • ✅ View backup codes remaining
  • ✅ Change 2FA threshold (1-20) from setup page
  • ✅ All 2FA data automatically deleted on account deletion
  • ✅ Disable 2FA requires password + 2FA code (or backup code)

22.9 Lockout Protection

  • 🔒 After 5 failed login attempts → 15-minute account lock
  • ⏰ Auto-unlock after 15 minutes
  • ✅ Successful 2FA verification resets the counter
  • 🛡️ Applies to all accounts with 2FA enabled
🔒 Maximum Privacy: 2FA secret key never leaves our servers. Your authenticator app generates codes locally on your device. No third-party is involved in code generation. Billexa staff will NEVER ask for your 2FA codes or backup codes.

23 🔑 Password Recovery Privacy

23.1 Forgot Password Process

To reset your password, you must verify your identity through:

  • 👤 Username or Email
  • 📱 Registered Mobile Number
  • 📅 Date of Birth

All three must match our records exactly.

23.2 Identity Verification Privacy

  • 🔒 Failed verification does NOT reveal which field is wrong
  • 🔒 Multiple failed attempts may trigger security review
  • 🔒 We do NOT send passwords via email/SMS
  • 🔒 No password reset links (prevents phishing)

23.3 What We Verify

FieldStored AsVerification
Passwordbcrypt hashNever revealed
MobilePlain textExact match
DOBPlain textExact match
EmailPlain textCase insensitive

23.4 Change Password (Logged In)

  • 🔒 Current password required
  • 🔒 New password must be 6+ characters
  • 🔒 Password strength indicator provided
  • 🔒 Old password verified before change
  • 🔒 Session remains active after change

23.5 Password Security

  • 🔐 All passwords hashed with bcrypt (10 rounds)
  • 🔐 Plain text passwords NEVER stored
  • 🔐 Old password required for changes
  • 🔐 No password recovery via email (prevents email hijack)

23.6 Account Recovery Limitations

  • ⚠️ Email and mobile cannot be changed after registration
  • ⚠️ Lost access to both = account may be unrecoverable
  • ⚠️ Contact support for manual verification (may require KYC)
🔒 Security Note: Billexa never asks for your password via email, phone, or message. All password resets happen on our secure website only.

24 ⏱️ Rate Limiting & Privacy

24.1 What We Track for Rate Limiting

To enforce fair usage and protect the platform, we temporarily track:

  • 🌐 IP Address - To identify unique visitors
  • 🔢 Request Count - Number of requests per time window
  • 🕐 Timestamp - When requests were made
  • 🛤️ Route Path - Which endpoints were accessed

24.2 What We DON'T Track

  • ❌ Personal identity (name, email, mobile)
  • ❌ Request content or payload data
  • ❌ Browsing history across sites
  • ❌ Device fingerprinting

24.3 Data Storage

  • Rate limit counters stored in memory only
  • Data automatically expires after the time window
  • No permanent storage of rate limit data
  • No database records created for rate limiting

24.4 Current Limits

RouteLimitWindow
Login / Register515 min
KYC Upload31 hour
Support / Feedback530 min
Delete Account21 hour
General API10015 min
All Routes5015 min

24.5 Your Privacy

  • 🔒 Rate limit data never shared with third parties
  • 🔒 No personal information stored in rate limit counters
  • 🔒 IP addresses not logged permanently
  • 🔒 Rate limiting is for platform protection only

24.6 Data Retention

  • Rate Limit Counters: Auto-deleted after time window expires (15 min - 1 hour)
  • No permanent records: Rate limit violations are not stored
  • No profiling: We don't build user profiles from rate limit data
🔒 Privacy Guarantee: Rate limiting uses temporary in-memory counters only. No personal data is collected, stored, or shared for rate limiting purposes.

25 🎁 Referral Program Privacy

🔒 Your Privacy Matters
We collect only essential data to process your referral rewards. Your UPI ID is encrypted and never shared with other users.

25.1 Data We Collect

Data Type Purpose Retention
💳 UPI ID For sending referral payouts only Until account deletion
🔗 Referral Code Unique identifier for tracking referrals Until account deletion
👥 Referral Records Who referred whom Until account deletion
📊 Condition Progress UPI, Email, KYC, Product, 7 Days status Until account deletion
💰 Payout History UTR numbers, amounts, dates 7 years (legal compliance)
📋 UPI History Previous UPI IDs for security audit (admin only) Max 20 records

25.2 What We DON'T Collect

  • ❌ Bank account numbers or IFSC codes
  • ❌ UPI PIN, passwords, or OTPs
  • ❌ Payment gateway or wallet credentials
  • ❌ Aadhar/PAN numbers (stored separately in KYC)

25.3 How Data is Used

  • ✅ UPI ID used exclusively for sending referral rewards
  • ✅ Referral code displayed publicly for sharing
  • ✅ 5 conditions auto-tracked for payout eligibility
  • ✅ UTR number shared with referrer after payment
  • ✅ UPI change history logged for security & audit (admin only)

25.4 Reward Distribution

🎁 Who Gets Rewarded: Only the referrer (person who shares the link) receives ₹50 per successful referral. The referred friend gets free platform access with all features unlocked.

25.5 Eligibility Conditions (5)

The following conditions are automatically checked for the referred user:

  1. 💳 UPI ID Set
  2. 📧 Email Verified
  3. 🛡️ KYC Verified (Aadhar + PAN)
  4. 📦 At least 1 Product Added
  5. 📅 Account 7 Days Old

Conditions auto-update when the referred user performs actions. Click any referral to see real-time progress with ✅/⏳ status and estimated completion time.

25.6 Data Visibility

Data 👤 You 👑 Admin 👥 Others
Your UPI ID
Referral Status
Condition Progress
UTR Number
UPI History

25.7 Data Retention

  • 📁 Referral records: Until account deletion
  • 💳 UPI ID: Deleted on account deletion
  • 📋 UPI History: Max 20 records, oldest removed first
  • 💰 Payout history: 7 years (legal compliance)
  • 📊 Condition progress: Deleted with referral record

25.8 Your Rights & Control

  • ✏️ Edit UPI ID anytime from Referral page
  • 👁️ View condition progress by clicking any referral
  • 🗑️ Delete all data by deleting your account
  • 🔒 UPI ID never shared with other users
  • 📋 UPI history hidden from you (admin-only for security)
🔒 Privacy Guarantee: Your UPI ID is encrypted and private. Only you and authorized admin can view it. We never share your payment details with anyone. All referral data is permanently deleted when you delete your account.

26 🔒 Single Session Protection

🔒 Maximum Account Security
Billexa enforces single-session login to protect your account from unauthorized access.

26.1 What is Single Session?

Single Session Protection ensures that your Billexa account can only be actively used on one device or browser at a time. If you log in on a new device, your previous session is automatically terminated.

26.2 How It Works

  • 🔐 One Active Session: Only the most recent login session is active
  • 🔄 Auto-Detection: System checks every 30 seconds
  • ⚠️ Instant Alert: Premium UI popup notifies you immediately
  • 🔑 Redirect: Automatically redirected to login page

26.3 What We Track

Data Purpose Retention
Session ID Identify current active session Until logout/new login
Session Timestamp Track when session was created Until session expires
Active Status Determine if session is valid Real-time check

26.4 What We DON'T Track

  • ❌ Your GPS or exact physical location
  • ❌ Your browsing history on other sites
  • ❌ Your device files or personal data
  • ❌ Screenshots or screen recordings
  • ❌ Keystrokes or form inputs

26.5 When Session is Terminated

Your session is automatically terminated when:

  • 📱 New Login: You log in on another device/browser
  • 🕐 Auto-Check: System detects mismatch (every 30 seconds)
  • 🔒 Manual Logout: You explicitly log out
  • Session Expiry: After 24 hours of inactivity

26.6 User Experience

  • 🎨 Premium UI Alert: Beautiful dark-themed popup notification
  • 📱 Mobile Responsive: Works perfectly on all devices
  • Instant Action: One-click redirect to login page
  • 🔐 Clear Message: "Your account was opened on another device"

26.7 Data Security

  • 🔐 Session ID stored securely in database
  • 🔐 All session checks via encrypted HTTPS
  • 🔐 No personal data in session check API calls
  • 🔐 Session data auto-cleared on logout
  • 🔐 Old sessions permanently removed

26.8 Your Control

  • Automatic: No setup required — works by default
  • Transparent: Clear notification when session ends
  • Instant: Immediate protection on new login
  • No Opt-Out: Mandatory for all accounts (security first)

26.9 Benefits

  • 🛡️ Prevent Account Sharing: One account = one user
  • 🔒 Stop Unauthorized Access: Old sessions auto-terminated
  • 📱 Device Switch Safety: Logout old device when switching
  • 🏢 Public Computer Protection: Forgot to logout? Auto-protected!
  • 🕵️ Password Leak Protection: If someone logs in, you know instantly

26.10 Data Retention

  • Active Session ID: Stored until new login or logout
  • Session Timestamp: Updated on each login
  • Terminated Sessions: Immediately removed
  • No Logs: Session termination events not permanently stored
🔒 Privacy Guarantee: Single Session Protection only tracks your active session ID. No personal data, location, or browsing activity is monitored. This feature exists solely to protect your account from unauthorized access.

27 🔥 Community Posts Privacy

27.1 What We Collect

  • 📝 Post Content: Text (max 500 chars), images (max 3, 5MB each), product links
  • 💬 Comment Content: Text (max 300 chars), timestamps, edit history
  • 👤 User Identity: Your name is visible on your posts and comments
  • ❤️ Like Data: Which posts and comments you've liked (publicly visible)
  • 📅 Timestamps: Post and comment creation and edit times

27.2 What We DON'T Collect

  • ❌ Your email or mobile - NEVER shared on posts or comments
  • ❌ Your location or IP - NOT linked to posts or comments
  • ❌ Your browsing history on other sites
  • ❌ Private messages or personal data

27.3 Content Visibility

  • 🌐 All posts and comments are public — visible to anyone visiting the feed
  • 👤 Your name appears on your posts and comments
  • 🖼️ Post images are publicly visible
  • 💬 Comment text is publicly visible
  • ❤️ Like counts on posts and comments are publicly visible
  • 🔗 Product links are publicly accessible

27.4 Image Storage & Security

  • ☁️ All post images stored on Cloudinary secure servers
  • 🔒 Images encrypted in transit and at rest
  • 🗑️ Deleted post images permanently removed from Cloudinary
  • 🖼️ Maximum 3 images per post, JPG/PNG/WebP only, 5MB each
  • 💬 Comments do NOT support image uploads (text only)

27.5 Data Control

  • ✏️ You can edit your posts anytime (text and images)
  • 🗑️ You can delete your posts anytime
  • 💬 You can edit or delete your comments anytime
  • 🖼️ Deleting a post removes all its images from Cloudinary
  • ❤️ Deleting a post removes all its likes and comments
  • 🔒 Account deletion removes all your posts and comments permanently

27.6 Data Retention

  • Active Posts & Comments: Retained until deleted by user or admin
  • Deleted Posts: Permanently removed immediately along with all comments
  • Deleted Comments: Soft-deleted (hidden from view, retained for moderation)
  • Post Images: Deleted from Cloudinary on post deletion
  • Like Data: Deleted with the post or comment

27.7 Third-Party Access

  • ☁️ Cloudinary: Only stores post images, never accesses content
  • 🔒 No advertisers have access to post or comment data
  • 🚫 No data sold to third parties
  • 👑 Admins can view and remove violating content (posts and comments)

27.8 Your Rights

  • ✅ Right to edit or delete your posts and comments anytime
  • ✅ Right to control your post and comment content
  • ✅ Right to have your data deleted on account closure
  • ✅ Posts and comments are deleted within 30 days of account deletion
🔒 Privacy Note: Your posts and comments are public — only share what you're comfortable with. Never post personal contact details or sensitive information. Billexa is not responsible for information you choose to share publicly.

28 🛒 Buyer Trust Score Privacy

28.1 What is Buyer Trust Score?

Just like sellers have Trust Scores, buyers also get a Trust Score (0-100) based on their marketplace order behavior. This helps sellers evaluate buyer reliability before accepting orders.

28.2 Data We Use for Calculation

Data PointSourcePurpose
Total Orders PlacedOrders DBActivity level assessment
Completed OrdersOrders DBReliability measurement
Cancelled OrdersOrders DBCancellation rate
Returned OrdersOrders DBReturn behavior
Total Amount SpentOrders DBSpending history
Account AgeUser DBAccount maturity

28.3 What We DON'T Use

  • ❌ Individual product details you viewed
  • ❌ Chat message content with sellers
  • ❌ Your payment method or UPI details
  • ❌ Your browsing history on the platform
  • ❌ Other buyers' data for comparison

28.4 Score Visibility

WhoCan See Score?Context
👤 You (Buyer)AI Assistant, Profile
🏪 SellerOnly on Order Detail page for their orders
👑 AdminFor platform management
👥 Other BuyersNever visible
🌐 PublicNever visible

28.5 Buyer Badges

Based on Trust Score, buyers get automatic badges:

  • 🏆 Trusted Buyer (90-100)
  • Premium Buyer (75-89)
  • 👍 Verified Buyer (60-74)
  • 👤 Regular Buyer (40-59)
  • 🆕 New Buyer (0-39)

28.6 Score Updates

  • 🔄 Auto-update: Score recalculates automatically on every order event (created, completed, cancelled, returned)
  • Real-time: Changes reflect immediately after order status changes
  • 📊 Formula: Based on orders completed, completion rate, cancellation rate, returns, spending, and account age

28.7 Data Retention

  • 📁 Buyer stats retained while account is active
  • 🗑️ All buyer trust data deleted on account deletion
  • 📊 Score history not stored — only current score
🔒 Privacy Note: Buyer Trust Score helps create a safer marketplace. Sellers can make informed decisions without accessing your personal details. Your email, phone, and address remain private.

Continue to Registration