Billexa is committed to protecting your privacy across Billing, Marketplace, KYC, Telegram Bot, Admin Bot, Support Tickets, Analytics, Expense Tracking, Profile, Order Tracking, Two-Factor Authentication (2FA), Rate Limiting, and Account Deletion. By using Billexa, you consent to this policy.
📑 Privacy Policy Contents
- 1. Introduction
- 2. Data We Collect
- 3. How We Use Data
- 4. Data Sharing
- 5. Security Measures
- 6. 🛡️ KYC
- 7. 📊 Analytics
- 8. 🛒 Marketplace
- 9. 🤖 Telegram Bot
- 10. 👑 Admin & Support
- 11. 💰 Expense
- 12. 👤 Profile
- 13. Data Retention
- 14. Your Rights
- 15. Third-Party
- 16. Comparison
- 17. Contact
- 18. 🔨 Ban & Lock
- 19. ⭐ Trust Score
- 20. 🤖 AI Assistant
- 21. 📝 Login History
- 22. 🔐 2FA Privacy
- 23. 🔑 Password Recovery
- 24. ⏱️ Rate Limiting
- 25. 🎁 Referral
- 26. 🔒 Single Session
- 27. 🔥 Community Posts
- 28. 🛒 Buyer Trust Score
1 Introduction
2 Data We Collect
- Account: Name, email, mobile, DOB
- Billing: Products, invoices, sales, barcodes
- Marketplace: Listings, images, videos, payment proofs
- Orders: Name, mobile, address, status history
- KYC: Aadhar (F/B), PAN, Shop Photo, Selfie, Business info
- Telegram: Bot Token (encrypted), Chat ID, Username, command logs (30d)
- Analytics: Views (IP), clicks, conversions, revenue, demographics (anonymized)
- Support: Ticket content, category, status
- Expense Data: When you use the Expense Tracker, we collect information about your business expenses including the amount spent, expense category (Shop Rent, Electricity, Staff Salary, Internet, Transport, Raw Material, Marketing, Maintenance, Other), description, date of expense, and payment mode. If you upload bill or receipt images, those are securely stored to help you maintain financial records.
- Profile Data: When you update your profile, we collect your full name, date of birth, gender, and optional business details (business name, GST number, business address). Your email and mobile number are collected during registration and cannot be changed later for security reasons.
✍️ Invoice & Signature Data
When you use the optional signature feature on invoices (photo upload or digital draw), the signature image is stored securely in your invoice records. You are solely responsible for the authenticity and lawful use of all signatures and invoices generated from your account. Billexa does not use your signature data for any purpose other than displaying it on your invoices. Signature data is deleted when you delete your account.
📸 Uploaded Content
Expense Bill Images: When you upload bill or receipt images for your expenses, these are stored on secure cloud servers (Cloudinary). Only you can view these images through your account. When you delete an expense record, the associated bill image is permanently removed.
Profile Photos: When you upload a profile photo, it is stored on secure cloud servers (Cloudinary). Only you can view and manage your profile photo. You can remove your photo anytime, which permanently deletes it from our servers. Photos must be JPG, PNG, or WebP format and under 5MB.
3 How We Use Data
- Provide Platform services, process orders, facilitate delivery
- Verify seller identity (KYC), assign Verified badge
- Generate invoices, reports, analytics
- Send Telegram Bot alerts
- Manage support tickets
- Improve Platform, prevent fraud, comply with law
- Financial Reports: Your expense data combined with invoice data allows us to provide accurate profit/loss calculations, expense summaries, and downloadable PDF reports. This helps you understand your business performance at a glance.
- Profile Personalization: Your profile information is used to personalize your experience, display your identity in chats and marketplace, and pre-fill business details on invoices. Your GST number helps generate tax-compliant invoices for your business.
4 Data Sharing
NEVER sell data. Shared only: with consent (bot, delivery), legal orders, trusted providers (MongoDB, Cloudinary, Telegram API, PDFKit). Seller sees buyer name/mobile/address for delivery. KYC docs: admin only. Expense records and bill images are never shared with anyone. Profile photos and business details are never shared with third parties.
5 Security Measures
- bcrypt password hashing (10 rounds)
- HTTPS/SSL encryption for all connections
- MongoDB Atlas encryption at rest
- Cloudinary enterprise security (KYC docs, expense bills, profile photos)
- Bot Token encryption for Telegram bots
- Helmet.js security headers (CSP, XSS protection)
- Rate limiting on all routes (prevents brute force & DDoS)
- 24-hour session timeout with MongoDB session store
- IP logging for suspicious activity
- CORS protection
- Two-Factor Authentication (2FA) with encrypted secrets
- Account deletion requires password + 2FA verification
- Login lockout after 5 failed attempts (15 minutes)
Your expense records and bill images are encrypted and stored securely. No third party has access to your financial data. We never share your expense information with anyone. Your personal information including profile photos, business details, and GST number are encrypted and stored securely. We never share your personal or business information with third parties.
6 🛡️ KYC & Seller Verification Privacy
What We Collect SENSITIVE
- Aadhar Card (Front & Back), PAN Card, Shop Photo, Selfie, Business name & type, City & State
How We Use It
- Verify seller identity only. Assign 🟢 Verified badge. Fraud prevention.
Storage & Access
- Cloudinary enterprise security. Only admin can view. Never shared with buyers/sellers. Encrypted in transit & at rest.
Retention & Control
- Until account deletion. Deleted within 30 days. Withdraw anytime. Re-submit up to 3 times.
7 📊 Seller Dashboard & Analytics Privacy
What We Track
- Product views (IP-based, anonymous), clicks, conversions, revenue, customer locations (city/state only), peak times
What We DON'T Track
- Individual buyer identities, other sellers' data, personal browsing history
Data Isolation
- Each seller sees ONLY own analytics. No cross-seller sharing. Buyers anonymous.
Retention
- Views/Clicks: 12 months. Revenue: 7 years (legal). Aggregated: Indefinitely (anonymized).
Your Control
- View: Dashboard → Analytics. Export CSV/PDF. Opt-out via support. Deleted on account closure.
8 🛒 Marketplace Data Privacy
📋 Buyer Data (Visible to Seller)
- Name, Mobile, Address shared for delivery purposes only.
- Optional fields: Alternate Mobile, Landmark, Pincode also visible to seller for delivery.
- NOT shared after order completion or cancellation.
- Quantity ordered by buyer and total amount calculated (Price × Quantity) visible to seller. Stock automatically decreases when order is placed and restores on cancellation or delivery (Auto Restock feature).
- Buyer identity protected — seller cannot contact after order completion.
- Buyer email never shared with seller.
- Phone Number Access: Buyer must click "Show Contact Number" button to reveal seller's phone. Seller's number is never auto-displayed.
- Pincode Search: Buyers can filter products by pincode to find nearby sellers. Pincode shown on product details for location reference.
🏪 Seller Data (Visible to Buyer)
- Shop/Seller name, Verified/Unverified badge, Product listings, Ratings & Reviews.
- KYC Signature (if verified) displayed on products & invoices.
- Trust Score visible to help buyers make informed decisions.
- NOT visible: Email, Phone, Address, Aadhar, PAN, Bank details.
- Phone Number (Seller Controlled): Seller can optionally add a contact number per product. Hidden by default — buyer clicks "Show Contact Number" to reveal. Only visible for KYC verified sellers. Seller can use different numbers for different products.
- Pincode (Optional): Seller can add area pincode per product. Visible on product detail and QR page. Helps buyers search products by location.
- Seller location (if provided) visible on product cards.
⭐ Reviews & Ratings Data
- Reviews are public — visible to all marketplace users.
- Review includes: Buyer name, Rating (1-5), Review text, Images (max 2).
- Review images stored on Cloudinary secure servers.
- Seller can view all reviews on their products via "Reviews" button.
- Buyer can delete their own review anytime from My Reviews.
- Review data used for product sorting (Top Rated, Most Reviewed).
- Average rating calculated from all verified reviews.
📦 Order & Transaction Data
- Order history stored for both buyer and seller reference.
- Cancellation records maintained for fraud prevention (Terms 17.8).
- Delivery status tracked and visible to both parties.
- Dispute data retained for resolution purposes.
- Order invoices (PDF) generated and stored securely.
- Order data exportable by both buyer and seller (CSV/PDF).
💬 Chat & Communication
- Chat messages stored for 90 days for dispute resolution.
- Chat includes: Text messages, Images, Payment proofs.
- Chat automatically deleted after 90 days.
- Voice/Video calls are peer-to-peer (WebRTC) — not recorded or stored.
- No call logs or recordings maintained.
💳 Payment Data
- Cash on Delivery (COD) only — no financial data (bank/card/UPI) stored.
- Payment proof images uploaded by buyer stored on Cloudinary.
- No online payment processing — all payments handled directly.
- Transaction amounts visible to both parties for order verification.
🔄 Return & Refund Data UPDATED
- 📸 Return Proof Images: Buyer can upload up to 3 images (JPG, PNG, WebP, max 5MB each) showing product damage/defect as proof.
- Images stored on Cloudinary secure servers temporarily during return process.
- Images visible to seller only for return request verification.
- Images auto-deleted permanently from Cloudinary when: ✅ Refund completed or ❌ Return rejected.
- Images are not retained after return resolution — protecting buyer privacy.
- Images are never shared publicly or with third parties.
- 📦 Pickup Address: Buyer provides pickup address during return request. Visible to seller only for item pickup. Not shared with third parties.
- 📅 Expected Dates: Seller provides Expected Pickup Date and Expected Refund Date on acceptance. Visible to both parties.
- Bank Details Collected: When buyer requests return, Account Holder Name, Account Number, IFSC Code, and Bank Name are collected for refund processing.
- Bank details are visible to seller only for the purpose of processing refund via UTR/Transaction ID.
- Last used bank details are auto-saved for buyer convenience. Buyer can update anytime.
- Bank details stored securely in encrypted database. Not shared with third parties.
- UTR/Transaction ID: Recorded when seller marks item as received and processes refund. Visible to both buyer and seller.
- Return reason and description visible to seller for evaluation.
- Return status history maintained for dispute resolution.
- Return data retained as long as order data is retained (active account).
- Bank details deleted on account closure along with all other personal data.
- Copy feature available for seller to easily copy account number and IFSC for payment apps.
🖼️ Product Images
- All product images stored on Cloudinary secure cloud servers.
- Only images allowed (no videos) for product listings.
- Max 10 images per product, 10MB each.
- Images deleted when product is deleted.
- Review images: Max 2 per review, 5MB each.
- KYC document images stored separately with enterprise security.
🛡️ Fraud Prevention Data
- Cancellation count tracked for penalty enforcement (Terms 17.8).
- 3+ cancellations in 30 days = KYC review/revocation.
- 5+ cancellations = Possible account ban.
- Delivery performance monitored for Trust Score calculation.
- Fraud reports stored for investigation.
- Banned users' Aadhar/PAN permanently blocked from reuse.
- Multiple accounts detection and prevention systems active.
🔍 Search & Analytics
- Product search covers: Title, Description, Product ID, Seller name, Location, Category.
- Sort options: Newest, Oldest, Price, Views, Rating, Reviews, Orders.
- Product views tracked for analytics (seller dashboard).
- Impressions and clicks tracked for seller analytics.
- Aggregated data used for marketplace trends (anonymized).
❤️ Wishlist Data
- Wishlist is private — only the logged-in user can view their own wishlist.
- Wishlist stores: Product ID and date added. No personal data shared.
- Wishlist data is not visible to sellers or other users.
- Removing item from wishlist permanently deletes the record.
- Clearing wishlist removes all saved items at once.
- Wishlist data retained until user removes items or deletes account.
- Wishlist count badge shown in navbar for quick access.
- No third-party access to wishlist data.
🏪 Seller Store Data
- Each seller's product page (/marketplace/seller-products) shows public product listings only.
- Seller avatar and name are visible (same as marketplace listings).
- KYC verification status and Trust Score are publicly visible.
- Seller's email, phone, and address are never exposed on the store page.
- Product search and filters available for browsing seller's catalog.
- Access via "View All Products" button on any product detail modal.
- Store page data is read-only and cached for performance.
🔗 QR Code & Sharing
- Each product has a unique QR code for easy sharing.
- QR page (`/p/PRODUCT-ID`) shows: Product images, Details, Reviews, Order form.
- QR page is public — anyone with the link can view.
- Ordering requires login for buyer protection.
📤 Data Export & Portability
- Sellers can export: Products (CSV/PDF), Orders (CSV/PDF), Analytics reports.
- Buyers can export: Order history, Invoices (PDF).
- Complete account data export available via admin request.
- Export includes: Profile, Products, Invoices, KYC, Marketplace, Orders, Reviews.
⏱️ Data Retention
- Active account data: Retained indefinitely while account is active.
- Chat messages: 90 days, then auto-deleted.
- Deleted products: Images removed from Cloudinary immediately.
- Deleted account: All data permanently deleted within 30 days.
- Banned users: Aadhar/PAN permanently retained to prevent re-registration.
- KYC documents: Deleted on account closure or KYC revocation.
🔐 Third-Party Services
- Cloudinary: Image storage (Products, Reviews, KYC). Enterprise-grade security.
- MongoDB Atlas: Database hosting with encryption at rest.
- Socket.io: Real-time chat (messages not stored by third party).
- WebRTC: Peer-to-peer calls (no server storage).
- No data sold or shared with advertisers or analytics companies.
9 🤖 Telegram Bot Data Privacy
What We Store MINIMAL
- Bot Token (encrypted), Chat ID, Username (optional), Alert preferences, Command logs (30 days)
What We DON'T Access
- Your Telegram messages, contacts, groups, or other bots
Security
- Token encrypted. Chat ID verified. Commands access only your data. No cross-user access.
Control
- Connect/disconnect anytime. /disconnect instant. All bot data deleted on disconnect. Alert settings customizable.
10 👑 Admin Bot & Support Privacy
Admin Access RESTRICTED
- Admin views platform-level stats only. Can view KYC docs for verification.
- Cannot view your invoices, product details, expense records, profile photos, or personal messages.
- All admin actions logged and auditable.
Support Tickets DATA
- Ticket content, category, status stored securely.
- Used for issue resolution only. Retained for 1 year.
- Admin replies visible to ticket creator only.
11 💰 Expense Tracking Privacy
Information We Collect
Expense Data: When you use the Expense Tracker, we collect information about your business expenses including the amount spent, expense category (Shop Rent, Electricity, Staff Salary, Internet, Transport, Raw Material, Marketing, Maintenance, Other), description, date of expense, and payment mode. If you upload bill or receipt images, those are securely stored to help you maintain financial records.
Uploaded Content
Expense Bill Images: When you upload bill or receipt images for your expenses, these are stored on secure cloud servers (Cloudinary). Only you can view these images through your account. When you delete an expense record, the associated bill image is permanently removed.
How We Use Your Data
Financial Reports: Your expense data combined with invoice data allows us to provide accurate profit/loss calculations, expense summaries, and downloadable PDF reports. This helps you understand your business performance at a glance.
Data Security
Your expense records and bill images are encrypted and stored securely. No third party has access to your financial data. We never share your expense information with anyone.
Your Control
You can view, edit, or delete any expense record anytime from your Expenses page. Deleting an expense permanently removes it along with any uploaded bill image. You can also export your expense data as a PDF report.
12 👤 Profile & Account Privacy
Information We Collect
Profile Data: When you update your profile, we collect your full name, date of birth, gender, and optional business details (business name, GST number, business address). Your email and mobile number are collected during registration and cannot be changed later for security reasons.
Uploaded Content
Profile Photos: When you upload a profile photo, it is stored on secure cloud servers (Cloudinary). Only you can view and manage your profile photo. You can remove your photo anytime, which permanently deletes it from our servers. Photos must be JPG, PNG, or WebP format and under 5MB.
How We Use Your Data
Your profile information is used to personalize your experience, display your identity in chats and marketplace, and pre-fill business details on invoices. Your GST number helps generate tax-compliant invoices for your business.
Data Security
Your personal information including profile photos, business details, and GST number are encrypted and stored securely. We never share your personal or business information with third parties.
Two-Factor Authentication (2FA)
You can enable 2FA from /setup-2fa for extra account security. When enabled, we store your encrypted secret key and hashed backup codes. 2FA codes are never stored. You can disable 2FA anytime. All 2FA data is deleted on account deletion.
Account Deletion
You can permanently delete your account from /delete-account. Your identity is auto-verified from your session - only your password is required. If 2FA is enabled, you must provide a valid 2FA code or backup code. Upon deletion, all your data including profile, products, invoices, KYC documents, chats, orders, and expenses are permanently removed. This action cannot be undone.
Your Control
You can view and edit your profile anytime from the Profile page. Click the Edit button to update your name, date of birth, gender, and business details. Email and mobile number are locked for security. You can upload or remove your profile photo anytime. For complete data removal, use the Delete Account option in the Danger Zone section.
Business Logo
Business Logo: When you upload a business logo from your Profile page, it is stored on secure cloud servers (Cloudinary). Your logo appears on your invoice PDFs, marketplace store, and seller dashboard. Only you can upload, change, or remove your logo. Removed logos are permanently deleted from our servers. Logos must be JPG, PNG, or WebP format and under 5MB. If no logo is uploaded, default Billexa branding appears on your invoices. We never share your business logo with third parties.
13 📄 Data Retention
| Data Type | Retention | Deletion |
|---|---|---|
| Account Info | Until deletion | On request |
| Products | Until deletion | On request |
| Invoices | 7 years (legal) | After 7 years |
| KYC Documents | Until deletion | On request / 30d |
| Ban Records | Permanent | For platform security |
| Trust Score | Until KYC withdrawal | On KYC withdrawal/deletion |
| Analytics | 12 months | Rolling deletion |
| Chat Messages | 90 days | Rolling deletion |
| Bot Tokens | Until disconnect | On disconnect |
| Bot Logs | 30 days | Rolling deletion |
| Support Tickets | 1 year | Rolling deletion |
| IP Logs | 90 days | Rolling deletion |
| Expense Records | Until deletion | On request |
| Expense Bill Images | Until expense deleted | On expense deletion |
| Profile Photos | Until removal | On removal |
| Profile Data | Until account deletion | On account deletion |
14 🔒 Your Rights under DPDP Act 2023
Under the Digital Personal Data Protection Act (DPDP Act) 2023, you have the following rights:
- Right to Access: You can request a copy of all personal data Billexa holds about you. Contact admin@covexa.in.
- Right to Correction: You can update inaccurate data anytime from your Profile page.
- Right to Erasure (Right to be Forgotten): You can request deletion of your personal data by deleting your account or emailing us. Data is permanently removed within 30 days.
- Right to Withdraw Consent: You can withdraw your consent anytime. Withdrawing consent will delete your account and all associated data within 30 days.
- Right to Grievance Redressal: You can file a complaint with our Grievance Officer at admin@covexa.in. Response within 48 hours.
- Right to Nominate: You have the right to nominate another person to exercise your rights in case of death or incapacity.
15 🔗 Third-Party Services & Backup
Billexa uses the following third-party services to store and process data:
- MongoDB Atlas – Primary database storage (India region). Data encrypted at rest and in transit.
- Cloudinary – Storage for KYC documents, product images, expense bills, and profile photos. Enterprise-grade encryption.
- GitHub – Automated encrypted backups of database dumps. Backups stored in private repositories.
- MEGA (mega.nz) – Encrypted cloud backup storage for database dumps. End-to-end encryption. Backups are automatically deleted after 90 days. MEGA Privacy Policy.
- Render – Web application hosting platform.
Billexa does not sell or share your personal data with any third party for marketing purposes.
16 📊 Privacy Comparison
| Feature | Billing | Marketplace | Orders | Telegram | KYC | Analytics | Expenses | Profile | Ban/Lock | Trust Score |
|---|---|---|---|---|---|---|---|---|---|---|
| Data Stored | ✅ | ✅ | ✅ | ✅ Token | ✅ Docs | ✅ Stats | ✅ Records | ✅ Info | ✅ Locked | ✅ Score |
| Encrypted | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Exportable | ✅ CSV | ✅ CSV | ✅ CSV/PDF | ❌ | ✅ CSV/PDF | ❌ | ❌ | ❌ | ||
| Deletable | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ Permanent | ✅ |
| Shared? | ❌ | Listing public | Seller sees address | ❌ | Admin only | ❌ | ❌ | ❌ | ❌ | Buyer visible |
| Self-Manage | N/A | N/A | N/A | ✅ Disconnect | ✅ Withdraw | N/A | N/A | ✅ Delete | ❌ Appeal only | ✅ Auto |
17 📞 Contact for Privacy Concerns
Grievance Officer (IT Act 2000 & GDPR)
- Name: Shiv Kumar
- Email: admin@covexa.in
- Phone: +91 9351256357
- Address: Arwar, Ajmer, Rajasthan
⏱️ Response: 24-48 hours. Urgent: "URGENT: Privacy Concern" in subject or /support on Telegram.
18 🔨 Ban & Document Lock Privacy
18.1 What Happens When Banned
- 🚫 Immediate account suspension - cannot login
- 🔒 All KYC documents (Aadhar, PAN, photos) permanently locked
- 🚫 Aadhar & PAN numbers blocked from future use
- 📦 Marketplace products removed
- 💬 All active chats & orders terminated
18.2 Document Locking PERMANENT
When banned for valid reasons, your Aadhar and PAN numbers are permanently locked in our system. This means:
- No other account can register with the same Aadhar number
- No other account can use the same PAN number
- Document images are flagged and cannot be re-uploaded
- This prevents banned users from creating new accounts
18.3 Data After Ban
- KYC documents retained for legal/compliance purposes
- Document numbers stored in locked state
- Personal data handled as per Data Retention policy (Section 13)
18.4 Unban & Data Recovery
If unbanned after appeal, documents are unlocked and account restored. Contact admin@covexa.in for ban appeals.
19 ⭐ Trust Score Privacy
19.1 What We Calculate
Trust Score is calculated automatically based on:
- 🔒 KYC verification status (+30 points)
- 📦 Number of products listed (+3 to +10)
- 💰 Total sales completed (+3 to +10)
- 🚚 Delivery performance ratio (+5 to +15)
19.2 Data Used
Only your own marketplace data is used. We do NOT access:
- Other sellers' data for comparison
- Your personal browsing history
- External credit scores or financial data
19.3 Score Visibility
- ✅ Visible to buyers on product detail pages
- ✅ Visible to you on your KYC page
- ❌ NOT shared with third parties
- ❌ NOT used for any purpose other than marketplace trust
19.4 Auto-Update Schedule
Trust scores update automatically every midnight. No manual intervention. Scores reflect real-time product, sales, and delivery data.
19.5 Score Deletion
Trust score is deleted when you delete your account or withdraw KYC verification.
20 🤖 AI Assistant Privacy
20.1 What We Collect
- Query Content: Your questions/messages sent to the AI assistant
- Usage Data: Daily query count for rate limiting (10 guest, 30 registered, unlimited admin)
- Response Data: AI-generated replies (not stored long-term)
20.2 What We DON'T Collect
- ❌ Your personal identity is NOT sent to AI providers
- ❌ Your business data (invoices, products, expenses) is NOT shared
- ❌ Your account password or sensitive details
- ❌ Chat history is NOT stored permanently
20.3 Third-Party AI Providers
Queries are processed through OpenRouter API, which routes to these models:
- Google Gemini (2.0 Flash, 1.5 Flash)
- Meta Llama (3.2, 3.1)
- Mistral AI (7B)
These providers do NOT use your queries for training. Data is transmitted securely via HTTPS.
20.4 Data Storage & Security
- Query count stored in MongoDB for rate limiting
- Query content NOT stored after response is generated
- All AI API calls encrypted via HTTPS
- Rate limit resets daily at midnight IST
20.5 Your Control
- AI assistant is optional - use it only when needed
- No personal data tied to AI queries
- Query logs purged daily
20.6 Data Retention
- Query Count: 24 hours (resets midnight)
- Query Content: Not stored
- AI Responses: Not stored
21 📝 Login History Privacy
21.1 What We Track
Billexa maintains a login history for account security. Each login attempt records:
- 🌐 IP Address - For location and device identification
- 💻 Browser & OS - Chrome, Firefox, Windows, Mac, etc.
- 📱 Device Type - Desktop, Mobile, Tablet
- 🕐 Timestamp - Date and time of login
- ✅/❌ Success/Failure - Whether login was successful
- 🆕 New Device Flag - First time from this device
21.2 What We DON'T Track
- ❌ Your exact physical location (GPS)
- ❌ Your browsing activity outside Billexa
- ❌ Your device's unique ID or serial number
- ❌ Your screen resolution or other fingerprinting data
21.3 Purpose
- 🔍 Help you monitor account activity
- 🚨 Detect suspicious or unauthorized access
- 🛡️ Protect against hacking attempts
- 📊 Provide security insights
21.4 Your Control
- ✅ View your login history anytime at /login-history
- ✅ Clear your history with one click
- ✅ Last 50 records retained (max)
- ✅ Failed attempts highlighted for your awareness
21.5 Data Retention
- Maximum 50 login records stored
- Older records automatically removed
- Cleared history is permanently deleted
- Deleted data cannot be recovered
21.6 Admin Alerts
For admin accounts only, Telegram alerts are sent for:
- 🆕 Login from unrecognized device
- 🔒 Account lockout after failed attempts
- ✅ Successful admin login
Normal users do NOT receive these alerts.
22 🔐 Two-Factor Authentication Privacy
22.1 What is 2FA?
Two-Factor Authentication adds extra security to your account. After entering your password, a 6-digit code from an authenticator app (Google Authenticator, Authy, Microsoft Authenticator) is required based on your configured login threshold.
22.2 What We Store
- 🔑 Encrypted Secret Key — Used to verify 6-digit codes
- 🎫 Backup Codes — 8 one-time use codes (securely stored)
- 📅 Setup Date — When 2FA was enabled on your account
- 📊 Daily Login Count — For Smart 2FA threshold tracking
- ⚙️ Threshold Setting — Your configured login limit (default: 3)
22.3 What We DON'T Store
- ❌ Your authenticator app data — stored only on your device
- ❌ Your phone's other 2FA codes — we only have Billexa's secret
- ❌ Screenshots or QR code images after setup — QR shown once
- ❌ Your 6-digit codes — these are one-time, never stored
- ❌ Login timestamps linked to 2FA — only daily count, not exact times
22.4 Available for ALL Users UPDATED
- ✅ 2FA is available for ALL users — Admin + Normal Users
- 👤 Any logged-in user can enable 2FA from /setup-2fa
- 🛡️ 2FA data stored only for users who enable it
- 🔒 No 2FA data collected for users who haven't enabled it
22.5 Smart 2FA System
Billexa uses Smart 2FA — flexible login security:
- 📊 Daily login counter tracks logins per day
- 🔄 Counter resets automatically at midnight IST
- 🔢 Default threshold: 3 free logins (4th login needs 2FA)
- ⚙️ Users can change threshold: 1-20 logins
- 🔐 Set to 1 for maximum security (2FA on every login)
- 📊 Only login count stored, not individual login times
22.6 Data Security
- 🔐 Secret key stored securely in database
- 🔐 Backup codes stored with one-way protection
- 🔐 All 2FA data permanently deleted when you disable 2FA
- 🔐 Daily counter reset on 2FA disable
- 🔐 All 2FA data deleted on account deletion
- 🔐 HTTPS encryption for all API calls
22.7 Backup Codes
- 🎫 8 backup codes generated during setup
- 🔢 Format: XXXX-XXXX (e.g., AB12-CD34)
- ✅ Each code works only once
- 🗑️ Used codes are permanently removed
- ⚠️ Lost backup codes cannot be recovered
- 🔄 Disabling and re-enabling 2FA generates new backup codes
22.8 Your Control
- ✅ Enable/disable 2FA anytime at /setup-2fa
- ✅ View backup codes remaining
- ✅ Change 2FA threshold (1-20) from setup page
- ✅ All 2FA data automatically deleted on account deletion
- ✅ Disable 2FA requires password + 2FA code (or backup code)
22.9 Lockout Protection
- 🔒 After 5 failed login attempts → 15-minute account lock
- ⏰ Auto-unlock after 15 minutes
- ✅ Successful 2FA verification resets the counter
- 🛡️ Applies to all accounts with 2FA enabled
23 🔑 Password Recovery Privacy
23.1 Forgot Password Process
To reset your password, you must verify your identity through:
- 👤 Username or Email
- 📱 Registered Mobile Number
- 📅 Date of Birth
All three must match our records exactly.
23.2 Identity Verification Privacy
- 🔒 Failed verification does NOT reveal which field is wrong
- 🔒 Multiple failed attempts may trigger security review
- 🔒 We do NOT send passwords via email/SMS
- 🔒 No password reset links (prevents phishing)
23.3 What We Verify
| Field | Stored As | Verification |
|---|---|---|
| Password | bcrypt hash | Never revealed |
| Mobile | Plain text | Exact match |
| DOB | Plain text | Exact match |
| Plain text | Case insensitive |
23.4 Change Password (Logged In)
- 🔒 Current password required
- 🔒 New password must be 6+ characters
- 🔒 Password strength indicator provided
- 🔒 Old password verified before change
- 🔒 Session remains active after change
23.5 Password Security
- 🔐 All passwords hashed with bcrypt (10 rounds)
- 🔐 Plain text passwords NEVER stored
- 🔐 Old password required for changes
- 🔐 No password recovery via email (prevents email hijack)
23.6 Account Recovery Limitations
- ⚠️ Email and mobile cannot be changed after registration
- ⚠️ Lost access to both = account may be unrecoverable
- ⚠️ Contact support for manual verification (may require KYC)
24 ⏱️ Rate Limiting & Privacy
24.1 What We Track for Rate Limiting
To enforce fair usage and protect the platform, we temporarily track:
- 🌐 IP Address - To identify unique visitors
- 🔢 Request Count - Number of requests per time window
- 🕐 Timestamp - When requests were made
- 🛤️ Route Path - Which endpoints were accessed
24.2 What We DON'T Track
- ❌ Personal identity (name, email, mobile)
- ❌ Request content or payload data
- ❌ Browsing history across sites
- ❌ Device fingerprinting
24.3 Data Storage
- Rate limit counters stored in memory only
- Data automatically expires after the time window
- No permanent storage of rate limit data
- No database records created for rate limiting
24.4 Current Limits
| Route | Limit | Window |
|---|---|---|
| Login / Register | 5 | 15 min |
| KYC Upload | 3 | 1 hour |
| Support / Feedback | 5 | 30 min |
| Delete Account | 2 | 1 hour |
| General API | 100 | 15 min |
| All Routes | 50 | 15 min |
24.5 Your Privacy
- 🔒 Rate limit data never shared with third parties
- 🔒 No personal information stored in rate limit counters
- 🔒 IP addresses not logged permanently
- 🔒 Rate limiting is for platform protection only
24.6 Data Retention
- Rate Limit Counters: Auto-deleted after time window expires (15 min - 1 hour)
- No permanent records: Rate limit violations are not stored
- No profiling: We don't build user profiles from rate limit data
25 🎁 Referral Program Privacy
We collect only essential data to process your referral rewards. Your UPI ID is encrypted and never shared with other users.
25.1 Data We Collect
| Data Type | Purpose | Retention |
|---|---|---|
| 💳 UPI ID | For sending referral payouts only | Until account deletion |
| 🔗 Referral Code | Unique identifier for tracking referrals | Until account deletion |
| 👥 Referral Records | Who referred whom | Until account deletion |
| 📊 Condition Progress | UPI, Email, KYC, Product, 7 Days status | Until account deletion |
| 💰 Payout History | UTR numbers, amounts, dates | 7 years (legal compliance) |
| 📋 UPI History | Previous UPI IDs for security audit (admin only) | Max 20 records |
25.2 What We DON'T Collect
- ❌ Bank account numbers or IFSC codes
- ❌ UPI PIN, passwords, or OTPs
- ❌ Payment gateway or wallet credentials
- ❌ Aadhar/PAN numbers (stored separately in KYC)
25.3 How Data is Used
- ✅ UPI ID used exclusively for sending referral rewards
- ✅ Referral code displayed publicly for sharing
- ✅ 5 conditions auto-tracked for payout eligibility
- ✅ UTR number shared with referrer after payment
- ✅ UPI change history logged for security & audit (admin only)
25.4 Reward Distribution
🎁 Who Gets Rewarded: Only the referrer (person who shares the link) receives ₹50 per successful referral. The referred friend gets free platform access with all features unlocked.
25.5 Eligibility Conditions (5)
The following conditions are automatically checked for the referred user:
- 💳 UPI ID Set
- 📧 Email Verified
- 🛡️ KYC Verified (Aadhar + PAN)
- 📦 At least 1 Product Added
- 📅 Account 7 Days Old
Conditions auto-update when the referred user performs actions. Click any referral to see real-time progress with ✅/⏳ status and estimated completion time.
25.6 Data Visibility
| Data | 👤 You | 👑 Admin | 👥 Others |
|---|---|---|---|
| Your UPI ID | ✅ | ✅ | ❌ |
| Referral Status | ✅ | ✅ | ❌ |
| Condition Progress | ✅ | ✅ | ❌ |
| UTR Number | ✅ | ✅ | ❌ |
| UPI History | ❌ | ✅ | ❌ |
25.7 Data Retention
- 📁 Referral records: Until account deletion
- 💳 UPI ID: Deleted on account deletion
- 📋 UPI History: Max 20 records, oldest removed first
- 💰 Payout history: 7 years (legal compliance)
- 📊 Condition progress: Deleted with referral record
25.8 Your Rights & Control
- ✏️ Edit UPI ID anytime from Referral page
- 👁️ View condition progress by clicking any referral
- 🗑️ Delete all data by deleting your account
- 🔒 UPI ID never shared with other users
- 📋 UPI history hidden from you (admin-only for security)
26 🔒 Single Session Protection
Billexa enforces single-session login to protect your account from unauthorized access.
26.1 What is Single Session?
Single Session Protection ensures that your Billexa account can only be actively used on one device or browser at a time. If you log in on a new device, your previous session is automatically terminated.
26.2 How It Works
- 🔐 One Active Session: Only the most recent login session is active
- 🔄 Auto-Detection: System checks every 30 seconds
- ⚠️ Instant Alert: Premium UI popup notifies you immediately
- 🔑 Redirect: Automatically redirected to login page
26.3 What We Track
| Data | Purpose | Retention |
|---|---|---|
| Session ID | Identify current active session | Until logout/new login |
| Session Timestamp | Track when session was created | Until session expires |
| Active Status | Determine if session is valid | Real-time check |
26.4 What We DON'T Track
- ❌ Your GPS or exact physical location
- ❌ Your browsing history on other sites
- ❌ Your device files or personal data
- ❌ Screenshots or screen recordings
- ❌ Keystrokes or form inputs
26.5 When Session is Terminated
Your session is automatically terminated when:
- 📱 New Login: You log in on another device/browser
- 🕐 Auto-Check: System detects mismatch (every 30 seconds)
- 🔒 Manual Logout: You explicitly log out
- ⏰ Session Expiry: After 24 hours of inactivity
26.6 User Experience
- 🎨 Premium UI Alert: Beautiful dark-themed popup notification
- 📱 Mobile Responsive: Works perfectly on all devices
- ⚡ Instant Action: One-click redirect to login page
- 🔐 Clear Message: "Your account was opened on another device"
26.7 Data Security
- 🔐 Session ID stored securely in database
- 🔐 All session checks via encrypted HTTPS
- 🔐 No personal data in session check API calls
- 🔐 Session data auto-cleared on logout
- 🔐 Old sessions permanently removed
26.8 Your Control
- ✅ Automatic: No setup required — works by default
- ✅ Transparent: Clear notification when session ends
- ✅ Instant: Immediate protection on new login
- ✅ No Opt-Out: Mandatory for all accounts (security first)
26.9 Benefits
- 🛡️ Prevent Account Sharing: One account = one user
- 🔒 Stop Unauthorized Access: Old sessions auto-terminated
- 📱 Device Switch Safety: Logout old device when switching
- 🏢 Public Computer Protection: Forgot to logout? Auto-protected!
- 🕵️ Password Leak Protection: If someone logs in, you know instantly
26.10 Data Retention
- Active Session ID: Stored until new login or logout
- Session Timestamp: Updated on each login
- Terminated Sessions: Immediately removed
- No Logs: Session termination events not permanently stored
27 🔥 Community Posts Privacy
27.1 What We Collect
- 📝 Post Content: Text (max 500 chars), images (max 3, 5MB each), product links
- 💬 Comment Content: Text (max 300 chars), timestamps, edit history
- 👤 User Identity: Your name is visible on your posts and comments
- ❤️ Like Data: Which posts and comments you've liked (publicly visible)
- 📅 Timestamps: Post and comment creation and edit times
27.2 What We DON'T Collect
- ❌ Your email or mobile - NEVER shared on posts or comments
- ❌ Your location or IP - NOT linked to posts or comments
- ❌ Your browsing history on other sites
- ❌ Private messages or personal data
27.3 Content Visibility
- 🌐 All posts and comments are public — visible to anyone visiting the feed
- 👤 Your name appears on your posts and comments
- 🖼️ Post images are publicly visible
- 💬 Comment text is publicly visible
- ❤️ Like counts on posts and comments are publicly visible
- 🔗 Product links are publicly accessible
27.4 Image Storage & Security
- ☁️ All post images stored on Cloudinary secure servers
- 🔒 Images encrypted in transit and at rest
- 🗑️ Deleted post images permanently removed from Cloudinary
- 🖼️ Maximum 3 images per post, JPG/PNG/WebP only, 5MB each
- 💬 Comments do NOT support image uploads (text only)
27.5 Data Control
- ✏️ You can edit your posts anytime (text and images)
- 🗑️ You can delete your posts anytime
- 💬 You can edit or delete your comments anytime
- 🖼️ Deleting a post removes all its images from Cloudinary
- ❤️ Deleting a post removes all its likes and comments
- 🔒 Account deletion removes all your posts and comments permanently
27.6 Data Retention
- Active Posts & Comments: Retained until deleted by user or admin
- Deleted Posts: Permanently removed immediately along with all comments
- Deleted Comments: Soft-deleted (hidden from view, retained for moderation)
- Post Images: Deleted from Cloudinary on post deletion
- Like Data: Deleted with the post or comment
27.7 Third-Party Access
- ☁️ Cloudinary: Only stores post images, never accesses content
- 🔒 No advertisers have access to post or comment data
- 🚫 No data sold to third parties
- 👑 Admins can view and remove violating content (posts and comments)
27.8 Your Rights
- ✅ Right to edit or delete your posts and comments anytime
- ✅ Right to control your post and comment content
- ✅ Right to have your data deleted on account closure
- ✅ Posts and comments are deleted within 30 days of account deletion
28 🛒 Buyer Trust Score Privacy
28.1 What is Buyer Trust Score?
Just like sellers have Trust Scores, buyers also get a Trust Score (0-100) based on their marketplace order behavior. This helps sellers evaluate buyer reliability before accepting orders.
28.2 Data We Use for Calculation
| Data Point | Source | Purpose |
|---|---|---|
| Total Orders Placed | Orders DB | Activity level assessment |
| Completed Orders | Orders DB | Reliability measurement |
| Cancelled Orders | Orders DB | Cancellation rate |
| Returned Orders | Orders DB | Return behavior |
| Total Amount Spent | Orders DB | Spending history |
| Account Age | User DB | Account maturity |
28.3 What We DON'T Use
- ❌ Individual product details you viewed
- ❌ Chat message content with sellers
- ❌ Your payment method or UPI details
- ❌ Your browsing history on the platform
- ❌ Other buyers' data for comparison
28.4 Score Visibility
| Who | Can See Score? | Context |
|---|---|---|
| 👤 You (Buyer) | ✅ | AI Assistant, Profile |
| 🏪 Seller | ✅ | Only on Order Detail page for their orders |
| 👑 Admin | ✅ | For platform management |
| 👥 Other Buyers | ❌ | Never visible |
| 🌐 Public | ❌ | Never visible |
28.5 Buyer Badges
Based on Trust Score, buyers get automatic badges:
- 🏆 Trusted Buyer (90-100)
- ⭐ Premium Buyer (75-89)
- 👍 Verified Buyer (60-74)
- 👤 Regular Buyer (40-59)
- 🆕 New Buyer (0-39)
28.6 Score Updates
- 🔄 Auto-update: Score recalculates automatically on every order event (created, completed, cancelled, returned)
- ⚡ Real-time: Changes reflect immediately after order status changes
- 📊 Formula: Based on orders completed, completion rate, cancellation rate, returns, spending, and account age
28.7 Data Retention
- 📁 Buyer stats retained while account is active
- 🗑️ All buyer trust data deleted on account deletion
- 📊 Score history not stored — only current score