PRIVACY POLICY

In the context of data protection regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), roles are structured as follows:

• You as the Data Controller: Since ezBilling is local desktop software, you have total control over what customer and business data is captured. You act as the sole Data Controller for all operational data entered into the application.
• ezDev is NOT a Data Processor: Because your databases (SQLite for Standard / PostgreSQL for Enterprise) reside strictly on your physical machine or private network, we do not host, access, copy, transmit, or process your operational data. You are solely responsible for compliance regarding consumer information stored within your local ezBilling installations.

ezBilling operates offline-first. The storage layout is designed for maximum security and local isolation:

• Databases: All product listings, customer tables, sale invoices, inventory audits, and reports are saved to your local machine (using a self-contained SQLite file in Standard edition, or a local/networked PostgreSQL database in Enterprise).
• Tauri Stronghold Encrypted Vault: Sensitive keys (such as license verification tokens and your custom third-party AI keys) are encrypted and stored in Tauri Stronghold, an isolated secure vault that prevents unauthorized reads by other applications running on your operating system.
• Backups: All backups are created locally on your storage drive and can be exported as structured spreadsheet files (Excel/CSV) or backup files. We never back up your data to any cloud storage or external server.

ezBilling Enterprise includes an optional AI Assistant feature. To maintain data privacy, eliminate subscription markups, and prevent data leakage, we operate under a Bring Your Own Key (BYOK) model:

• Enabling AI Features: This feature is completely disabled by default. You can optionally enable it within the settings screen of the ezBilling Enterprise application.
• User-Provided API Keys: You must supply your own API credentials for your chosen generative model provider (such as Google Gemini, OpenAI, or run a local model using Ollama).
• Direct Communication: Once configured, the application establishes a direct, encrypted HTTPS connection between your desktop machine and the respective API provider (e.g., Google Generative AI API or OpenAI API). No prompts, contextual data, function calls, or API keys are ever sent to, or routed through, ezDev servers.
• Local Alternatives: For 100% offline and localized AI capability, we support local Ollama servers. This ensures that zero data leaves your local network when using the AI assistant.

To provide updates, prevent piracy, and support essential features, the application performs limited, secure communication with ezDev servers:

• License Activation & Status: When activating ezBilling, the software queries our license servers (`license.ezdev.in`) to validate the key. Periodic background checks run silently to ensure key validity. This validation does not transmit any sales, business, customer, or transaction details.
• Auto-Updates: The application queries our secure update distribution endpoints to check for version changes. If an update is detected, it is pulled and verified via cryptographic signature before installation.

ezBilling supports compliance requirements across key global markets:

• Saudi Arabia (ZATCA Phase 2): ezBilling supports Saudi Arabia’s E-Invoicing requirements (Fatoora). The generation of Cryptographic Stamps, Cryptographic Signatures, UUIDs, and XML e-invoices happens locally on your computer. When clearing or reporting invoices, the application connects directly to ZATCA’s official government API endpoints. No invoice details are transmitted to ezDev.
• European Union (GDPR) & California (CCPA): Because your customer database is stored entirely on your local hardware, you can easily fulfill consumer rights requests (e.g., right to access, right to rectification, right to erasure/deletion). You can search, edit, export to Excel, or delete customer profiles directly from the ezBilling dashboard.
• India (DPDPA 2023): Consistent with India's data protection rules, customer information stays localized on your premises. There is no cross-border transfer of customer personal information by ezDev, as we do not collect or store the data.

You have the absolute right to control your data. ezBilling makes this straightforward:

• Complete Exportability: You can export your entire database (including products, invoice records, customer ledger, vendors, settings) into a single, multi-sheet Excel file at any time with one click.
• Permanent Erasure: To delete your data completely, you can uninstall the application and manually delete the local database directory. This action is irreversible as we do not keep any copies or backups of your database.

If you have questions regarding the local security of the database, configuration of the BYOK AI Assistant, or specific regional ZATCA integrations, please contact our privacy compliance representative:

• Email: business@ezdev.in
• Agency Web: ezdev.in
• HQ Location: Trivandrum, Kerala, India