Privacy Policy — GST Surrogate | GSTR-3B Loan Eligibility Tool

📅 Effective Date: 1 June 2025

⚠️ User Responsibility: The use of our website is entirely at your own responsibility. By uploading PDF files and conducting analyses, you acknowledge and accept full responsibility for such actions. GST Surrogate shall not be held liable for any consequences arising from your use of this Service.

📋 Summary: Your PDF files may be used internally to improve our product. We do not share your data with any third party. We do not sell your data. We do not require registration or login to use this Service.

1. Who We Are

GST Surrogate ("we", "our", "us") operates the website at yourdomain.in (the "Service"). We provide a free online tool that allows Indian GST-registered businesses, Chartered Accountants, tax consultants, banks, and NBFCs to upload GSTR-3B PDF files and instantly check loan eligibility, view filing summaries, and generate downloadable reports.

We are not affiliated with, endorsed by, or connected to the Goods and Services Tax Network (GSTN), the Government of India, or any tax or financial regulatory authority.

2. Your Responsibility

The use of this website is entirely at your own risk and responsibility. By accessing the Service and uploading PDF files, you confirm that:

You are authorised to upload and process the documents you submit
You accept full responsibility for the accuracy and legitimacy of files you upload
You acknowledge that results generated by this tool are estimates only and not official tax or credit assessments
You understand that loan eligibility figures are indicative only and do not constitute a guarantee of credit or a formal loan offer
You agree not to hold GST Surrogate liable for any outcome, financial or otherwise, arising from your use of this Service

3. Information We Collect

We collect only what is necessary to operate and improve the Service:

PDF files you upload: Your uploaded GSTR-3B PDF files are processed by our server. These files may be retained internally to improve product accuracy, extraction quality, and loan eligibility calculations. We do not share these files with any third party under any circumstances.
Extracted filing data: Tax values, GSTIN, ARN, and filing period information extracted from your PDFs are held temporarily in a session store to enable report generation and loan calculations. Session data is automatically deleted after 30 minutes of inactivity.
Server logs: Standard web server logs including IP address, browser type, pages visited, and timestamps. Retained for up to 7 days for security and debugging purposes only, then permanently deleted.
Google Analytics (if enabled): Anonymised usage statistics such as page views and session duration. No personally identifiable information is collected or stored.
Google AdSense: Google may collect data to serve personalised advertisements. Please refer to Google's Privacy Policy at policies.google.com/privacy.
Contact form submissions: If you contact us voluntarily, we collect your name, email address, and message solely for the purpose of responding to your enquiry.

4. How We Use Your Data

Your data is used for the following purposes only:

Processing your uploaded GSTR-3B PDFs and generating filing summary reports
Calculating loan eligibility figures based on your extracted GST return data
Internal product improvement — uploaded PDF files and extracted data may be used internally to enhance extraction accuracy, develop new features, and refine loan eligibility calculations
Maintaining service security, detecting abuse, and preventing unauthorised access
Analysing anonymised usage patterns to improve the overall user experience
Responding to support and feedback enquiries you submit through our contact form
Displaying relevant advertisements through Google AdSense to fund the free Service

5. Data Sharing Policy

✅ We do not share your data with any third party. Your GSTIN, tax values, filing history, business data, and uploaded PDF files are never sold, rented, traded, or disclosed to any external organisation, advertiser, data broker, or government body — unless we are legally compelled to do so by a court order or applicable law.

The only third-party services involved in operating this platform are:

Google Cloud (Google LLC): Our hosting and infrastructure provider. Server requests are processed in the Mumbai (asia-south1) region — cloud.google.com/privacy
Google AdSense: Serves advertisements on the page. Google may use cookies for ad personalisation — policies.google.com/privacy
Google Analytics (if enabled): Anonymised, aggregated traffic analysis only — no personally identifiable or business-specific data is shared.

None of these third-party services receive your GSTIN, GSTR-3B data, PDF content, or any business-specific financial information.

6. Data Storage and Security

The Service is hosted on Google Cloud Run in the Mumbai (asia-south1) region. All data transmission between your browser and our server is encrypted using TLS (HTTPS).

Session data (extracted filing information) is stored with automatic expiry after 30 minutes. While we implement industry-standard security measures, no method of electronic transmission is 100% secure. We encourage you to avoid including sensitive personal information in any documents beyond what is contained in a standard GSTR-3B filing.

7. Cookies

We use the following cookies:

Session cookie: A temporary identifier that links your browser session to your extracted filing data. Expires on browser close or after 30 minutes of inactivity.
Google AdSense cookies: Used by Google to serve relevant advertisements. Manage your ad preferences at adssettings.google.com.
Google Analytics cookies (if enabled): Anonymised traffic analysis. Opt out via the Google Analytics Opt-out Browser Add-on.

8. Your Rights (Indian Users)

Under India's Digital Personal Data Protection Act, 2023 (DPDPA), you have the right to:

Know what personal data we hold about you
Request correction of inaccurate personal data
Request erasure of your personal data
Withdraw your consent for data processing at any time
Nominate a person to exercise these rights on your behalf

To exercise any of these rights, please write to us at privacy@yourdomain.in. We will respond within 72 hours.

9. Children's Privacy

This Service is intended solely for adult GST-registered businesses and professionals aged 18 years or older. We do not knowingly collect data from individuals under the age of 18. If you believe a minor has used our Service, please contact us immediately.

10. Changes to This Policy

We reserve the right to update this Privacy Policy at any time to reflect changes in our practices or applicable legal requirements. All updates will be posted on this page with a revised effective date. Continued use of the Service following any changes constitutes your acceptance of the updated policy. We recommend reviewing this page periodically.

11. Contact

For privacy-related questions, data requests, or concerns, please contact us at:
📧 privacy@yourdomain.in
🌐 Contact Form

🔒 Privacy Policy