Privacy Policy

Version: 2.1, Last updated: 05-Mar-2026

This Privacy Policy explains how we collect, use, share, store, and protect Personal Data when you use our website/platform or interact with us.

1. Scope and our role (Controller / Processor)

EcoBillz processes Personal Data in two primary ways:

A) Customer-provided application data (hotel guest/end-customer data) — Processor role

EcoBillz processes customer-provided data inside our applications, which typically includes hotel guest/end-customer data entered, uploaded, or synced by our hotel/restaurant customers. For this category, EcoBillz generally acts as a Processor, and the customer is the Controller. EcoBillz processes such data only on the customer’s documented instructions and under applicable contractual data processing terms.

B) EcoBillz business data — Controller role

EcoBillz also processes limited Personal Data for its own business operations (for example: account creation for customer admins, billing, vendor management, recruitment/employment, and premises security). For this category, EcoBillz acts as a Controller.

2. Personal Data we process

Depending on your relationship with us, we may process:

  • Customer-provided application data (hotel guest/end-customer data): Personal Data that our customers process using EcoBillz applications (e.g., guest/end-customer details and related service/transaction data required to provide the contracted services).
  • Customer representative data (limited): Business contact details of our customer’s authorised users/representatives (e.g., name, business email, phone, designation) for account administration, support coordination, and contractual communication.
  • Billing and transaction details (invoices, payments, tax-related records where applicable).
  • Communications (support tickets, emails, messages/calls).
  • Recruitment/employment details (resume/CV, interview-related information, HR administration details).
  • Vendor details (onboarding, contracts, bank/payment information).
  • Website/device data required for essential functionality and security (see Cookies section).

We aim to collect and process only what is necessary for the purposes described in this Policy.

3. Why we process Personal Data

We process Personal Data to:

  • Provide and operate our services and website (including processing customer-provided application data to deliver contracted services).
  • Create and administer accounts for authorised customer users, provide support, and communicate with customers.
  • Manage contracts, billing, invoicing, and payments.
  • Recruit and manage employees, and administer HR processes.
  • Onboard and manage vendors/business partners.
  • Maintain safety, security, fraud prevention, and business continuity.
  • Meet legal, regulatory, and contractual obligations.

4. Legal Basis for Processing

Where applicable law requires a legal basis, we rely on one or more of the following:

  • Contract: to provide services or perform contractual obligations.
  • Legitimate interests: to operate, secure, and improve our business and services (balanced with your rights).
  • Consent: where required (you can withdraw consent at any time).
  • Legal obligation: to comply with applicable laws and regulations.

For customer-provided application data (hotel guest/end-customer data), the customer (Controller) determines the lawful basis and purposes; EcoBillz processes the data as a Processor under documented instructions and contractual data processing terms.

5. Cookies

We use only essential cookies that are strictly necessary for core website functionality and security (e.g., session management and security controls).

We do not use non-essential cookies such as advertising/marketing cookies or tracking for behavioural profiling/targeted advertising.

6. Sharing and disclosure

We share Personal Data only where necessary and with appropriate safeguards, such as:

  • Service providers/sub-processors: for hosting, security, support tooling, payment processing, or operational support (under confidentiality and data protection obligations).
  • Business transfers: in connection with a merger, acquisition, or reorganisation (subject to safeguards).
  • Legal/compliance: when required by law or to protect rights, safety, and security.

For customer-provided application data (hotel guest/end-customer data), EcoBillz processes and shares data (where applicable) only as instructed by the customer and per contractual data processing terms.

7. International transfers

If Personal Data is transferred to another country, we implement safeguards required under applicable laws (for example, contractual protections and appropriate security controls).

8. Security safeguards

We apply appropriate technical and organisational measures to protect Personal Data, such as access controls (role-based access and least privilege), encryption and secure transmission where appropriate, logging and monitoring, secure development and change controls, and backups and continuity measures. We also perform vendor due diligence and contractually require security and confidentiality obligations where third parties process data on our behalf. EcoBillz maintains an information security program and is ISO/IEC 27001:2022 certified and SOC 2 Type II certified, which reflects that our security controls have been independently assessed against those frameworks. In the event of a personal data breach, EcoBillz will take reasonable steps to notify affected individuals and the Data Protection Board of India as required under applicable law.

9. Retention and deletion

We retain Personal Data only for as long as needed for the purposes described above and as required by law or contract. We then delete, anonymise, or securely destroy it in accordance with our retention practices and contractual commitments.

10. Your privacy rights

Depending on applicable law, you may have rights to access, correct, delete, restrict/object, portability (where applicable), withdraw consent (where applicable), and lodge a complaint with a supervisory/regulatory authority. If you are a hotel guest/end customer and your data is processed in EcoBillz applications: EcoBillz generally acts as a Processor and the hotel/customer is the Controller. In such cases, you should typically submit your request to the relevant hotel/customer, and EcoBillz will support the customer in responding as required under contractual data processing terms and applicable law. If you are not satisfied with our response to your grievance, you may have the right to approach the Data Protection Board of India.

11. Contact

For privacy requests, questions, or grievances (especially relating to EcoBillz’s Controller processing), contact:

  • Grievance Officer: Mr. Purushottam
  • Email: dpo@ecobillz.com
  • Address: CTS NO. 27/1, 3rd Floor, Nasco Ishaanya Building, Opposite Gogte Petrol Pump, Goaves, Khanapur Road, Tilakwadi, Belagavi (Belgaum), Karnataka, India, 590006

12. Updates to this policy

We may update this Privacy Policy from time to time. The latest version will be posted on our website/platform with an updated “Last Updated” date.