Invoice Max - ERP Platform

PRIVACY POLICY

Last updated May 21, 2026



This Privacy Notice for Well Vox ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:
  • Use Invoice Max. Invoice Max, powered by Well Vox, is an all-in-one business management suite designed to simplify accounting, invoicing, payments, inventory, and expense tracking for modern businesses. Built for speed, automation, and accuracy, Invoice Max helps companies manage their financial operations effortlessly while maintaining complete control and transparency. With advanced tools across every essential business function, Invoice Max ensures that users can seamlessly monitor, record, and analyze their financial activities in one unified platform. Advanced Accounting Our intelligent accounting engine automatically updates your books whenever you make a sale or record a purchase. You can generate detailed financial reports, automate bank reconciliation, access audit trails, and maintain perfect accuracy across all transactions. The system also supports E-Invoices, E-Way Bills, GST R-1 & R-2B reports, and automated GST Reconciliation to keep your compliance effortless. Smart Invoicing Create professional invoices within seconds, customize templates, set up recurring billing, and track payment status in real time. Invoice Max helps businesses maintain consistency while reducing manual work and improving customer experience. Secure Payments Accept and manage payments smoothly with integrated gateways. The platform syncs every transaction automatically to keep your financial records updated without manual entry. Inventory Management Track stock levels, monitor product movement, manage suppliers, and automate purchase updates. Inventory tools are built to help you reduce waste, avoid stock-outs, and maintain operational efficiency. Expense Tracking Record and categorize expenses instantly to understand your spending patterns. Upload bills, manage vendors, and monitor costs with full transparency and real-time insights.
  • Engage with us in other related ways, including any marketing or events
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected].


SUMMARY OF KEY POINTS

This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.

Do we process any sensitive personal information? Some of the information may be considered "special" or "sensitive" in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. We may process sensitive personal information when necessary with your consent or as otherwise permitted by applicable law. Learn more about sensitive information we process.

Do we collect any information from third parties? We do not collect any information from third parties.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.

In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties. Learn more about when and with whom we share your personal information.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.

How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.

Want to learn more about what we do with any information we collect? Review the Privacy Notice in full.


TABLE OF CONTENTS



1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
  • names
  • phone numbers
  • email addresses
  • mailing addresses
  • usernames
  • pan number
  • gstin number
Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:
  • social security numbers or other government identifiers
Payment Data. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is handled and stored by Razorpay. You may find their privacy notice link(s) here: https://razorpay.com/privacy/.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Additional Data Processors. In addition to Razorpay, we also share payment and billing data with Cashfree Payments as an alternative payment processor. You may find their privacy policy at https://www.cashfree.com/privacy-policy/. Our platform data is stored and processed on Google Firebase / Firestore (Google LLC), and we use WhatsApp Business API (Meta Platforms Inc.) to enable sharing of invoices and payment reminders. Both are data sub-processors operating under appropriate data processing agreements. Firebase privacy information is available at https://firebase.google.com/support/privacy.

Compliance with Indian Law. Invoice Max operates in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India. As a Data Fiduciary under the DPDP Act, we collect and process personal data only for lawful purposes, with your consent where required, and in accordance with the rights granted to Data Principals (users) under the Act. You have the right to access, correct, and erase your personal data, and to nominate a representative in case of your incapacity or death, as provided under the DPDP Act.

Children's Data. Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected] and we will delete such information promptly.

AI Assistant Data. Invoice Max includes an AI-powered chat assistant to help users fill invoices, search data, and automate tasks. Conversations with the AI assistant may be processed by third-party AI service providers (including Groq Inc.). We do not store raw AI conversation logs beyond the active session. AI responses are informational only and do not constitute legal, tax, or financial advice. We are not liable for any reliance placed on AI-generated content.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies.

The information we collect includes:
  • Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).
  • Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
  • Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

Google API

Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.


2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
  • To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
  • To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
  • To fulfill and manage your orders. We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services.

  • To enable user-to-user communications. We may process your information if you choose to use any of our offerings that allow for communication with another user.

  • To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.
  • To comply with our legal obligations. We may process your information to comply with our legal obligations, respond to legal requests, and exercise, establish, or defend our legal rights.

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents ("third parties") who perform services for us or on our behalf and require access to such information to do that work.

The third parties we may share personal information with are as follows:
  • Advertising, Direct Marketing, and Lead Generation
ZOHO CRM

Distributor and Reseller Network. If you participate in Invoice Max's Distributor or Reseller Network (as a Reseller, Area Head, City Head, or State Head), we collect and process additional business information including your territory details, commission records, bank account information for payouts, and performance data. This information is shared internally within the distributor hierarchy on a need-to-know basis and is not shared with unaffiliated third parties. By joining the network, you consent to this processing.

Data Breach Notification. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and, where feasible, within 72 hours of becoming aware of the breach. Notification will be sent to the email address registered with your account and, where required, to the relevant supervisory authority under applicable law including the Data Protection Board of India under the DPDP Act, 2023. We maintain an incident response plan to contain, assess, and remediate breaches in a timely manner.

  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • When we use Google Maps Platform APIs. We may share your information with certain Google Maps Platform APIs (e.g., Google Maps API, Places API). Google Maps uses GPS, Wi-Fi, and cell towers to estimate your location. GPS is accurate to about 20 meters, while Wi-Fi and cell towers help improve accuracy when GPS signals are weak, like indoors. This data helps Google Maps provide directions, but it is not always perfectly precise. We obtain and store on your device ("cache") your location. You may revoke your consent anytime by contacting us at the contact details provided at the end of this document.

4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

We also permit third parties and service providers to use online tracking technologies on our Services for analytics and advertising, including to help manage and display advertisements, to tailor advertisements to your interests, or to send abandoned shopping cart reminders (depending on your communication preferences). The third parties and service providers use their technology to provide advertising about products and services tailored to your interests which may appear either on our Services or on other websites.

Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

Cookie Consent and Opt-Out. When you first visit our Services, you may be presented with a cookie consent banner. You may accept all cookies, reject non-essential cookies, or manage your preferences. You can also control cookies through your browser settings at any time — most browsers allow you to refuse cookies or delete existing ones. Please note that disabling certain cookies may affect the functionality of our Services. To opt out of interest-based advertising cookies, you may visit http://optout.networkadvertising.org/ or adjust settings in your browser.

Google Analytics

 We may share your information with Google Analytics to track and analyze the use of the Services. The Google Analytics Advertising Features that we may use include: Remarketing with Google Analytics. To opt out of being tracked by Google Analytics across the Services, visit https://tools.google.com/dlpage/gaoptout. You can opt out of Google Analytics Advertising Features through Ads Settings and Ad Settings for mobile apps. Other opt out means include http://optout.networkadvertising.org/ and http://www.networkadvertising.org/mobile-choice. For more information on the privacy practices of Google, please visit the Google Privacy & Terms page.

5. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?

In Short: We offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies.

As part of our Services, we offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies (collectively, "AI Products"). These tools are designed to enhance your experience and provide you with innovative solutions. The terms in this Privacy Notice govern your use of the AI Products within our Services.

Use of AI Technologies

We provide the AI Products through third-party service providers ("AI Service Providers"), including Groq Inc. (llama-3.3-70b-versatile model). As outlined in this Privacy Notice, your input, output, and personal information will be shared with and processed by these AI Service Providers to enable your use of our AI Products for purposes outlined in "WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?" You must not use the AI Products in any way that violates the terms or policies of any AI Service Provider.

Our AI Products

Our AI Products are designed for the following functions:
  • AI automation

How We Process Your Data Using AI

All personal information processed using our AI Products is handled in line with our Privacy Notice and our agreement with third parties. This ensures high security and safeguards your personal information throughout the process, giving you peace of mind about your data's safety.

6. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than forty eight (48) months past the termination of the user's account.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Account Deletion and Data Export. Upon deletion of your account, your business data (invoices, products, contacts, purchase records) will be purged from our active systems within 90 days. Before deletion, you may export your data in PDF or Excel format from within the application. Backup copies may be retained for up to 48 months as stated above for legal compliance purposes only. If you are unable to access your account to export data, please contact [email protected] within 30 days of account expiry to request a data export.

GST and Financial Data Retention. Invoice and GST-related financial records may be retained for up to 8 years in compliance with the GST Act, 2017, the Income Tax Act, 1961, and other applicable Indian tax laws, even after account deletion. This retention is mandatory and cannot be waived.

7. WHAT ARE YOUR PRIVACY RIGHTS?

In Short:  You may review, change, or terminate your account at any time, depending on your country, province, or state of residence.

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, replying "STOP" or "UNSUBSCRIBE" to the SMS messages that we send, or by contacting us using the details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:
  • Log in to your account settings and update your user account.
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

Rights Under the DPDP Act, 2023 (India). As a Data Principal under India's Digital Personal Data Protection Act, 2023, you have the following rights:
  • Right to Access: You may request a summary of personal data we hold about you and the processing activities performed.
  • Right to Correction & Erasure: You may request correction of inaccurate data or erasure of personal data that is no longer necessary, subject to legal retention obligations.
  • Right to Grievance Redressal: You may raise a grievance with our Data Protection Officer (DPO) at [email protected]. We will respond within 30 days.
  • Right to Nominate: You may nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity.
  • Right to Withdraw Consent: You may withdraw your consent to processing at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
  • Right to Complain: If your grievance is not resolved, you may approach the Data Protection Board of India once it is constituted and operational under the DPDP Act, 2023.

Multi-User and Staff Access. Invoice Max allows account owners to add staff members with role-based access. The account owner (primary subscriber) is solely responsible for all actions performed by staff accounts under their subscription. Staff members' access to data is governed by the permissions set by the account owner. We are not liable for unauthorized access or misuse of data by staff members added by the account owner.

If you have questions or comments about your privacy rights, you may email us at [email protected].

8. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

9. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

10. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may contact our Data Protection Officer (DPO) by email at [email protected], or contact us by post at:

Well Vox
Data Protection Officer
Idea Square, Off New Link Rd, Veera Desai Industrial Estate, Andheri West
Mumbai, Maharashtra 400053
India

11. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please fill out and submit a data subject access request.

12. INDIA — DIGITAL PERSONAL DATA PROTECTION ACT, 2023

In Short: We comply with India's DPDP Act, 2023 as a Data Fiduciary and respect your rights as a Data Principal.

Invoice Max (operated by Well Vox) is a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDP Act). We process personal data of users located in India in accordance with the provisions of this Act. Specifically:
  • We collect personal data only for lawful purposes with your explicit or implied consent where required.
  • We do not process personal data for purposes other than those disclosed in this Privacy Notice without fresh consent.
  • We take reasonable technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or loss.
  • We will notify the Data Protection Board of India and affected users in case of a personal data breach, as required by the Act.
  • Our Data Protection Officer (DPO) can be contacted at [email protected] for any privacy-related queries or grievances.
  • We erect and maintain appropriate grievance redressal mechanisms as required under the DPDP Act.
For the avoidance of doubt, processing of personal data of children (persons under 18 years of age) is not permitted on our platform and we do not target children.

13. DATA BREACH NOTIFICATION POLICY

In Short: We will notify you promptly if your personal data is compromised.

In the event that we become aware of a personal data breach that is likely to result in a risk to your rights, we will:
  • Notify affected users via email to their registered email address within 72 hours of becoming aware of the breach (where feasible).
  • Report the breach to the Data Protection Board of India as required under the DPDP Act, 2023.
  • Provide details of the nature of the breach, categories of data affected, likely consequences, and measures taken or proposed to address the breach.
  • Take immediate containment and remediation measures, including password resets, session invalidation, and service isolation where necessary.
If you suspect any unauthorized access to your account, please contact us immediately at [email protected] or [email protected].
Well Vox AI webuildbrands.wellvox.in
bot
Hi there! 👋 I'm the Well Vox AI Assistant. How can I help you today?
Powered by Well Vox