Last Updated on July 22, 2025
Changes to this Privacy Policy
Privacy Policy for Tab (Invoice and Warranty Tracking Platform)
Effective Date: May 26, 2025
This Privacy Policy describes how Tab ("we," "us," or "our") collects, uses, processes, and discloses your personal data when you use our mobile application, "TabApp".
At Tab, we are committed to protecting your privacy and ensuring the security of your personal data. We operate in compliance with the provisions of the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information)1 Rules, 2011 (the "SPDI Rules"), and the Digital Personal Data Protection Act, 2023 (the "DPDP Act").
By accessing or using our Platform and Service, you explicitly consent to the collection, processing, and use of your information as described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use our Platform or Service.
1. Definitions
For the purpose of this Privacy Policy:
"Personal Data" or "Personal Information" means any information relating to an identified or identifiable natural5 person (referred to as "Data Principal" under the DPDP Act). This includes, but is not limited to, your name, address, email address, phone number, financial information, and any other data that can directly or indirectly identify you.
"Sensitive Personal Data or Information" (SPDI) refers to Personal Information as defined under the SPDI Rules, which includes: passwords, financial information (such as bank account or credit card or debit card or other payment instrument6 details), physical, physiological and mental health condition, sexual orientation, medical records and history, biometric information, and any other information categorized as sensitive under applicable Indian law. Information that is freely available in the public domain or furnished under the Right to Information Act, 2005, or7 any other law, is not considered SPDI.
"Processing" includes collection, storage, use, disclosure, transfer, and any other operation performed on Personal Data.
"Data Fiduciary" (as per DPDP Act) is the entity determining the purpose and means of processing personal data. For the purposes of this Privacy Policy, Tab is the Data Fiduciary.
"Data Principal" (as per DPDP Act) is the individual to whom the personal data relates. You, as the user of the Platform, are the Data Principal.
"Platform" or "Service" refers to the Tab invoice and warranty tracking platform, including all its related sub-domains, websites, applications, and tools.
"Third Party" means any person or entity other than Tab and the Data Principal.
2. Information We Collect
We collect information that identifies, relates to, describes, is reasonably capable of being associated8 with, or could reasonably be linked, directly or indirectly, with a particular individual or entity. The types of information we collect depend on how you interact with our Platform and the services you utilize.
2.1. Information You Provide to Us Directly:
Invoice and Warranty Details: To provide our core service, you will upload and input information related to your invoices and warranties, including:
Invoice Data: Invoice numbers, dates, vendor names, recipient names, itemized lists of goods/services, quantities, prices, total amounts, tax details, payment status, and any associated notes or attachments (e.g., PDF copies of invoices).
Warranty Data: Product names, serial numbers, purchase dates, warranty start and end dates, warranty providers, terms and conditions, proof of purchase (e.g., scanned receipts or photos), and any associated notes.
Customer/Client Details: For invoices you generate or track for your customers, you may input their names, addresses, contact numbers, email IDs, and other relevant identifying information.
Vendor Details: Names, addresses, contact numbers, email IDs of vendors/sellers.
Communication Data: When you contact us for support, inquiries, or provide feedback, we collect the content of your communications, your contact information, and any other information you choose to provide.
Payment Information: If you subscribe to paid services, we may collect billing details such as billing address, payment method information (e.g., credit card details, UPI IDs, bank account details). However, we do not directly store your full credit card numbers or sensitive financial data. This is processed by our secure third-party payment gateways.
Optional Information: You may choose to provide additional information, such as your profile picture, communication preferences, or other details to personalize your experience.
2.2. Information We Collect Automatically:
Usage Data: We collect information about your interactions with the Platform, including the features you use, the time and date of your access, the pages you view, the invoices/warranties you track, and your navigation paths.
Device and Technical Data: We collect information about the device and network you use to access our Service, including your IP address, browser type, operating system, device identifiers, mobile network information, and application version.
Log Data: Our servers automatically record information that your browser sends whenever you visit9 a website. This log data may include your IP address, browser type and10 settings, the date and time of your request, and referral URLs.
Cookies and Tracking Technologies: We use cookies and similar tracking technologies11 (like web beacons and pixels) to collect information about your Browse activities, preferences, and to improve your experience. Cookies are small data files stored on your device's hard drive or in its memory. For more information, please refer to our Cookie Policy.
2.3. Permissions and Related Data Collection:
To provide you with a smooth and effortless experience, and to enable certain functionalities of the Platform, we may request the following permissions on your device. We will only access this data with your explicit consent and for the purposes outlined below. You can manage these permissions through your device's settings at any time.
Push Notification Permission:
Data Collected: Your device's unique notification token.
Purpose: To send you timely updates related to your invoices (e.g., payment reminders, due dates, status changes) and warranty information (e.g., expiration alerts, service reminders), linked to your registered mobile number or email, ensuring you never miss an important detail.
Camera Permission:
Data Collected: Images captured directly using your device's camera through the Tab app.
Purpose: To allow you to instantly snap and upload physical invoices, receipts, or warranty cards directly into the Platform for quick and convenient tracking. The images are processed to extract relevant invoice/warranty data and then stored securely.
Gallery/Photos Permission:
Data Collected: Access to images and photos stored in your device's photo gallery.
Purpose: To enable you to select and upload digital copies of invoices, receipts, or warranty documents (e.g., screenshots, downloaded images) directly from your photo gallery onto the Platform. The selected images are processed to extract relevant data.
2.4. OAuth Scopes and Google API Permissions
Tab follows Google's OAuth 2.0 Policies and requests only the minimum scopes necessary for core functionality. All requested scopes comply with Google's User Data Policy and undergo required verification processes.
When you connect your Google account to Tab, we request specific permissions through Google's OAuth 2.0 system. Each scope has been carefully selected to provide the least amount of access necessary while enabling Tab's invoice and warranty tracking features.
Gmail API Scopes
Scope: https://www.googleapis.com/auth/gmail.readonly (Sensitive Scope)
Classification: Sensitive scope requiring Google verification
Permission: Read-only access to Gmail messages and metadata
Specific Purpose: Import invoice emails and warranty confirmations for automatic tracking
Data Accessed:
Email headers (sender, subject, date) for invoice identification
Email content only for user-selected messages containing invoices/warranties
Email attachments (PDF invoices, receipts) when explicitly imported by user
Data NOT Accessed:
We do not scan your entire mailbox
We do not access personal correspondence unrelated to invoices/warranties
We do not access deleted or archived emails unless specifically selected
User Control: You select which emails to import; Tab does not automatically access any emails
Justification: This read-only scope is the minimum necessary for invoice email import functionality. We do not require broader access like https://mail.google.com/ as we do not need to send, modify, or delete emails.
Alternative Scope Consideration: We use gmail.readonly instead of broader scopes like gmail.modify or mail.google.com in compliance with Google's minimum scope policy, as our app only reads user-selected email content.
Permission Management:
Revoke Individual Scopes: Visit https://myaccount.google.com/permissions
Granular Control: Enable/disable specific integrations in Tab Settings > Integrations
Real-time Revocation: Changes take effect immediately in the Tab app
3. Purpose of Collection and Use of Your Information
We collect and process your Personal Data and SPDI for the following specific, explicit, and legitimate purposes:
To Provide and Maintain the Service: To register your account, provide you with access to the Platform, enable you to upload, track, and manage invoices and warranties, and ensure the proper functioning of the Service. This explicitly includes enabling Camera, Gallery, and File Manager permissions for convenient document upload, and Push Notification permission for timely alerts crucial to the service's utility.
To Improve and Personalize the Service: To understand how you use our Platform, analyze usage patterns, develop new features, enhance user experience, and tailor the Service to your preferences. This includes leveraging Location data (with your consent) to offer personalized content and localized benefits.
For Communication: To send you important updates, notifications, service announcements, security alerts, technical notices, and administrative messages related to your account and the Service. This specifically leverages Push Notification permission to deliver timely reminders for upcoming warranty expirations or invoice due dates.
For Customer Support: To respond to your inquiries, provide technical assistance, troubleshoot problems, and resolve any issues you may encounter.
For Security and Fraud Prevention: To protect our Platform and users from fraudulent activities, unauthorized access, security breaches, and other harmful acts.
For Billing and Payments: To process payments for our services, manage subscriptions, and send you billing statements.
For Legal Compliance: To comply with applicable Indian laws, regulations, legal processes, and governmental requests, including tax regulations, prevention of money laundering, and other statutory obligations.
For Research and Analytics: To perform data analysis, research, and statistical profiling to understand market trends, improve our algorithms, and develop new products and services (this will primarily be based on anonymized or aggregated data).
For Marketing and Promotions (with consent): With your explicit consent, we may use your contact information and Location data to send you marketing communications about our products, services, offers, and promotions that may be of interest to you, including personalized rewards or alerts for your area. You will always have the option to opt-out of such communications.
4. Legal Basis for Processing Your Personal Data
We process your Personal Data based on the following legal grounds as per Indian data protection laws:
Consent: We will obtain your free, specific, informed, unconditional, and unambiguous consent, with a clear affirmative action, for processing your Personal Data for specified purposes, especially for collecting SPDI or for marketing activities. You have the right to withdraw your consent at12 any time, which will not affect the lawfulness of processing based on consent before its withdrawal.
Contractual Necessity: Processing is13 necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (e.g., providing you with the invoice and warranty tracking service).
Legal Obligation: Processing is necessary for compliance with a legal obligation to which Tab is subject (e.g., maintaining records for tax purposes, responding to lawful government requests).
Legitimate Interests: Processing is necessary for the legitimate interests pursued by Tab or by a third party, except where such interests are overridden by your fundamental rights and freedoms. This includes interests such as improving our Service, preventing fraud, ensuring network and information security, and providing customer support.
5. Sharing and Disclosure of Your Information
Cloud Infrastructure Providers:
Google Cloud Platform
Amazon Web Services (AWS)
Purpose: Data hosting, storage, and computing services
Analytics and Performance:
Google Analytics (with IP anonymization)
Firebase Analytics
Purpose: Understanding app usage and improving user experience
Communication Services:
Firebase Cloud Messaging (for push notifications.
Purpose: Sending account notifications and service updates
We do not sell, rent, or trade your Personal Data to third parties for their independent marketing purposes. We may share your information only in the following circumstances and with strict adherence to data protection principles:
With Your Consent: We may share your information with Third Parties if you provide explicit consent for such sharing.
Service Providers: We engage trusted third-party service providers who perform functions on our behalf, such as cloud hosting (e.g., Google Cloud, AWS in India), payment processing, email delivery, analytics, and customer support.15 These service providers are contractually obligated to protect your data and only use it for the purposes specified by us and in compliance with this Privacy Policy and applicable laws.
Business Transfers: In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your Personal Data may be transferred16 to the acquiring entity as part of the transaction. We will notify you17 via email and/or a prominent notice on our Platform of any such change in ownership or control of your Personal Data.
Legal Requirements and Law Enforcement:18 We may disclose your information if required19 to do so by law or in the good faith belief that such action is necessary to:
Comply with a legal obligation, court order, or governmental request.
Protect and defend the rights or property of Tab.
Prevent or investigate possible wrongdoing in connection with the Service.
Protect the personal safety of users of the Service or the public.
Protect against legal liability.20
Aggregated or Anonymized Data: We may share aggregated or anonymized information that cannot reasonably be used to identify you. For example, we may share statistics about the total number of invoices tracked or the average warranty period, without revealing any individual-level data.
6. Data Retention
We will retain your Personal Data21 only for as long as is necessary to22 fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Account Data: We retain your account data for as long as your account is active. If you close your account, we will delete or anonymize your Personal Data within a reasonable timeframe, unless retention is required by law or for legitimate business purposes (e.g., fraud prevention, dispute resolution).
Invoice and Warranty Data: We retain your invoice and warranty data for the duration of your active subscription and for a reasonable period thereafter to facilitate re-subscription or to comply with legal obligations, such as tax record-keeping requirements (typically 7-8 years as per Indian tax laws).
Communications: We may retain records of our communications with you for a reasonable period to help us address future inquiries and improve our customer service.
Upon the expiry of the retention period, or when the purpose for which the data was collected is no longer relevant, we will securely delete, destroy, or anonymize your Personal Data in a manner that prevents its reconstruction.
7. Data Security23
We are committed to protecting your Personal Data from unauthorized access, alteration, disclosure, or destruction. We implement and maintain reasonable security practices and procedures in accordance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the DPDP Act.
Our security measures include:
Encryption: Your data is encrypted both at rest and in transit using industry-standard encryption protocols (e.g., 256-bit AES encryption, SSL/TLS).
Access Controls: Access to your Personal Data is strictly limited to authorized personnel who require access to perform their job functions. We implement robust access controls, including multi-factor authentication.
Physical Security: Our data centers (Google Cloud, AWS) adhere to stringent physical security measures to prevent unauthorized access.
Regular Audits and24 Assessments: We conduct regular security audits and vulnerability assessments to identify and address potential weaknesses in our systems.
Employee Training: Our employees receive regular training on data privacy and security best practices.
Data Backup and Recovery: We maintain comprehensive data backup and recovery procedures to ensure business continuity and data availability in case of unforeseen events.
No Internal Access to Specific Content: We employ automated processes for analyzing invoice and warranty data. No human personnel at Tab are allowed to access or read the specific content of your invoices or warranty documents, beyond what is necessary for automated processing to provide the core service, unless explicitly permitted by you for support purposes and with necessary security protocols.
Despite our efforts, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore,25 while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
8. Your Rights as a Data Principal (as per DPDP Act)
As a Data Principal, you have the following rights concerning your Personal Data:
Right to Access Information about Personal Data: You have the right to obtain from26 us a confirmation as to whether or not your Personal Data is being processed, and where that is the case, access to the Personal Data and information regarding its processing.
Right to Correction and Erasure: You have the right to request the correction of inaccurate or incomplete Personal27 Data and the erasure of your Personal Data when it is no longer necessary for the purposes for which it was collected or when you withdraw consent (where28 applicable).
Right to Grievance Redressal: You have the right to readily available means of grievance redressal in respect of any act or omission of Tab.
Right to Nominate: You have the right to nominate another individual who shall exercise your rights in the event of your death or incapacity.
Right to Withdraw Consent: You have the right to withdraw your consent at any time, where29 processing is based on consent.30 Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. Please note that withdrawing consent may affect your ability to use certain features or the entire Service.
Right to be Forgotten (Conditional): While not explicitly termed "Right to be Forgotten" in DPDP Act, the right to erasure and deletion of data when no longer necessary implicitly covers this.
To exercise any of these rights, please contact our Grievance Officer using the contact details provided in Section 11. We will respond to your request within a reasonable time as stipulated by applicable law.
9. Children's Privacy
Our Service is not directed to individuals under the age of eighteen (18) years.31 We do not knowingly collect Personal Data from children. If we become aware that we have collected Personal Data from32 a child without parental consent, we will take steps to delete that information as quickly as possible. If you believe that we may have collected Personal Data from a child, please contact us immediately.
10. Links to Third-Party Websites
Our Platform may contain33 links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy34 policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of any third-party websites you visit.
11. Contact Information
In accordance with the Information Technology Act, 2000, and the rules made thereunder, including the SPDI Rules and the DPDP Act, you can reach out to us to address your concerns regarding this Privacy Policy or your Personal Data.
Email Address: info@tabapp.club
We will acknowledge your complaint within twenty-four (48) hours and endeavor to resolve it within one (1) month from the date of receipt.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or36 other factors. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top.37 We may also notify you via email or through prominent notices on the Platform prior to the change becoming effective.
Your continued use38 of the Platform after the effective date of the revised Privacy Policy constitutes your acceptance of the updated terms. We encourage you to review this Privacy Policy periodically for any changes.