In private beta, request accessSign in
ShippingBill.ai

Trust

DPDP compliance.

ShippingBill Technologies Pvt Ltd is a Data Fiduciary under the Digital Personal Data Protection Act 2023. We have implemented the controls required by the DPDP Act and the supplementary DPDP Rules 2025. This page summarises our compliance posture.

Data Fiduciary registration

We have registered as a Data Fiduciary with the Data Protection Board of India. Registration evidence available on request to [email protected].

Privacy notice and consent

Our privacy notice (see /privacy) is written in plain English, with a Hindi translation available on request. Consent is obtained at sign-up for service delivery, and separately for marketing communications. Consent can be withdrawn at any time per channel.

Data Principal rights

Our product surface exposes the four DPDP Data Principal rights: access, correction, erasure, and grievance redressal. Data Principals can exercise these rights from their account settings or by writing to [email protected]. We respond within 7 working days, and where additional time is needed, we communicate the reason and revised timeline.

Data Protection Officer

Our Data Protection Officer is contactable at [email protected]. The DPO has authority and resources to investigate and resolve grievances independent of business pressures.

Breach notification SOP

On detection of a personal data breach, our incident response team activates within 4 hours, scopes the breach within 12 hours, and notifies the Data Protection Board of India and affected Data Principals within 72 hours of becoming aware. The notification includes: nature of breach, categories and approximate volume of data, likely consequences, and measures taken to address it.

Cross-border transfers

We retain customer personal data in Mumbai. The only category of personal data that may transit outside India is the product description text sent to Anthropic for HS classification (US-hosted). Anthropic operates a zero-retention API tier which we use. No identifying personal data accompanies the product description.

Children's data

Our Services are not directed at children. We do not knowingly process personal data of individuals under 18.

Significant Data Fiduciary

We do not currently meet the threshold for Significant Data Fiduciary designation under the DPDP Rules 2025. We monitor our data volumes and will undertake the additional obligations (DPIA, independent audit, etc.) if and when designated.

Annual compliance review

Our DPDP compliance posture is reviewed annually by an external auditor. The annual compliance certificate is available on request.