Privacy Policy
Last updated: 2026-06-08
This Privacy Policy explains how 399apps ("we", "us", "our") — operated by shabuilds (shabuilds.tech) — collects, uses and protects information when you visit 399apps.com or use any of our products: Nidhi Books, Nidhi Inventory and the Books + Inventory bundle.
We sell business software to small and growing businesses, communities and operators — primarily in India, but also internationally. We try to keep this policy short, plain-spoken and honest. If something here is unclear, write to us and we will explain.
Who we are
399apps is a small catalogue of business SaaS — GST-ready accounting and inventory — built and run by shabuilds. We sell our products either as a managed cloud service on 399apps.com, or as a self-hosted licence that you deploy on your own server.
When we say "you" in this policy we mean either a visitor to our website, a customer using one of our products, or — for white-label and self-hosted deployments — an organisation operating a 399apps product under its own brand.
What information we collect
We collect only what we actually need to run the service:
- Account & contact details. Name, work email, company, phone or WhatsApp number, country — collected when you fill the contact form, sign up for a cloud account, request a demo, or write to us.
- Product data on cloud. The business data you put into our products on the 399apps cloud — invoices, GST and TDS records, stock items — is stored on our managed infrastructure on your behalf. We treat it as confidential customer data.
- Product data on self-host. When you self-host a 399apps product, your business and customer data lives entirely on your server. We do not receive it, do not back it up and cannot access it. Optional anonymous product telemetry (whether a deployment is healthy, version numbers) can be turned off.
- Payment information. Cloud subscriptions are billed via UPI, NEFT/RTGS, or via Razorpay/Stripe/Cashfree for cards. We never see or store your full card number; only the cardholder name, last four digits and an opaque token from the payment provider.
- Usage logs. Standard server logs — IP address, user agent, pages visited, timestamps — used for security, debugging and aggregate analytics. We do not run any advertising or ad-profiling trackers on our websites.
- Support conversations. Emails, WhatsApp messages and support tickets you send us, kept for the period required to help you and to improve the product.
How we use your information
We use the information above only for specific, narrow purposes:
- To deliver the products. Host your cloud workspace, run backups, serve your invoices, send transactional emails (account, password, billing, alerts).
- To support you. Respond to questions, debug issues, run guided migrations from Tally / Zoho / QuickBooks when you ask, and help you scope self-host or white-label deployments.
- To keep things safe. Detect abuse, prevent fraud, investigate suspicious activity, and meet our security commitments to you.
- To improve the product. Aggregate usage analytics to understand what features are used, what is broken and what to build next. We do not profile you for advertising.
- To meet legal obligations. GST invoicing, TDS reporting, statutory record-keeping and lawful requests from authorities — only to the extent required.
Cloud vs self-hosted — what changes
This is the most important practical distinction in our service.
On the 399apps cloud, your business data is hosted on infrastructure operated by us using Cloudflare and AWS, with the India region as the default. We are the data fiduciary for your account-level data, and a data processor for the customer-records you put into the apps (your customers, members, candidates, vendors).
On self-host, your data never leaves your server. We do not have credentials, we do not back it up, and you decide who in your team has access. Our role is limited to providing the licensed software, version updates, security patches and (optionally) managed support that you have asked for.
Your rights
You have rights over the personal information we hold about you. Under the Digital Personal Data Protection Act, 2023 (DPDPA) and equivalent laws in other jurisdictions, these include:
- Access. Ask for a copy of the personal data we hold about you and what we do with it.
- Correction. Update or correct anything inaccurate.
- Erasure. Ask us to delete your personal data, subject to records we must keep for legal or tax reasons.
- Portability. Get your data in a standard, machine-readable format. Every 399apps app already supports unlimited CSV / PDF exports of the data you have entered.
- Withdraw consent. Where we rely on your consent (e.g. marketing emails) you can withdraw it at any time without affecting past lawful processing.
- Grievance. Raise a concern with our grievance officer (details at the end of this policy) and, if unresolved, escalate to the relevant data protection authority.
How long we keep information
Account and contact information is kept for as long as you are a customer, and for a reasonable period afterwards to meet legal, billing and audit requirements. Cloud product data is kept while your subscription is active; if you cancel, your data is removed from active systems within 90 days and from backups within a further 30 days.
Anonymous aggregate analytics (e.g. how many invoices were generated last quarter) may be retained without time limit, as it cannot be linked back to you.
On self-host, retention is entirely under your control.
How we keep information safe
We take security seriously because every customer here is running their actual business on our software. Concretely:
- Encryption in transit. All traffic to 399apps.com and our cloud products is served over HTTPS.
- Encryption at rest. Cloud customer data is encrypted at rest on managed infrastructure.
- Daily backups. Cloud customer data is backed up daily and retained for 30 days.
- Access controls. Only a small number of named engineers have production access. Production access is logged and reviewed.
- Self-host. The same product code ships as your self-hosted licence, with versioned releases, signed binaries / images, and migration scripts you can review.
Children's data
399apps products are intended for businesses, professional users and adults. We do not knowingly collect personal data from anyone under 18 for our own purposes.
If you use one of our products to handle data about minors, you are responsible for following applicable laws on the collection and use of children's data, including obtaining valid consent from parents or guardians where required.
International data transfers
Our cloud is India-region by default. For customers outside India, or when we use sub-processors operated from other regions (e.g. Cloudflare edge nodes worldwide), data may be transferred outside India. We use contractual safeguards with these sub-processors to make sure your data remains protected.
White-label and reseller deployments
When you white-label one of our products under your own brand, you are the data fiduciary for your end-customers. 399apps acts as a data processor for the customer data your platform collects. Your end-customers should look at your privacy policy, not ours.
We will sign a data-processing agreement on request. White-label deployments do not change the security and retention commitments we make in this policy.
Changes to this policy
We may update this policy as we add products, change sub-processors or to reflect changes in the law. When we make material changes, we will update the "last updated" date above and, for active customers, send an email to the primary address on the account.
Continued use of our products after the effective date means you accept the updated policy.
Grievance officer & contact
For any privacy question, access or deletion request, or concern about how we are handling your data — please write to us. We aim to respond within 7 working days.
- shabuilds (operator of 399apps)
- India
- Email: [email protected]