Security & Privacy

AI-Powered. Privacy-First.

We believe AI should empower your business — not compromise your privacy. Here's exactly how we keep your sensitive financial data secure while delivering intelligent automation.

Get Early AccessSee How It Works
  • PII masked before AI
  • Hosted in India
  • Payments verified cryptographically

Privacy-First Architecture

AI-Powered. Privacy-First.

We believe AI should empower your business — not compromise your privacy. Here's exactly how we keep your sensitive data safe while delivering intelligent automation.

How Our AI Actually Works

WhisprBill uses a privacy-by-design architecture that completely separates conversation from computation — your real data never touches the AI layer.

1

Intent Parsing Only

The AI reads your natural language request — "Create invoice for ₹50,000" — and understands intent, not your actual business data.

2

PII Masking Before AI

Customer names, GSTINs, amounts, and product details are replaced with placeholders before any request reaches the AI layer.

3

Deterministic Backend

All calculations, GST rates, and business logic run on our secure backend — not through AI. Math is math, not magic.

4

AI as Translator Only

Think of AI as a smart interface layer between you and the system — it makes invoicing conversational, not risky.

Your Data Stays Yours

We don't train AI models on your invoices, customer lists, or financial records. Your business intelligence remains confidential.

No AI Hallucinations in Calculations

GST rates, totals, and tax breakdowns are computed by rule-based algorithms — not generative AI. Your invoices are always mathematically accurate.

Audit-Ready Logs

Every invoice generation is logged with timestamps and user actions — ready for GST audits, financial reviews, and compliance checks.

PII

Masked before AI layer

100%

Data ownership

Zero

AI training on your data

2FA

On all accounts

Security Architecture

Layered protection for your financial data

Built on trusted infrastructure, with security decisions made at every layer of the stack.

PII Masking Before AI

Customer names, GSTINs, phone numbers, and amounts are replaced with placeholders before any request reaches the AI layer. Your actual business data never leaves our database.

  • Real data stays in your DB
  • AI sees anonymised intent only
  • No business data in AI prompts

Encrypted at Every Layer

Data is encrypted both at rest and in transit. Whether your data is stored or moving between your device and our servers, it's always protected.

  • Encrypted at rest
  • TLS in transit
  • Hosted in India

Secure Authentication

Sign in with Google OAuth or email. We use refresh token rotation with tokens stored securely server-side — not in browser storage.

  • Google OAuth support
  • Refresh token rotation
  • Secure server-side storage

Two-Factor Authentication

2FA is live and available on all accounts. We strongly recommend enabling it for anyone with access to financial data.

  • Available on all plans
  • Authenticator app support
  • Adds a second layer to login

Payment Security

Payments are processed by a trusted Indian payment provider — we never handle or store card details. Every payment event is cryptographically verified before any action is taken.

  • No card data stored
  • Webhook signature verification
  • India-native payment processing

Activity & Webhook Logs

Every key action — invoice creation, payment event, login — is logged with timestamps. A full trail for audit and dispute resolution.

  • Invoice & payment event logs
  • Webhook delivery history
  • User activity timestamps

Role-Based Access Control

Assign team members specific roles so they only access what's relevant to their work. Admins control permissions across the workspace.

  • Per-user role assignment
  • Workspace-level controls
  • Admin permission management

Data Portability

Export your complete data — customers, products, invoices, and history — in standard formats at any time. No restrictions, no delays.

  • CSV and JSON export
  • Full history included
  • Export before or after cancelling

Managed Backups

Your database is backed up on a regular schedule by our infrastructure provider. Your data is not at risk from a single point of failure.

  • Automated backup schedule
  • Point-in-time recovery
  • No single point of failure

Our Commitments

What we promise about your data

We Never Sell Your Data

Your customer lists, invoices, and financial information will never be sold or shared with third parties for commercial purposes.

AI Never Sees Your Real Business Data

PII masking ensures that names, GSTINs, amounts, and product details are anonymised before reaching the AI layer. The AI parses intent — not your actual records.

Deterministic Calculations, Not AI Guesses

All GST calculations, tax breakdowns, and invoice totals are computed by rule-based backend logic — not by generative AI. Zero hallucinations on financial figures.

You Own Your Data Completely

Export everything in standard formats at any time. Cancel your account and take all your data with you — no lock-in.

Transparent Data Processing

We clearly document what data we collect, why we need it, and how it's processed. No hidden surprises.

2FA

Available on all accounts

PII

Masked before AI layer

Zero

Card data stored

100%

Data ownership

FAQ

Security & privacy questions

Security you can verify. AI you can trust.

Early access is open. No credit card, no surprises.

Get Early AccessExplore Features
  • PII masked before AI
  • 2FA on all accounts
  • Your data stays yours