14routes
Privacy

Your bills are yours alone.

Last updated · 28 May 2026

This page explains exactly what 14routes does with the data you give it. It is short on purpose. If anything here is unclear, write to hello@14routes.com and we will rewrite it.

Who we are

14routes is an accounts-payable automation product for Indian SMEs. The product is operated by Ramesh Jagabattina, sole proprietor, trading as 14routes. Registered business address: H.No. 2-75, behind Gandhi Statue, Gudali Village & Post, Nellore District, Andhra Pradesh – 524413. The data controller for the purposes of the Digital Personal Data Protection Act 2023 is the proprietor named above.

What we collect

When you use 14routes, we collect:

  • Account information. Your email, display name, and the organisation you create. Provided by you at sign-up.
  • Supplier bills you upload. The original PDF or image, and the structured fields we extract from it — seller, GSTIN, line items, totals, taxes, dates.
  • Your vendor master. Vendor names, GSTINs, and addresses you add or edit inside your workspace.
  • Tally settings. Your company name, ledger names, and other voucher-mapping preferences.
  • Basic usage signals. When you logged in, how many bills you uploaded, errors encountered. Used to keep the service running and to debug.

We do not collect or store your TallyPrime credentials, bank details, or any information not present in the bills you upload.

Where your data lives

All bills, vouchers, vendor masters, and account records are stored in Google Cloud, region asia-south1 (Mumbai, India):

  • Firestore — structured records (account, organisation, bills, vendors, settings).
  • Cloud Storage — the original PDF or image of every bill you upload.
  • Vertex AI — Google's managed AI service in the same Mumbai region performs the bill extraction. Your bill content is sent to Vertex for processing and is not retained by Google for model training.

Data does not leave India. There is no cross-border replication. The Firebase Authentication service (for sign-in) is operated by Google and may process minimal authentication metadata globally; the bill content itself does not.

Who can see your data

Every bill, vendor, and setting is scoped to your organisation. Users from other organisations cannot read, query, or guess at your data — this is enforced at the database layer using Firebase Auth custom claims and Firestore security rules.

Within 14routes, access to production data is limited to the operator named above. We access individual records only when you ask us to (e.g., debugging an issue you reported) and only as long as needed to resolve it.

We do not sell your data, and we do not use it to train any AI model.

Sub-processors

To run the service, we rely on these third parties:

  • Google Cloud Platform & Firebase — hosting, database, file storage, authentication, AI extraction (all India region).
  • Razorpay — once paid plans are live, Razorpay processes subscription payments. Razorpay receives your name, email and payment instrument details only; not your bills.

How long we keep it

Your data lives in our systems for as long as your account does. You can delete any bill from the app at any time — that removes both the Firestore record and the original file in Cloud Storage immediately.

If you close your account, all bills, vouchers, vendor records, and settings tied to your organisation are deleted within 30 days. Backup snapshots roll over within 90 days. After that, nothing remains.

Your rights

Under the DPDP Act 2023, you have the right to:

  • Access — ask for a copy of the personal data we hold on you.
  • Correct — fix anything that's wrong.
  • Delete — have it removed, in full.
  • Withdraw consent — at any point, with no effect on data you've already processed.
  • Grievance redressal — write to the operator with any complaint. We will respond within 7 business days.

Email all such requests to hello@14routes.com.

Cookies

We use one essential cookie / local-storage entry to keep you signed in — Firebase Authentication's session token. We do not use cookies for advertising or third-party analytics. No tracking pixels.

Children

14routes is built for businesses. It is not directed at and must not be used by anyone under 18.

Changes to this policy

When we materially change how we handle data, we will update the "Last updated" date above and notify active users by email at least 7 days before the change takes effect.

Contact

For anything privacy-related — questions, data requests, grievances — hello@14routes.com. Full contact details on the Contact page.