BillRaja
BillRaja customer portalPortalGet the app
Security

Security for real business workflows.

BillRaja handles invoices, customers, team roles, attendance and subscription state with access control, OTP verification, payment safety, and clear ownership boundaries.

Security themes

Access control, payment safety, OTP protection and business data separation.

  • Encrypted transport and controlled data access
  • Role-based business workflows for teams
  • OTP-based customer bill access
  • Play Billing for paid subscriptions

Authentication and account controls

  • Google Sign-In and phone verification are handled through Firebase Authentication.
  • Single-session protection helps reduce account sharing and unexpected concurrent access.
  • App Check helps confirm requests come from genuine BillRaja clients.
  • Owners stay in control of business workspaces, invitations and role access.

Data storage and access protection

  • Business records sit on Google Firebase infrastructure with encryption in transit and at rest.
  • Firestore rules restrict access so people can only manage data they are allowed to use.
  • Invoice shape and amount relationships are validated to reduce tampering risk.
  • Offline sync keeps the product usable first and reconnects safely later.

Payments and subscription handling

  • Subscription payments are processed through Google Play Billing.
  • Server-side verification is used before paid-plan state changes are accepted.
  • BillRaja does not store card numbers, UPI PINs or raw payment credentials.
  • Plan changes are handled through backend workflows, not only by device-side checks.

Team, attendance and location data

  • Attendance locations are collected only during active check-in or check-out flows.
  • Location is used for geo-attendance verification, not passive background tracking.
  • Roles help separate owner, manager and staff access.
  • Workspace data stays isolated to the relevant business context.

Customer bill viewing

  • Customers verify identity through one-time password sent to their phone.
  • OTP codes are time-limited and single-use.
  • Customer sessions are read-only.
  • Rate limiting helps protect against repeated OTP abuse.
  • Customers only see the bills linked to their phone number.

Responsible disclosure

If you believe you found a security issue in BillRaja, email contact@billraja.com with clear reproduction steps, expected impact and any supporting screenshots or logs.

Please avoid destructive testing, service disruption or access to data that does not belong to you. The best report is the clearest one with the least live impact.