Can I pick my own price?

No. Pia spends 30 days getting to know your shop, then names your price. You can decline, but you can't haggle. Everyone — small chemist or busy clinic-attached pharmacy — gets the same complete product.

Do you ever raise the price?

Never. Not on renewal, not because we shipped a new feature, not because model prices went up. The number Pia names on day 31 is the number forever — unless you ask us to lower it or your shop slows down.

What if my shop gets slower?

Pia drops your price on her own. If your shop has been quieter for a sustained stretch, she'll move you down a bracket for the next 3 months — no application, no clawback, no phone call. The only direction your price ever moves is down.

What if I also run a clinic?

It's all one Pia. One number. We don't split by vertical — every Pia tool, every role, every surface is included whether you run a pharmacy, a clinic, or both side by side.

Are there per-user or per-action charges on top?

No. The locked monthly price is the only price. Unlimited AI drafts, unlimited OCR, unlimited WhatsApp messages, every role free to use, no metered surprises on your bill.

How long is the free trial?

30 days. No credit card required. Full Pia — every role, every tool, unlimited use. At end-of-trial Pia proposes your locked monthly price; you can decline and walk away, no obligation.

What does Pia replace in my shop?

Most pharmacies running Pia switch off Marg or Tally for daily operations — billing, inventory, expiry, supplier receipts, daily standups, customer follow-ups. Some keep them for GST filing for now. We handle that import too.

16 May 2026 · 9 min read

Your books stay yours

A serious account of what happens to your shop's data after Pia has it — who can ask for it, what we will hand over, what we will not, and the specific structural reasons your concerns about government oversight are taken seriously here.

Boundary without aggression — the shop's books stay in the shop's hands.

Most shop owners I talk to are not particularly worried that a foreign social-media company will see what their pharmacy sold last Tuesday. They are worried about a much closer, much more familiar surveillance: the GST officer, the income-tax notice, the drug inspector, the fishing expedition that turns "your records, please" into six months of correspondence with someone in Delhi.

That worry is reasonable. It's also the thing that has kept thousands of small shops on paper books and unconnected billing software for a decade longer than it should have. Owners aren't refusing modernity. They're refusing the bargain that comes with it — put your books on a cloud someone else controls, and any agency that wants them gets a side door we don't get to see.

This post is the long version of why that bargain isn't the bargain we offer. It's specific, it's not lawyerly, and it doesn't pretend the law doesn't exist.

The honest starting point

We are a company registered in India. We are subject to Indian law. When a court of competent jurisdiction issues us a valid, specific, properly-scoped order to produce records, we will produce those records. We do not break the law for any customer, and you should be skeptical of any vendor that promises they will.

Everything below is about the surface area between the law's reach and the bargain you accept by digitizing your shop. That surface area is large. Most vendors collapse it to nothing. We don't.

What we will not do, ever

There's a short list of things we hold ourselves to that you should know about up front. None of these require a special plan or a paid feature; they're how the company is built.

We do not proactively share your data with any government agency. No automated GST return filing without your review. No "you've turned over ₹X this quarter" report flowing to anyone's database. The shape of your transactions is between you and your CA. If a regulator asks specifically and lawfully, that's a different conversation — and you get notified.

We do not respond to informal requests. A phone call from someone claiming to be an officer is not an order. A WhatsApp message is not an order. A polite email asking us to "share Mr. Sharma's records voluntarily" is not an order. We require written, properly-scoped, lawful demands routed through legal counsel. Most "requests" we receive turn out to evaporate at this step.

We do not share with non-government third parties without your documented instruction. Your bank does not get to see your sales when they're considering your loan application — unless you tell us to share. Your insurance company does not get it. Your distributor does not get it. Your franchisor, if you're a franchisee, does not get more than the cross-tenant relationship explicitly grants. Every one of these is a separate, granular consent that you control.

We do not train AI models on your shop's data without your written, separately-collected opt-in. Opt-in is never bundled with feature access. The default is no. The opt-in form is one page in plain language, and is revokable with one tap.

We do not retain data longer than we have to. Legally-required retention is real (GST has an 8-year window). Beyond that, your data is deleted on schedule. Data that doesn't exist cannot be produced under a future fishing expedition.

We do not build features designed to help authorities surveil shops. No "regulator portal." No "compliance dashboard" that flows your numbers somewhere upstream. If a regulator wants visibility, they go through the door every other litigant goes through.

What protects you structurally

These are not promises that depend on us being noble. They are the result of how the system is built.

Each shop's data is encrypted with its own key. A demand for "all of Pia's data on pharmacies in District X" hits a structural wall: we don't have a single database to hand over. We have a thousand isolated stores with a thousand keys. Any data production has to be shop-by-shop, with specific identifiers — Shop A's records for the dates Y to Z. The legal cost of a fishing expedition becomes the legal cost of a thousand specific subpoenas. That cost is the protection.

A thousand vaults, a thousand keys. No single door to walk through.

We don't aggregate across tenants for surveillance-shaped questions. The product genuinely cannot answer "which pharmacies in MP filed a GSTR mismatch greater than 8% last quarter." Not because we'd refuse to run that query — because the query isn't possible. The architecture decided that years ago, before any regulator asked.

Every read of your data leaves a trace. When we access your data — for support, for a feature, for any reason — that read is logged, timestamped, and shows up in your audit trail. You see when our team has looked. You see for how long. You see why. We will be embarrassed, in writing, in your own logs, if we look at your data when we shouldn't.

Government data requests trigger your notification. Inside 7 days of receiving any government request that targets your shop's data, you get a notification — what was asked, who asked, what we plan to produce, when. The only exception is a court-ordered gag, which is itself rare for an SMB matter and which we publish in aggregate in our annual transparency report. If a gag ever applies to your shop, you will know about it within hours of the gag lifting.

Inside 7 days: what was asked, who asked, what we plan to produce, when.

Your CA, not us, files your returns. GSTR-1, GSTR-3B, ITR — these are filed by you or your CA, from your account, with your credentials. We never have the GST portal password. We never auto-file. When we say "draft return ready," we mean ready for your CA to look at, edit, and submit. The submission is yours.

What happens when the doorbell rings

Specific scenarios, with the specific behavior. Most shops never see most of these. A serious vendor should still have an answer for each.

A GST officer visits your shop and asks for digital records. The officer is entitled to your records under Section 67 of the CGST Act. They get them from you, not from us. The export-and-share button is in your hand. You can produce exactly the date range the notice specifies. You don't have to hand over your phone, your laptop, or your tenant credentials. Pia's role here is to make the export fast, complete, and properly formatted — so the visit is short.

An income-tax notice arrives. Same answer. The notice is to you; the response comes from you. We make your records easy to assemble. We don't communicate with the IT department on your behalf, ever.

A drug inspector demands the Schedule H register. This is statutory; you're required to maintain it. Pia has it. You produce the date range requested. Done. The inspector does not get a Pia login. The inspector does not get historical data outside the scope of their visit.

The CGST receives a directive asking us, the platform, for "data on pharmacies operating in District X." This is the fishing expedition. Our response: the request is overbroad and non-specific; please re-issue with specific tenant identifiers and a specific date range, supported by the legal basis under the relevant section. Most of these die at that step because the requesting officer doesn't have time to draft seven hundred specific subpoenas. The ones that come back specifically scoped, we respond to within the law — and the affected shops are notified.

A police investigation requests data on a specific customer of a specific shop. We produce only the data within scope of the order. If the order is specific to a transaction window, we produce that window. The shop is notified inside 7 days unless gagged.

A civil litigant subpoenas data through a competitor's lawyer. We resist civil discovery on a higher bar than criminal demands. The other party has to show specific relevance and exhaust less-intrusive means. We move to quash overbroad subpoenas at our own cost. Where the order survives those steps, we produce narrowly and notify you immediately.

Your bank asks us for sales data to evaluate a loan application. We don't share. The bank gets your data when you hand it to them — via a one-click signed export from your Pia account that includes a verifiable signature. Your loan officer can verify the export is genuine; we never speak to your bank directly.

A foreign government data request arrives. We process under MLAT (Mutual Legal Assistance Treaty) channels via Indian authority. We do not respond to direct foreign requests. This matters more than it sounds in a world where data jurisdiction is increasingly contested.

The libertarian read, plainly

The case for the small-shop owner is not that the state has no legitimate interest in their records. It does. The case is that a digital shop should not be more visible to the state than a paper shop ever was. The paper shop's books required someone to physically come to the shop, ask, and accept what was given. The digital shop's books shouldn't be a permanent over-the-shoulder camera operated by anyone with a database admin's password.

Privacy by structure is the answer. Encryption is the answer. Specific consent is the answer. Tenant isolation is the answer. Telling you — when someone has come for your records — is the answer.

These are answers we built before they were trendy, because they were the only answers that made the product worth using for the people we built it for. A shopkeeper who doesn't trust the software with his books is a shopkeeper who never opens it.

What we publish

Annual transparency report. Every January, we publish how many government data requests we received the prior year, broken down by type (criminal warrant, tax investigation, regulatory notice, civil subpoena), the percentage we fully complied with, the percentage we partially complied with, the percentage we refused on procedural grounds, and the percentage challenged in court. The number of gagged requests, in aggregate, with their durations. Every shop owner who was a subject is named to themselves (privately, in their own audit log); the public report uses aggregate numbers only.

Quarterly access audit. Every internal-team access to your data, every quarter, shows up in your audit log. You can request a written quarterly summary from us; we'll send it inside 7 days.

Real-time notification. Government request, internal access, third-party export — every event that touches your shop's data triggers a notification you control.

A direct ask

If you've read this far, you're the shop owner — or the chain owner, or the CA — whose trust we have to earn before any feature matters. Read these promises against any other vendor you've spoken to about digital records. Ask them, in writing, what they would do in each of the eight scenarios above. Compare the answers.

The promise that matters most is the one nobody ever wants to make in writing. We've made it in writing. The next move is yours.

— Akshat, writing from Jabalpur