Privacy Policy
Last Updated: January 2025 | Version: 1.0
Table of Contents
1. Information We Collect
1.1 Account Information
When you register for TaxCorp, we collect:
- Full name and professional designation
- Email address and phone number
- Professional credentials (CA number, Bar Council registration, etc.)
- Firm/organization name and address
- GSTIN (for invoicing purposes)
- PAN (for TDS compliance)
1.2 Usage Information
We automatically collect:
- Query text and search parameters
- Uploaded documents (anonymized and encrypted)
- AI interaction history and responses
- Feature usage patterns and preferences
- Login timestamps and IP addresses
- Device information and browser type
1.3 Payment Information
- Billing address and GST details
- Payment method information (processed by third-party payment processors - we do not store credit card numbers)
- Transaction history and invoices
1.4 Communications
- Support tickets and email correspondence
- Feedback and survey responses
- Chat transcripts with support team
2. How We Use Your Information
2.1 Service Provision
- Process AI queries and generate responses
- Maintain and improve platform functionality
- Provide case law search and document analysis
- Track token and query usage limits
- Send service-related notifications
2.2 Billing & Compliance
- Process payments and issue GST-compliant invoices
- Comply with TDS deduction requirements
- Detect and prevent fraud
- Maintain financial records as required by law (7 years)
2.3 Platform Improvement
- Analyze usage patterns to improve AI accuracy
- Develop new features based on user needs
- Monitor performance and fix technical issues
- Aggregate anonymized data for research
2.4 Communication
- Send important service updates and legal notices
- Provide customer support
- Notify about new features or plan changes
- Educational content (with opt-out option)
3. Third-Party Data Sharing
Important Notice
Your query data is shared with third-party AI providers to deliver AI features. By using TaxCorp, you consent to this data sharing subject to third-party privacy policies.
3.1 AI Service Providers
We share query text and uploaded documents (anonymized) with:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| OpenAI (USA) | AI query processing | Query text, documents | United States |
| Anthropic (USA) | AI query processing | Query text, documents | United States |
| Google (USA) | AI query processing | Query text, documents | United States |
| DeepSeek (China) | AI query processing | Query text | China |
| Perplexity AI (USA) | Research queries | Query text | United States |
| xAI (USA) | AI query processing | Query text | United States |
See Third-Party AI Providers Notice for complete privacy policies.
3.2 Infrastructure & Service Providers
- AWS (Amazon Web Services): Cloud hosting (India region)
- Razorpay/Stripe: Payment processing
- SendGrid/AWS SES: Transactional emails
- Twilio: WhatsApp notifications
3.3 What We DO NOT Share
- Your personal contact information
- Client names or identifiable information
- Payment credentials (credit card numbers)
- Login passwords
- Data with marketing/advertising partners
3.4 Legal Disclosures
We may disclose information if required by:
- Valid legal process (court orders, subpoenas)
- Income Tax Department or GST authorities
- Law enforcement agencies for legitimate investigations
- Protection of TaxCorp's legal rights
4. Data Storage & Security
4.1 Data Residency
- Primary data stored in AWS Mumbai (India) region
- Encrypted backups in AWS Singapore (for disaster recovery)
- Query data processed by international AI providers as detailed above
4.2 Security Measures
- Encryption in Transit: TLS 1.3 for all connections
- Encryption at Rest: AES-256 encryption for all stored data
- Access Controls: Role-based access with multi-factor authentication
- Regular Audits: Quarterly security assessments
- Monitoring: 24/7 intrusion detection and logging
- Backups: Daily encrypted backups with 90-day retention
4.3 Data Breach Notification
In the event of a data breach affecting your personal information:
- You will be notified within 72 hours of discovery
- Notification will include: nature of breach, data affected, mitigation steps
- We will cooperate with your breach notification obligations to clients
5. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Duration of account + 30 days | Service provision |
| Query History | 12 months | Service improvement |
| AI-Generated Documents | 24 months or until deletion | User convenience |
| Payment Records | 7 years | Tax compliance (Income Tax Act) |
| Login Logs | 90 days | Security monitoring |
| Support Communications | 3 years | Service quality |
| Encrypted Backups | 90 days | Disaster recovery |
Upon Account Termination: 30-day grace period for data export, then permanent deletion except for payment records (7-year legal requirement).
6. Your Privacy Rights
Under the Digital Personal Data Protection Act 2023 and IT Act 2000, you have the right to:
6.1 Access
- Request a copy of all personal data we hold about you
- View your query history and usage logs
- Download your AI-generated documents
6.2 Correction
- Update your account information anytime
- Correct inaccurate personal data
6.3 Deletion (Right to be Forgotten)
- Request complete deletion of your account and data
- Delete specific AI-generated documents
- Exception: Payment records retained for 7 years (legal requirement)
6.4 Data Portability
- Export your data in machine-readable formats (PDF, Excel, JSON)
- Provided within 7 business days of request
6.5 Objection to Processing
- Opt-out of marketing communications (service emails are mandatory)
- Request limitations on data processing where legally permissible
How to Exercise Your Rights
Email: privacy@taxcorp.in with your request. We will respond within 30 days.
8. International Data Transfers
Cross-Border Transfers: Your query data is transferred to and processed by AI providers located in the United States and China. These jurisdictions may have different data protection standards than India.
We implement safeguards for international transfers:
- Standard contractual clauses with AI providers
- Data Processing Agreements (DPAs) where available
- Encryption during transfer and at rest
- Limited data sharing (query text only, no PII)
Your consent: By using TaxCorp AI features, you explicitly consent to international data transfers as described in this Privacy Policy and Third-Party AI Providers Notice.
9. Children's Privacy
TaxCorp is intended for professional use by adults 18 years and older. We do not knowingly collect personal information from individuals under 18. If you become aware that a child has provided us with personal data, please contact us immediately.
10. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect:
- Changes in legal requirements or regulations
- New features or service changes
- Improvements in security practices
- Changes in third-party providers
Notification of Changes:
- Material changes: 30 days advance notice via email and in-app notification
- Minor changes: Posted on this page with updated "Last Updated" date
- Continued use after changes constitutes acceptance
11. Contact Us
Data Protection Officer
Email: privacy@taxcorp.in / dpo@taxcorp.in
Address: [Your Company Name and Registered Office Address, Vadodara, Gujarat]
Phone: [Your Contact Number]
Response Time: Within 30 days of request
Filing a Complaint
If you believe your privacy rights have been violated, you may file a complaint with the Data Protection Board of India or contact our Data Protection Officer at the above address.
This Privacy Policy is governed by the laws of India. Jurisdiction: Courts of Vadodara, Gujarat.