1. Introduction
This Privacy Policy explains how Aanya Technologies ("Company", "we", "us", or "our"), operating TaxNoticeAI ("Platform"), collects, uses, stores, and protects your personal and financial information. We are committed to safeguarding your privacy and handling your data responsibly, in compliance with the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023 (DPDP Act), and other applicable Indian laws.
2. Information We Collect
We collect the following categories of information:
Account Information:
- Full name, email address, phone number
- Firm name and CA membership number (if provided)
- Password (securely hashed — we never store plaintext passwords)
- Google account information (if you sign in via Google OAuth)
Uploaded Documents:
- Tax notices (PDF, image, scanned documents)
- Information extracted from notices: assessee name, PAN number, assessment year, section numbers, demand amounts
- Any documents you upload for analysis
Usage Data:
- IP address, browser type, device information
- Pages visited, features used, timestamps
- Notice analysis requests and draft generation history
Payment Information:
- Subscription plan, billing cycle, payment history
- Payment processing is handled by Razorpay — we do not store your card details
3. How We Use Your Information
We use your information for the following purposes:
- To provide and maintain the Platform's core services (notice analysis, draft generation)
- To create and manage your account
- To process subscription payments and manage billing
- To send transactional emails (verification, password reset, payment receipts)
- To improve our AI models and service quality
- To provide customer support
- To detect and prevent fraud, abuse, or security threats
- To comply with legal obligations
4. AI Processing Disclosure
TaxNoticeAI processes your uploaded documents using artificial intelligence services. This involves:
- OCR (Optical Character Recognition) to extract text from scanned documents
- AI language models (Anthropic Claude, OpenAI) to analyze notice content and generate draft replies
- Embedding models to search relevant legal precedents in our database
Document content may be transmitted to third-party AI service providers (Anthropic, OpenAI, Google Cloud Vision) for processing. These providers are bound by their own privacy policies and data processing agreements. We do not allow these providers to use your data for training their models.
5. Data Sharing
We do not sell your personal or financial data. We may share your information with:
- AI Service Providers: Anthropic, OpenAI, Google Cloud Vision — for document processing and analysis
- Payment Processor: Razorpay — for subscription billing and payment processing
- Email Service: Resend — for transactional email delivery
- Legal Authorities: When required by law, court order, or government request
6. Data Security
We implement industry-standard security measures to protect your data:
- All data transmitted via HTTPS/TLS encryption
- PAN numbers encrypted at rest using AES-256 encryption
- Uploaded documents encrypted at rest
- Passwords hashed using bcrypt
- JWT tokens with JTI blacklist for session management
- Rate limiting and account lockout protection
- Regular security reviews and updates
While we employ robust security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.
7. Data Retention
We retain your data for as long as your account is active and as needed to provide services. Upon account deletion:
- Account information is deleted within 30 days
- Uploaded documents are permanently deleted within 30 days
- AI-generated drafts and analysis history are deleted within 30 days
- Payment records may be retained for up to 7 years for tax and legal compliance
- Aggregated, anonymized analytics data may be retained indefinitely
8. Cookies and Tracking
TaxNoticeAI uses essential cookies for authentication and session management. We may also use analytics cookies (Google Analytics) to understand Platform usage patterns. You can control cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features.
9. Your Rights (DPDP Act)
Under the Digital Personal Data Protection Act, 2023, you have the following rights:
- Right to Access: Request a summary of your personal data and processing activities
- Right to Correction: Request correction of inaccurate or incomplete personal data
- Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
- Right to Grievance Redressal: File a complaint with our Grievance Officer or the Data Protection Board of India
- Right to Nominate: Nominate an individual to exercise your rights in case of death or incapacity
To exercise any of these rights, contact us at support@niftydesk.app.
10. Third-Party Links
The Platform may contain links to third-party websites or services (e.g., IndianKanoon, income tax department). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.
11. Children's Privacy
TaxNoticeAI is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Platform at least 15 days before they take effect. The "Last updated" date at the top reflects the most recent revision.
13. Contact Us
For any questions or concerns about this Privacy Policy or your data, contact us at support@niftydesk.app. You may also contact our Grievance Officer for privacy-related complaints.