Legal
Privacy Policy
Effective: 10 July 2026 · Last Updated: 10 July 2026
1. Who We Are
iKnowIncomeTax is website platform operated by M/s VY HUF, based in Dehradun, Uttarakhand, India. TxQUBE-iKnowIncomeTax and TxQUBE-Accounts are sub products/sub-platforms under iKnowIncomeTax. We are committed to protecting the privacy of your data and the sensitivity of your clients' tax information.
Grievance Officer: To be Appointed (Grievance Officer, M/s VY HUF) · grievance@iknowincometax.com
Appointed as required under the Digital Personal Data Protection (DPDP) Act, 2023.
2. What Data We Collect
Account Data
Name, email address, and password (stored as a secure hash — we never see your plain text password).
Client & Case Data You Upload
Client names, income tax notices (PDFs), supporting documents, and other case notes and details. This data belongs to you and your clients.
Payment Data
Payments are handled by Razorpay. We do not store your card number, CVV, or banking credentials — only a transaction confirmation token.
Communications & WhatsApp Data
If you contact us or opt in to WhatsApp updates, we process your phone number and the content of messages you exchange with us, via the Meta WhatsApp Business Platform, to provide support and (with your consent) send service or marketing updates. You can opt out at any time.
Usage Data
Pages visited, features used, browser type, IP address, and error logs — used to improve the Platform.
3. How We Use Your Data
| Data | Purpose | Legal Basis |
|---|---|---|
| Account data | Platform access | Contract |
| Uploaded notices | Automated analysis & drafting | Contract |
| Case data | Store your case records | Contract |
| Payment token | Manage subscriptions | Contract |
| Usage data | Improve the Platform | Legitimate interest |
| Receipts, alerts, account notices | Contract | |
| WhatsApp number | Account & payment alerts; marketing updates only if you opt in | Contract / Consent |
WhatsApp marketing: We send transactional WhatsApp messages (e.g. payment and account notifications) as part of providing the service. We send marketing messages on WhatsApp (tips, features, offers) only if you gave explicit consent — for example by ticking the optional WhatsApp opt-in at sign-up. You can withdraw consent at any time by replying STOP on WhatsApp or emailing privacy@iknowincometax.com; this does not affect transactional messages.
4. Third-Party Service Providers
We use the following trusted infrastructure providers to operate the Platform. Each is bound by their own data processing agreements and applicable law:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase (USA/EU) | Database, Authentication & Storage | All user & case data (encrypted at rest) |
| Anthropic (Claude), OpenAI (GPT), Google (Gemini) | Automated text analysis & response drafting | Extracted text content from documents |
| Google Cloud Vision & LlamaCloud | Text extraction from scanned PDFs & images | Document images (processed and discarded) |
| Razorpay (India) | Payment processing | Email, subscription info |
| Vercel (USA) | Application hosting | Server logs, IP address |
| Resend (USA) | Transactional & notification emails | Name, email address |
| Meta WhatsApp Business (USA) | WhatsApp support & opt-in updates | Phone number, message content |
| Upstash (USA) | Rate limiting & caching | IP address, request metadata |
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Active account & case data | Lifetime of account |
| After account deletion | 30-day export window, then permanently deleted |
| Payment records | 7 years (Indian accounting law) |
| Server logs | 30 days |
| Anonymized analytics | 24 months |
6. A Note for Tax Professionals About Client Data
You upload data that belongs to your clients (taxpayers). As the Tax Professional, you are the data controller for your clients' data; we are only the data processor.
Your responsibility: Obtain your clients' consent to upload their documents and PAN to a third-party platform before doing so.
Our commitment: Your data is strictly isolated from other users via Row-Level Security enforced at the database level. No professional can access another professional's cases, notices, or client records.
7. Security
- All data transmitted over HTTPS/TLS (encrypted in transit)
- Data encrypted at rest
- Row-Level Security (RLS) enforced at database level — users can only access their own data
- Session tokens managed via secure, HttpOnly cookies
- Administrative credentials are server-side only, never exposed to client applications
- Signed portal cookies prevent session tampering
In the event of a data breach affecting your personal data, we will notify you within 72 hours of becoming aware of the incident.
8. Your Rights, Grievances & Contact
As a data principal under the Digital Personal Data Protection (DPDP) Act, 2023, you have the following rights with respect to the personal data we hold about you:
As a convenience, we also let you export your data in a machine-readable format from your account settings.
To exercise any of the above rights, email privacy@iknowincometax.com. We will respond within 30 days.
Grievance Officer: To be Appointed (Grievance Officer, M/s VY HUF) · grievance@iknowincometax.com
M/s VY HUF (operator of iKnowIncomeTax), Dehradun, Uttarakhand, India
Unresolved complaints may be escalated to the Data Protection Board of India once constituted under the DPDP Act, 2023.
9. Data Minimisation in Automated Processing
Before any document text is sent to our language-model sub-processors, the Platform automatically masks direct identifiers:
- PAN is redacted (e.g.
ABCDE1234Fis transmitted asABC******F). - Email addresses and phone numbers of your clients are masked.
- In TxQUBE-Accounts, GSTIN is masked before transmission, because a GSTIN embeds the holder's PAN.
We transmit only the extracted text required for the analysis you request. We do not use your client documents to train any model, and our sub-processors are contractually barred from doing so.

