LogoiKnowIncomeTax

Legal

Privacy Policy

Effective: 10 July 2026 · Last Updated: 10 July 2026

1. Who We Are

iKnowIncomeTax is website platform operated by M/s VY HUF, based in Dehradun, Uttarakhand, India. TxQUBE-iKnowIncomeTax and TxQUBE-Accounts are sub products/sub-platforms under iKnowIncomeTax. We are committed to protecting the privacy of your data and the sensitivity of your clients' tax information.

Grievance Officer: To be Appointed (Grievance Officer, M/s VY HUF) · grievance@iknowincometax.com

Appointed as required under the Digital Personal Data Protection (DPDP) Act, 2023.


2. What Data We Collect

Account Data

Name, email address, and password (stored as a secure hash — we never see your plain text password).

Client & Case Data You Upload

Client names, income tax notices (PDFs), supporting documents, and other case notes and details. This data belongs to you and your clients.

Payment Data

Payments are handled by Razorpay. We do not store your card number, CVV, or banking credentials — only a transaction confirmation token.

Communications & WhatsApp Data

If you contact us or opt in to WhatsApp updates, we process your phone number and the content of messages you exchange with us, via the Meta WhatsApp Business Platform, to provide support and (with your consent) send service or marketing updates. You can opt out at any time.

Usage Data

Pages visited, features used, browser type, IP address, and error logs — used to improve the Platform.


3. How We Use Your Data

DataPurposeLegal Basis
Account dataPlatform accessContract
Uploaded noticesAutomated analysis & draftingContract
Case dataStore your case recordsContract
Payment tokenManage subscriptionsContract
Usage dataImprove the PlatformLegitimate interest
EmailReceipts, alerts, account noticesContract
WhatsApp numberAccount & payment alerts; marketing updates only if you opt inContract / Consent

WhatsApp marketing: We send transactional WhatsApp messages (e.g. payment and account notifications) as part of providing the service. We send marketing messages on WhatsApp (tips, features, offers) only if you gave explicit consent — for example by ticking the optional WhatsApp opt-in at sign-up. You can withdraw consent at any time by replying STOP on WhatsApp or emailing privacy@iknowincometax.com; this does not affect transactional messages.

✅ We do NOT sell your data, use it for advertising, or use your client documents to train any automated systems.

4. Third-Party Service Providers

We use the following trusted infrastructure providers to operate the Platform. Each is bound by their own data processing agreements and applicable law:

ProviderPurposeData Shared
Supabase (USA/EU)Database, Authentication & StorageAll user & case data (encrypted at rest)
Anthropic (Claude), OpenAI (GPT), Google (Gemini)Automated text analysis & response draftingExtracted text content from documents
Google Cloud Vision & LlamaCloudText extraction from scanned PDFs & imagesDocument images (processed and discarded)
Razorpay (India)Payment processingEmail, subscription info
Vercel (USA)Application hostingServer logs, IP address
Resend (USA)Transactional & notification emailsName, email address
Meta WhatsApp Business (USA)WhatsApp support & opt-in updatesPhone number, message content
Upstash (USA)Rate limiting & cachingIP address, request metadata
⚠️ Automated Processing: When you trigger analysis or response drafting, the text content of your notice is securely transmitted to our cloud language processing infrastructure via API. By using these features, you consent to this processing.

5. Data Retention

Data TypeRetention Period
Active account & case dataLifetime of account
After account deletion30-day export window, then permanently deleted
Payment records7 years (Indian accounting law)
Server logs30 days
Anonymized analytics24 months

6. A Note for Tax Professionals About Client Data

You upload data that belongs to your clients (taxpayers). As the Tax Professional, you are the data controller for your clients' data; we are only the data processor.

Your responsibility: Obtain your clients' consent to upload their documents and PAN to a third-party platform before doing so.

Our commitment: Your data is strictly isolated from other users via Row-Level Security enforced at the database level. No professional can access another professional's cases, notices, or client records.


7. Security

  • All data transmitted over HTTPS/TLS (encrypted in transit)
  • Data encrypted at rest
  • Row-Level Security (RLS) enforced at database level — users can only access their own data
  • Session tokens managed via secure, HttpOnly cookies
  • Administrative credentials are server-side only, never exposed to client applications
  • Signed portal cookies prevent session tampering

In the event of a data breach affecting your personal data, we will notify you within 72 hours of becoming aware of the incident.


8. Your Rights, Grievances & Contact

As a data principal under the Digital Personal Data Protection (DPDP) Act, 2023, you have the following rights with respect to the personal data we hold about you:

Right to Access
Know what personal data we hold about you
Right to Correction
Request correction of inaccurate or incomplete data
Right to Erasure
Request deletion of your account and associated personal data
Right to Grievance Redressal
File a complaint about how we handle your data
Right to Nominate
Nominate another individual to exercise your rights in case of death or incapacity

As a convenience, we also let you export your data in a machine-readable format from your account settings.

To exercise any of the above rights, email privacy@iknowincometax.com. We will respond within 30 days.

Grievance Officer: To be Appointed (Grievance Officer, M/s VY HUF) · grievance@iknowincometax.com

M/s VY HUF (operator of iKnowIncomeTax), Dehradun, Uttarakhand, India

Unresolved complaints may be escalated to the Data Protection Board of India once constituted under the DPDP Act, 2023.


9. Data Minimisation in Automated Processing

Before any document text is sent to our language-model sub-processors, the Platform automatically masks direct identifiers:

  • PAN is redacted (e.g. ABCDE1234F is transmitted as ABC******F).
  • Email addresses and phone numbers of your clients are masked.
  • In TxQUBE-Accounts, GSTIN is masked before transmission, because a GSTIN embeds the holder's PAN.

We transmit only the extracted text required for the analysis you request. We do not use your client documents to train any model, and our sub-processors are contractually barred from doing so.

⚠️ Masking reduces, but does not eliminate, the personal data in a document. Notice text may still contain names, amounts and addresses that are necessary for the analysis to be useful.