Legal
Privacy Policy
Effective: 01 January 2025 · Last Updated: 04 May 2026
1. Who We Are
iKnowIncomeTax is operated by TaxIQ, India. We are committed to protecting the privacy of your data and the sensitivity of your clients' tax information.
Please Contact at · info@iknowincometax.com
TaxIQ Team
2. What Data We Collect
Account Data
Name, email address, and password (stored as a secure hash — we never see your plain text password).
Client & Case Data You Upload
Client names, PAN numbers, income tax notices (PDFs), supporting documents, and case notes. This data belongs to you and your clients.
Payment Data
Payments are handled by Razorpay. We do not store your card number, CVV, or banking credentials — only a transaction confirmation token.
Usage Data
Pages visited, features used, browser type, IP address, and error logs — used to improve the Platform.
3. How We Use Your Data
| Data | Purpose | Legal Basis |
|---|---|---|
| Account data | Platform access | Contract |
| Uploaded notices | Automated analysis & drafting | Contract |
| PAN / case data | Store your case records | Contract |
| Payment token | Manage subscriptions | Contract |
| Usage data | Improve the Platform | Legitimate interest |
| Receipts, alerts, account notices | Contract |
4. Third-Party Service Providers
We use the following trusted infrastructure providers to operate the Platform. Each is bound by their own data processing agreements and applicable law:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase (USA/EU) | Database, Authentication & Storage | All user & case data (encrypted at rest) |
| Cloud Language Processing Services | Automated text analysis & response drafting | Extracted text content from documents |
| Cloud OCR Service | Text extraction from scanned PDFs & images | Document images (processed and discarded) |
| Razorpay (India) | Payment processing | Email, subscription info |
| Vercel (USA) | Application hosting | Server logs, IP address |
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Active account & case data | Lifetime of account |
| After account deletion | 90 days (for recovery), then permanently deleted |
| Payment records | 7 years (Indian accounting law) |
| Server logs | 30 days |
| Anonymized analytics | Indefinite |
6. A Note for Tax Professionals About Client Data
You upload data that belongs to your clients (taxpayers). As the Tax Professional, you are the data controller for your clients' data; we are only the data processor.
Your responsibility: Obtain your clients' consent to upload their documents and PAN to a third-party platform before doing so.
Our commitment: Your data is strictly isolated from other users via Row-Level Security enforced at the database level. No professional can access another professional's cases, notices, or client records.
7. Security
- All data transmitted over HTTPS/TLS (encrypted in transit)
- Data encrypted at rest
- Row-Level Security (RLS) enforced at database level — users can only access their own data
- Session tokens managed via secure, HttpOnly cookies
- Administrative credentials are server-side only, never exposed to client applications
- Signed portal cookies prevent session tampering
In the event of a data breach affecting your personal data, we will notify you within 72 hours of becoming aware of the incident.
8. Your Rights, Grievances & Contact
As a data principal under the Digital Personal Data Protection (DPDP) Act, 2023, you have the following rights with respect to the personal data we hold about you:
To exercise any of the above rights, email privacy@iknowincometax.com. We will respond within 30 days.
For info: Please Contact · info@iknowincometax.com
TaxIQ, India