Privacy Policy
Last Updated: July 1, 2026
ClarityCA ("we", "our", or "us") is committed to protecting the privacy and security of your data. This Privacy Policy governs our collection, processing, and storage of personal and financial data in compliance with the Digital Personal Data Protection (DPDP) Act, 2023 of India.
1. Data Collection & Processing
As a B2B SaaS platform for Chartered Accountants, we process data on two levels:
- Account Data: Information you provide to create and manage your firm's account (e.g., name, email, billing details, ICAI registration).
- Client Financial Data: Information you upload for reconciliation (e.g., GSTR-2A/2B JSONs, Bank Statements, TDS 26AS). We act strictly as a Data Processor for this information. You remain the Data Fiduciary under the DPDP Act.
2. How We Use Your Data
We use the data collected strictly for the following purposes:
- Providing core services including GST, Bank, and TDS reconciliation via our matching engine.
- Improving our machine learning models for fuzzy matching. Note: Client financial data is anonymized and aggregated before being used to train any internal models.
- Communicating with you regarding platform updates, security alerts, and support.
3. Data Security & Storage
Security is critical to our infrastructure. All data is:
- Encrypted in transit using TLS 1.3 and at rest using AES-256 standard encryption.
- Stored entirely in secure cloud servers located within the territory of India (Mumbai/Delhi regions) to ensure data sovereignty.
We are currently pursuing SOC 2 Type II compliance to independently audit these controls.
4. Data Sharing & Third Parties
We do not sell your data or your clients' data to third parties. We may share limited infrastructure data with vetted Sub-Processors (like AWS or Supabase) strictly for hosting and compute purposes under strict Data Processing Agreements (DPAs).
5. Data Retention & Deletion
Client Financial Data is retained only as long as you maintain an active subscription or until you explicitly delete it from your dashboard. Upon account termination, all uploaded financial documents are permanently wiped within 30 days.
6. Your Rights
Under the DPDP Act, you have the right to access, correct, or request deletion of your personal data. You may exercise these rights directly through your Dashboard settings or by contacting us.
7. Contact Us
If you have any questions regarding this Privacy Policy or our data practices, please contact our Grievance Officer at: founders@clarityca.co.in.