DrishtiTaxAdvanced AIAnalyse my filing

Privacy Policy

Last updated: 4 June 2026

This policy describes what data DrishtiTax collects, why, how long we keep it, and your choices. It reflects our engineering architecture, not marketing — uploaded documents are processed in memory and never stored.

1. What we process

When you upload a Form 16, AIS JSON, or ITR XML file, the file is read into memory only to detect its format and extract the tax fields needed to compute your savings analysis. The extracted figures are returned to your browser in the response. The uploaded file bytes are discarded before the request completes — they are never written to disk, sent to a third party, or stored in any database.

Maximum upload size is 10 MB. Files above this are rejected before any processing.

2. What we store, and for how long

Our default posture is stateless. The only data we retain is the minimum required to take payment and deliver your report:

  • Uploaded documents & extracted tax fields — not stored. In-memory for the request only (0 days).
  • Generated report PDF — streamed to you and the temporary file deleted immediately (0 days).
  • PDF password (if your Form 16 is encrypted) — used in memory to decrypt, never logged or stored.
  • Payment record (order id, status, amount, timestamps) — retained as required by Indian payment-record regulations.
  • Email address (only if you ask us to email your report) — used to deliver the PDF and pruned after delivery; not used for marketing unless you explicitly opt in.
  • Phone number — stored only if you tick the optional tax-reminder consent box.

To deliver your report reliably even if your browser closes after payment, the report content you see on screen is briefly held server-side between starting checkout and payment confirmation, then cleared as soon as your report is queued for delivery. It contains your tax analysis figures only — never your PAN, Aadhaar, or bank details.

3. What we never collect

We do not ask for or store your PAN, Aadhaar, or bank account number. We do not sell your data, and we do not use your documents to train models.

4. Payments

Payments are processed by Razorpay. We never see or store your full card details — those are handled directly by the payment provider under PCI DSS.

5. Logs & error reporting

Operational logs record request metadata (request id, endpoint, status, timing) and are retained for at most 30 days. Sensitive fields are scrubbed before any log or error report is written. Error reports are retained for at most 90 days.

6. Your choices & deletion

Because uploads are not stored, there is nothing to delete after a session. For any data tied to a payment or email delivery, or to withdraw reminder consent, email us at support@drishtitax.com and we will action your request.

7. Contact

Questions about this policy? Email support@drishtitax.com.